ConverTo Video Downloader And Converter 1.4.2 File Download

==================================================================================================================================== | Title : ConverTo Video Downloader & Converter v1.4.2 - Arbitrary File Download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | |...

COMpose-IT CMS 2.0 SQL Injection

==================================================================================================================================== | Title : COMpose-IT CMS v2.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | ...

Joomla JLex GuestBook 1.6.4 Cross Site Scripting

Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/ Demo: https://jlexguestbook.jlexart.com/ Teste...

Cryptolive CMS 1.0 SQL Injection

==================================================================================================================================== | Title : Cryptolive cms v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

Creative Commons Attribution 3.0 SQL Injection

==================================================================================================================================== | Title : Creative Commons Attribution v3.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

Courier Deprixa Pro Integrated Web System 3.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CRM Education Akademik 9.0 Directory Traversal

==================================================================================================================================== | Title : CRM Education Akademik v9.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Comfex CMS 2.0.10 Cross Site Scripting

==================================================================================================================================== | Title : Comfex CMS v2.0.10 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vendor...

Online Diagnostic Lab Management 1.0 SQL Injection

Title: Online-Diagnostic-Lab-Management v1.0 Multiple-SQLi Author: nu11secur1ty Date: 08/01/2023 Vendor: https://www.youtube.com/watch?v=0nA5xfQ5G0g Vendor: https://www.youtube.com/@MayuriK Software:...

General Device Manager 2.5.2.2 Buffer Overflow

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...

COMpose-IT CMS 2.0 Insecure Settings

==================================================================================================================================== | Title : COMpose-IT CMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bi...

Eramba 3.19.1 Remote Command Execution

Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...

City Variety LMS 2.2 Cross Site Scripting

==================================================================================================================================== | Title : cityvariety LMS 2.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

AMSS++ 6.1 SQL Injection

==================================================================================================================================== | Title : AMSS++ V6.1 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

Conference Management Software 3.5.1 SQL Injection

==================================================================================================================================== | Title : Conference Management Software V3.5.1 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

City Variety CMS 1.2 SQL Injection

==================================================================================================================================== | Title : City Variety CMS 1.2 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit |...

CoolAdmin 1.0 SQL Injection

==================================================================================================================================== | Title : CoolAdmin 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendo...

Codoforum 3.4 Arbitrary File Upload

==================================================================================================================================== | Title : Codoforum v3.4 Arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

Uvdesk 1.1.3 Shell Upload

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...

Comfex CMS 2.0.10 SQL Injection

==================================================================================================================================== | Title : Comfex CMS v2.0.10 SqL InJection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

Joomla JLex Review 6.0.1 Cross Site Scripting

Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/jlex-review/ Demo: https://jlexreview.jlexart.com/ Tested on: Windows 10 Pro Impact:...

WordPress Stripe Payment Plugin For WooCommerce 3.7.7 Authentication Bypass

Affected Plugin: Stripe Payment Plugin for WooCommerce Plugin Slug: payment-gateway-stripe-and-woocommerce-integration Affected Versions: = 3.7.7 CVE ID: CVE-2023-3162 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Researcher/s: Lana Codes Fully Patched Version...

CMSsite 1.0 Privilege Escalation

==================================================================================================================================== | Title : CMSsite v1.0 privilege escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.1 32-bit...

Connectix Boards 0.5.2 Remote File Inclusion

==================================================================================================================================== | Title : Connectix Boards v0.5.2 RFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

CMSUsina 2.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : CMSUsina V2.2.3 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

Zomplog 3.9 Cross Site Scripting

Exploit Title: Zomplog 3.9 - Cross-site scripting XSS Application: Zomplog Version: v3.9 Bugs: XSS Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

Buzzy News Viral Lists Polls And Videos 2.5.2 Insecure Settings

====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 2.5.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

AMSS++ 5.16 SQL Injection

==================================================================================================================================== | Title : AMSS++ V 5.16 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

CMSshop 1 Cross Site Scripting

==================================================================================================================================== | Title : CMSshopir v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...

Yourdoctor CMS 1.4 Insecure Direct Object Reference

==================================================================================================================================== | Title : Yourdoctor CMS v1.4 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...

Copyparty 1.8.6 Cross Site Scripting

Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting XSS Date: 23/07/2023 Exploit Author: Vartamtezidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6 Version: =1.8.6 Tested on: Debian Lin...

CMSdosma 5.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : CMSdosma v5.0 Unauthorized Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

Zomplog 3.9 Remote Code Execution

Exploit Title: zomplog 3.9 - Remote Code Execution RCE Application: zomplog Version: v3.9 Bugs: RCE Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux impor...

Keeper Security Desktop 16.10.2 / Browser Extension 16.5.4 Password Dumper

Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Google Dork: NA Date: 22-07-2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.keepersecurity.com/enGB/ Software Link: https://www.keepersecurity.com/enGB/get-keeper.html Version: Desktop App...

CMSninesol 1.0 Cross Site Scripting

==================================================================================================================================== | Title : CMSninesol v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

Copyparty 1.8.2 Directory Traversal

Exploit Title: copyparty 1.8.2 - Directory Traversal Date: 14/07/2023 Exploit Author: Vartamtzidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2 Version: =1.8.2 Tested on: Debian Linux CVE :...

WordPress AN_Gradebook 5.0.1 SQL Injection

!/usr/bin/python3 Exploit Title: WordPress Plugin ANGradebook = 5.0.1 - Subscriber+ SQLi Date: 2023-07-26 Exploit Author: Lukas Kinneberg Github: https://github.com/lukinneberg/CVE-2023-2636 Vendor Homepage: https://wordpress.org/plugins/an-gradebook/ Software Link:...

Joomla iProperty Real Estate 4.1.1 Cross Site Scripting

Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: The Thinkery LLC Vendor Homepage: http://thethinkery.net Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/ Demo:...

mRemoteNG 1.77.3.1784-NB Sensitive Information Extraction

Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Google Dork: - Date: 21.07.2023 Exploit Author: Maximilian Barz Vendor Homepage: https://mremoteng.org/ Software Link: https://mremoteng.org/download Version: mRemoteNG = v1.77.3.1784-NB Tested on:...

CMVC SHOP LMS 2.1.0 SQL Injection

==================================================================================================================================== | Title : CMVC SHOP LMS v 2.1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 74.032-bit ...

DBD E-Commerce 2.0.6 SQL Injection

==================================================================================================================================== | Title : DBD E-Commerce 2.0.6 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bi...

GreenShot 1.2.10 Arbitrary Code Execution

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...

CMSJerusalem Weather Forecast 1.3 Directory Traversal

==================================================================================================================================== | Title : CMSJerusalem Weather Forecast v1.3 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

October CMS 3.4.4 Cross Site Scripting

Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting XSS Authenticated Date: 29 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://octobercms.com Version: v3.4.4 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with...

Codecanyon Bitcoin Tools Suite 1.0 Local File Inclusion

======================================================================================================== | Title : Codecanyon Bitcoin Tools Suite v1.0 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vendor :...

RosarioSIS 10.8.4 CSV Injection

Exploit Title: RosarioSIS 10.8.4 - CSV Injection Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://www.rosariosis.org/ Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip Affected Version: 10.8.4 Category: WebApps Tested on:...

Joomla Solidres 2.13.3 Cross Site Scripting

Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: Solidres Team Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/ Demo: http://demo.solidres.com/joomla...

Western Digital MyCloud Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Western Digital MyCloud unauthenticated command injection', 'Description' = %q This module exploits authentication bypass CVE-2018-17153 and...

B-OBEC V.092019 SQL Injection

==================================================================================================================================== | Title : B-OBEC V.092019 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...