50653 matches found
WinterCMS 1.2.2 Cross Site Scripting
Exploit Title: WinterCMS alertdocument.cookie; //P...
Montage 1.0 Cross Site Scripting
Exploit Title: Montage 1.0 Hotel Booking & Property Selling - Stored XSS Exploit Author: CraCkEr Date: 13/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/montage-a-complete-solution-for-hotel-booking-property-selling/16 Tested on:...
WordPress Force Images Download 1.8 CSRF / SSRF
Exploit Author : Etharus Vulnerability : Cross Site Request Forgery to Server Side Request Forgery Impact : internal ip disclosure , file extension bypass, internal port scan. Product Vendor : Nazakat Ali Version Tested : 1.8 Date : 14/07/2023 Fofa Dork :...
SASS BILLER 1.0 Cross Site Scripting
Exploit Title: SASS BILLER 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/sass-biller-a-sass-based-invoicing-and-billing-platform/19 Tested on: Windows 10 Pro Impact: Manipulate the...
ProjeQtOr Project Management System 10.4.1 Cross Site Scripting
Exploit Title: ProjeQtOr Project Management System V10.4.1 - Multiple XSS Version: V10.4.1 Bugs: Multiple XSS Technology: PHP Vendor URL: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV10.4.1.zip/download Date of found: 09.07.2023 Author:...
Pluck 4.7.18 Remote Code Execution
Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas AΔalarov Tested on: Linux import reques...
ChainCity Real Estate Investment Platform 1.0 SQL Injection
Exploit Title: ChainCity Real Estate Investment Platform 1.0 - SQL Injection Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://script.bugfinder.net/chaincity/ Tested on: Windows 10 Pro Impact: Database Access Description SQL...
Buzzy News Viral Lists Polls And Videos 1.3.1 Insecure Settings
====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 1.3.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
BrightCube LMS 2.0.1 SQL Injection
==================================================================================================================================== | Title : BrightCube LMS v2.0.1 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.0.332-bi...
brsisCMS 1.0.2 SQL Injection
==================================================================================================================================== | Title : brsisCMS v1.0.2 sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
BWD Calendar Manager CMS 0.1.1 SQL Injection
==================================================================================================================================== | Title : bwd calender manager CMS v0.1.1 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Bluelaat 1.0 Beta Insecure Direct Object Reference
==================================================================================================================================== | Title : Bluelat V0.1 beta Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Boomchat 3.0 Shell Upload
==================================================================================================================================== | Title : boomchat-v3.0 remote shell upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit ...
Business Directory Store Finder Local 1.6.4 Information Disclosure
==================================================================================================================================== | Title : Business Directory Store Finder Local v1.6.4 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...
Brigadasoft CMS 2.1 SQL Injection
==================================================================================================================================== | Title : Brigadasoft CMS v2.1 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
BloodBank 1.0 Cross Site Scripting
====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting
==================================================================================================================================== | Title : Bazaar Social Listing Shopping Web PHP Template v2.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
Blogator 0.93 Cross Site Scripting
==================================================================================================================================== | Title : Blogator script v 0.93 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Bigware Shop 2.3 Cross Site Scripting
==================================================================================================================================== | Title : Bigware Shop v2.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation
==================================================================================================================================== | Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.P...
Blogator Script 0.93 Insecure Settings
==================================================================================================================================== | Title : Blogator script v 0.93 Reinstall default Password Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...
pfSense Restore RRD Data Command Injection
class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics:...
Bayfront CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Bayfront-CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
BBAM 1.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : bbam CMS v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
Bigware-Shop CMS 2.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bigware-Shop CMS v2.1 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
BD-Schools LMS 1.0.2 Cross Site Scripting
==================================================================================================================================== | Title : BD-Schools LMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vend...
Bloly 1.3 Add Administrator
==================================================================================================================================== | Title : Bloly v1.3 Add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
Blackboard 2.0.2 Database Disclosure
==================================================================================================================================== | Title : blackboard v 2.0.2 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | ...
BBook 5.7 Shell Upload
==================================================================================================================================== | Title : BBook - BookStore Script System with website v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...
BloodBank 1.0 Insecure Direct Object Reference
====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...
Vaidya-Mitra 1.0 SQL Injection
Title: Vaidya-Mitra 1.0 Multiple - SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...
BKMobile CMS 1.5.0 SQL Injection
==================================================================================================================================== | Title : BKMobile-CMS V1.5.0 Blind SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
ARTISTRY LIMITED LMS 0.5 SQL Injection
==================================================================================================================================== | Title : ARTISTRY LIMITED LMS v 0.5 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Nedal CMS 1.2 SQL Injection
==================================================================================================================================== | Title : Nedal CMS 1.2 Sql injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Atom CMS 2.0 Directory Traversal
==================================================================================================================================== | Title : AtomCMS 2.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Frappe Framework 13.4.0 Remote Code Execution
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...
Asanhamayesh CMS 3.4.6 Directory Traversal
================================================================================================= | Title : Asanhamayesh CMS 3.4.6 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FranΓ§ais V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Dork : Ψ·Ψ±Ψ§Ψ Ω ΩΎΨ΄ΨͺΫΨ¨Ψ§Ω...
Spring Cloud 3.2.2 Remote Command Execution
Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...
ArabInfotech L.L.C CMS 2.0 Cross Site Scripting
==================================================================================================================================== | Title : ArabInfotech L.L.C CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | ...
AtTestimonials CMS 1.2 Missing Authentication
==================================================================================================================================== | Title : AtTestimonials CMS v1.2 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Avidi Media 2.0 Insecure Settings
==================================================================================================================================== | Title : Avidi Media v2.0 - Ultimate Video, Music, Photo and Gif Sharing Script - nulled Insecure Settings Vulnerability | | Author : indoushka | | Tested on :...
Architect HTML And Site Builder 2.2.3 File Upload
==================================================================================================================================== | Title : Architect - HTML and Site Builder V 2.2.3 Remote File Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
XAMPP 8.2.4 Unquoted Service Path
Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...
Banner RotatorCMS 1.0 Database Disclosure
==================================================================================================================================== | Title : Banner RotatorCMS v1.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bi...
WordPress User Registration 3.0.2 Arbitrary File Upload
Description: User Registration = 3.0.2 β Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration β Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...
ARTISTRY LIMITED LMS 0.5 Insecure Settings
==================================================================================================================================== | Title : ARTISTRY LIMITED LMS v 0.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Articart 2.0.1 Cross Site Scripting / Open Redirection
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ C r a C k E r ββ ββ T H E C R A C K O F E T E R N A L M I G H T ββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ βββββ From The Ashes and Dust Rises An...
AVG Anti Spyware 7.5 Unquoted Service Path
Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.avg.com Software Link: https://www.avg.com/en-ww/homepagepc Version: 7.5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36167 PoC C:\Userswmic service get...
ILIAS eLearning Platform XSS / Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below fixed version: see section "Solution" belo...
Boomerang Parental Control App Cross Site Scripting / Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS & Privilege Escalation product: Boomerang Parental Control App vulnerable version: =13.83 only issue 1, rest not fixed CVE number: CVE-2023-36620, CVE-2023-366...