50644 matches found
brsisCMS 1.0.2 SQL Injection
==================================================================================================================================== | Title : brsisCMS v1.0.2 sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Bluelaat 1.0 Beta Insecure Direct Object Reference
==================================================================================================================================== | Title : Bluelat V0.1 beta Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
BWD Calendar Manager CMS 0.1.1 SQL Injection
==================================================================================================================================== | Title : bwd calender manager CMS v0.1.1 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Business Directory Store Finder Local 1.6.4 Information Disclosure
==================================================================================================================================== | Title : Business Directory Store Finder Local v1.6.4 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...
Boomchat 3.0 Shell Upload
==================================================================================================================================== | Title : boomchat-v3.0 remote shell upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit ...
Brigadasoft CMS 2.1 SQL Injection
==================================================================================================================================== | Title : Brigadasoft CMS v2.1 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
BloodBank 1.0 Cross Site Scripting
====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting
==================================================================================================================================== | Title : Bazaar Social Listing Shopping Web PHP Template v2.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
Blogator 0.93 Cross Site Scripting
==================================================================================================================================== | Title : Blogator script v 0.93 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Bigware Shop 2.3 Cross Site Scripting
==================================================================================================================================== | Title : Bigware Shop v2.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation
==================================================================================================================================== | Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.P...
Blogator Script 0.93 Insecure Settings
==================================================================================================================================== | Title : Blogator script v 0.93 Reinstall default Password Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...
pfSense Restore RRD Data Command Injection
class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics:...
Bigware-Shop CMS 2.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bigware-Shop CMS v2.1 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Bayfront CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Bayfront-CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
BBAM 1.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : bbam CMS v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
BD-Schools LMS 1.0.2 Cross Site Scripting
==================================================================================================================================== | Title : BD-Schools LMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vend...
Bloly 1.3 Add Administrator
==================================================================================================================================== | Title : Bloly v1.3 Add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
Blackboard 2.0.2 Database Disclosure
==================================================================================================================================== | Title : blackboard v 2.0.2 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | ...
BBook 5.7 Shell Upload
==================================================================================================================================== | Title : BBook - BookStore Script System with website v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...
BloodBank 1.0 Insecure Direct Object Reference
====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...
ARTISTRY LIMITED LMS 0.5 SQL Injection
==================================================================================================================================== | Title : ARTISTRY LIMITED LMS v 0.5 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Vaidya-Mitra 1.0 SQL Injection
Title: Vaidya-Mitra 1.0 Multiple - SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...
BKMobile CMS 1.5.0 SQL Injection
==================================================================================================================================== | Title : BKMobile-CMS V1.5.0 Blind SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Asanhamayesh CMS 3.4.6 Directory Traversal
================================================================================================= | Title : Asanhamayesh CMS 3.4.6 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Dork : طراح و پشتیبان...
Nedal CMS 1.2 SQL Injection
==================================================================================================================================== | Title : Nedal CMS 1.2 Sql injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Atom CMS 2.0 Directory Traversal
==================================================================================================================================== | Title : AtomCMS 2.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Frappe Framework 13.4.0 Remote Code Execution
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...
AtTestimonials CMS 1.2 Missing Authentication
==================================================================================================================================== | Title : AtTestimonials CMS v1.2 Missing Authentication Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
ArabInfotech L.L.C CMS 2.0 Cross Site Scripting
==================================================================================================================================== | Title : ArabInfotech L.L.C CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | ...
Spring Cloud 3.2.2 Remote Command Execution
Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...
Avidi Media 2.0 Insecure Settings
==================================================================================================================================== | Title : Avidi Media v2.0 - Ultimate Video, Music, Photo and Gif Sharing Script - nulled Insecure Settings Vulnerability | | Author : indoushka | | Tested on :...
Architect HTML And Site Builder 2.2.3 File Upload
==================================================================================================================================== | Title : Architect - HTML and Site Builder V 2.2.3 Remote File Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
XAMPP 8.2.4 Unquoted Service Path
Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...
Banner RotatorCMS 1.0 Database Disclosure
==================================================================================================================================== | Title : Banner RotatorCMS v1.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bi...
ARTISTRY LIMITED LMS 0.5 Insecure Settings
==================================================================================================================================== | Title : ARTISTRY LIMITED LMS v 0.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
WordPress User Registration 3.0.2 Arbitrary File Upload
Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...
Articart 2.0.1 Cross Site Scripting / Open Redirection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
AVG Anti Spyware 7.5 Unquoted Service Path
Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.avg.com Software Link: https://www.avg.com/en-ww/homepagepc Version: 7.5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36167 PoC C:\Userswmic service get...
ILIAS eLearning Platform XSS / Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below fixed version: see section "Solution" belo...
Boomerang Parental Control App Cross Site Scripting / Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS & Privilege Escalation product: Boomerang Parental Control App vulnerable version: =13.83 only issue 1, rest not fixed CVE number: CVE-2023-36620, CVE-2023-366...
MiniTool Partition Wizard ShadowMaker 12.7 Unquoted Service Path
Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...
QuickVCard 2.1 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Game Jackal Server 5 Unquoted Service Path
Exploit Title: Game Jackal Server v5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.allradiosoft.ru Software Link: https://www.allradiosoft.ru/en/ss/index.htm Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36166 PoC C:\Userswmic...
Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities including Unauthenticated RCE product: Siemens A8000 CP-8050 MASTER MODULE 6MF2805-0AA00 Siemens A8000 CP-8031 MASTER MODULE 6MF2803-1AA00...
SmarterTools SmarterMail Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution', 'Description' = %q This module exploits a...
Ekushey Project Manager CRM 5.0 Cross Site Scripting
Exploit Title: Ekushey Project Manager CRM 5.0 - Stored XSS Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/ekushey/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow Attacker...
QuickQR 6.3.7 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
CANDOO Strategic CMS 2.0 SQL Injection
==================================================================================================================================== | Title : CANDOO Strategic CMS V2.0 Auth By pass vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
BuildaGate5 Cross Site Scripting
Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code lik...