Perch 3.2 Cross Site Scripting

Exploit Title: Perch v3.2 - Stored XSS Application: Perch Cms Version: v3.2 Bugs: XSS Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

CMS Ultimate Solutions DreamSus 1.4 Cross Site Scripting

==================================================================================================================================== | Title : CMS Ultimate Solutions DreamSus v1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

CMSctweb Creative 1.0 Cross Site Scripting

==================================================================================================================================== | Title : CMSctweb creative v 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...

CMS Emlak Scripti 2 Cross Site Scripting

==================================================================================================================================== | Title : CMS Emlak Scripti V2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor ...

WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal

==================================================================================================================================== | Title : WordPress - ChurcHope Responsive Themes 4.7.x Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser...

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

====================================================================================================================================== | Title : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1...

WordPress Page Builder KingComposer 2.9.5 Open Redirection

==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.5 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CMS TSS-EST 1.0.0 SQL Injection

==================================================================================================================================== | Title : CMS TSS-EST V1.0.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | ...

CMS NEXIN 2.0 Insecure Settings

==================================================================================================================================== | Title : CMS NEXIN engine v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings

====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

RaidenFTPD 2.4.4005 Buffer Overflow

Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow SEH Date: 18/07/2023 Exploit Author: Andre Nogueira Vendor Homepage: https://www.raidenftpd.com/en/ Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe Version: RaidenFTPD 2.4.4005 Tested on: Microsoft Windows 10 Build 19045 1.-...

CMS SAUDI SOFTECH 5.0.2 SQL Injection

========================================================================================= | Title : CMS SAUDI SOFTECH v5.0.2 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

CMS-Bank Mellat Payment Manager 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : CMS-Bank Mellat Payment Manager v1.0.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

CMS Supported IRF-TH 2.0.6 Cross Site Scripting

==================================================================================================================================== | Title : CMS Supported IRF-TH v2.0.6 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | ...

Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting

Exploit Title: Foody Friend 1.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25 Tested on:...

Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Date: 07/2023 Exploit Author: Ansh Jain @sudoark Author Contact : [email protected] Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting

Exploit Title: Listplace Directory Listing Platform 3.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10...

Joomla! Booking 2.4.9 Account Enumeration

Exploit Title: Joomla! combooking component 2.4.9 - Information Leak Account enumeration Google Dork: inurl:"index.php?option=combooking" Date: 07/12/2023 Exploit Author: qw3rTyTy Vendor Homepage: http://www.artio.net/ Software Link:...

Blackcat CMS 1.4 Cross Site Scripting

Exploit Title: Blackcat Cms v1.4 - Stored XSS Application: blackcat Cms Version: v1.4 Bugs: Stored XSS Technology: PHP Vendor URL: https://blackcat-cms.org/ Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Date of found: 13.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

CMS NaiveScripters 3.0.1 Cross Site Scripting

==================================================================================================================================== | Title : CMS NaiveScripters v3.0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 62.0.3 32-bit | |...

Online Piggery Management System 1.0 Shell Upload

!/bin/bash Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability Date: July 12 2023 Exploit Author: 1337kid Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html Version: 1.0 Tested on: Ubuntu CVE :...

CMS EngePlus 2.0.1 Cross Site Scripting

==================================================================================================================================== | Title : CMS EngePlus v2.0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor...

Backdrop CMS 1.25.1 Cross Site Scripting

Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...

ABB FlowX 4.00 Information Disclosure

Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information Date: 2023-03-31 Exploit Author: Paul Smith Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series Version: ABB Flow-X all versions before V4.00 Tested on: Kali Linux CVE:...

Blackcat CMS 1.4 Shell Upload

Exploit Title: Blackcat Cms v1.4 - Remote Code Execution RCE Application: blackcat Cms Version: v1.4 Bugs: RCE Technology: PHP Vendor URL: https://blackcat-cms.org/ Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Date of found: 13.07.2023 Author: Mirabbas Ağalarov Tested on: Lin...

CMS Made Simple 2.2.17 Server-Side Template Injection

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

statamic 4.7.0 Cross Site Scripting

Title: statamic-4.7.0-File-Inclusion-unsanitized-extension-XSS-Reflected-hijacking-Token-session Author: nu11secur1ty Date: 07.13.2023 Vendor: https://statamic.com/ Software: https://demo.statamic.com/ Reference: https://portswigger.net/web-security/file-upload Description: The statamic-4.7.0...

CMS iQ-Digital 2.0 Cross Site Scripting

==================================================================================================================================== | Title : CMS iQ-Digital v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendo...

CMS porViaX 2.0 SQL Injection

==================================================================================================================================== | Title : CMS porViaX v2.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit | |...

CMS D-Creations 1.0 SQL Injection

====================================================================================================================================== | Title : ِCMS D-Creations v1.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

TP-Link TL-WR740N Directory Traversal

Exploit Title: TP-Link TL-WR740N - Authenticated Directory Transversal Date: 13/7/2023 Exploit Author: Anish Feroz Zeroxinn Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N...

OpenSSH Forwarded SSH-Agent Remote Code Execution

Qualys Security Advisory CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent ======================================================================== Contents ======================================================================== Summary Background Experiments Results...

Hikvision Hybrid SAN Ds-a71024 SQL Injection

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...

PimpMyLog 1.7.14 Improper Access Control

Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...

CMS Made Simple 2.2.17 Cross Site Scripting

Exploit Title: CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting XSS Application: CmsMadeSimple Version: v2.2.17 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author: Mirabbas...

CMS Made Simple 2.2.17 Remote Code Execution

Exploit Title: CmsMadeSimple v2.2.17 - Remote Code Execution RCE Application: CmsMadeSimple Version: v2.2.17 Bugs: Remote Code ExecutionRCE Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author:...

phpFM 1.7.9 Authentication Bypass / Shell Upload

Exploit Title: phpfm v1.7.9 - Authentication type juggling Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.dulldusk.com/phpfm/ Software Link: https://github.com/dulldusk/phpfm/ Version: 1.6.1-1.7.9 Tested on: Ubuntu 22.04 CVE : N/A """ An authentication bypass exists in...

CCOM Events CMS 0.1.02 Arbitrary File Upload

==================================================================================================================================== | Title : CCOM Events CMS v0.1.02 upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...

CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings

==================================================================================================================================== | Title : CMS Nexin Adminisztrációs Központ v1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

Pluck 4.7.18 Remote Shell Upload

Title: pluck-4.7.18 - FI + RCE. Author: nu11secur1ty Date: 07.19.2023 Vendor: https://github.com/pluck-cms/pluck/wiki Software: https://github.com/pluck-cms/pluck Reference: https://portswigger.net/daily-swig/rce Reference: https://portswigger.net/web-security/file-upload Description: The attacke...

Chevereto CMS 3.7.0 HTTP Parameter Pollution

==================================================================================================================================== | Title : Chevereto CMS V3.7.0 HPP Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendo...

Tiva Events Calender 1.4 Cross Site Scripting

Document Title: =============== Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2276 Release Date: ============= 2023-07-05 Vulnerability Laboratory ID VL-ID:...

Chipsa CMS 1.0.2 Cross Site Scripting

==================================================================================================================================== | Title : Chipsa CMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor ...

BookingWizz 5.5.0 SQL Injection

==================================================================================================================================== | Title : BookingWizz v5.5.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit |...

Webile 1.0.1 Cross Site Scripting

Document Title: =============== Webile v1.0.1 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2321 Release Date: ============= 2023-07-03 Vulnerability Laboratory ID VL-ID: ====================================...

RWS WorldServer 11.7.3 Session Token Enumeration

Advisory: Session Token Enumeration in RWS WorldServer Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0 Vulnerabili...

Active Super Shop CMS 2.5 HTML Injection

Document Title: =============== Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2278 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID: ==================================...

PaulPrinting CMS Cross Site Scripting

Document Title: =============== PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2285 Release Date: ============= 2023-07-19 Vulnerability Laboratory ID VL-ID: ===================================...

PaulPrinting CMS Cross Site Scripting

Document Title: =============== PaulPrinting CMS - Search Delivery Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2286 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================...

MojoBox BLE Replay Attack

Exploit Title: MojoBox v1.4 BLE replay attack Exploit Author: Matteo Mandolini Date : 15/03/2023 Vendor Homepage: https://hello.showmojo.com/mojobox/ Version: 1.4 CVE: CVE-2023-34625 BLE Replay attack ShowMojo MojoBox Digital Lockbox with firmware versione prior to 1.4 is vulnerable to...