Super Store Finder 3.6 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Microsoft 365 MSO 2306 Build 16.0.16529.20100 Remote Code Execution

Title: Microsoft Outlook ®Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit RCE Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/...

QuickOrder 6.3.7 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial Of Service

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path traversal bypass & Denial of service product: Kyocera TASKalfa 4053ci printer vulnerable version: TASKalfa 4053ci Version = 2VGS000.002.561 fixed version:...

Academy LMS 5.15 Cross Site Scripting

Exploit Title: Academy LMS 5.15 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow...

Inout Blockchain FiatExchanger 3.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

QuickAI OpenAI 3.8.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and...

Qatanna POS Software 1.0 Blind SQL Injection

Exploit Title: Qatanna POS Software 1.0 - Blind SQL Injection Exploit Date: May 07, 2023. CVSS 3.1: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Application Name: Qatanna POS Software Application Version: 1.0 Link: https://www.codester.com/items/42053/qatanna-pos-software...

Mastery LMS 1.2 Cross Site Scripting

Exploit Title: Mastery LMS 1.2 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/mastery/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow...

Inout Blockchain AltExchanger 2.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

QuickJob 6.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Inout Blockchain EasyPayments 1.0.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Virtual Freer 1.57 Cross Site Scripting

==================================================================================================================================== | Title : virtual freer v1.57 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor...

Rukovoditel Project Management CRM 2.4.1 Local File Inclusion

==================================================================================================================================== | Title : Rukovoditel Project Management CRM 2.4.1 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Netlify CMS 2.10.192 Cross Site Scripting

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

Atlas Business Directory Listing 2.13 Cross Site Scripting

Exploit Title: Atlas Business Directory Listing 2.13 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/atlas/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site...

C3iM CMS 2.0 Cross Site Scripting

====================================================================================================================================== | Title : C3iM CMS V2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vendor :...

Balaji CMS 1.03 SQL Injection

==================================================================================================================================== | Title : balaji cms v1.03 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

ZAMAN CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : ZAMAN CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

AppleZeed CMS 2.0 Insecure Settings

==================================================================================================================================== | Title : AppleZeed CMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit...

Basic Inventory Stock Management And Invoicing 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Basic Inventory - Stock Management and Invoicing v2.0 Missing Authorization Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro...

Faculty Evaluation System 1.0 SQL Injection

Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

Zuz CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Zuz CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit | | Vendor :...

Bahardowload CMS 2 Database Disclosure

==================================================================================================================================== | Title : bahardowload cms v2 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

Banner Management CMS 1.0 Database Disclosure

==================================================================================================================================== | Title : Banner Management CMS v1.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

XOO DIGITAL 2.1.0 Cross Site Scripting

==================================================================================================================================== | Title : XOO DIGITAL v2.1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor :...

Lost And Found Information System 1.0 SQL Injection

Exploit Title: Lost and Found Information System v1.0 - SQL Injection Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /php-lfis/admin/?page=systeminfo/contactinformation Tested on: Windows/Linux CVE : CVE-2023-33592 import requests URL of the...

Piwigo 13.7.0 Cross Site Scripting

Exploit Title: Piwigo v13.7.0 - Stored Cross-Site Scripting XSS Authenticated Date: 25 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://piwigo.org Version: 13.7.0 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with any user...

Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Local File Inclusion

==================================================================================================================================== | Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 ASIK LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

CakePHP Test Suite 2.7.0 Cross Site Scripting

==================================================================================================================================== | Title : CakePHP Test Suite v2.7.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...

Apache RocketMQ 5.1.0 Arbitrary Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache RocketMQ update config RCE', 'Description' = %q RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker...

DANGEROUS MAILER-CLONED 2.0 Information Disclosure

==================================================================================================================================== | Title : DANGEROUS MAILER-CLONED V2.0 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

DaillyTools Remote Command Execution

==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...

Gila CMS 1.10.9 Remote Code Execution

Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Date: 05-07-2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import...

AGVirtues Galeria 2.0 SQL Injection

==================================================================================================================================== | Title : AGVirtues Galeria v2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bi...

Archon CMS 3.14 Cross Site Scripting

==================================================================================================================================== | Title : Archon CMS V3.14 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

Super Store Finder PHP Script 3.6 SQL Injection

Title : Super Store Finder PHP Script SQL Injection / Bypass admin login Researcher : Etharus Vendor : Joe Iz, https://superstorefinder.net/ Script Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.6 and below Date : 5 July 2023 FOFA Dork : "designed and buil...

Beauty Salon Management System 1.0 SQL Injection

Exploit Title: Beauty Salon Management System v1.0 - SQLi Date of found: 04/07/2023 Exploit Author: Fatih Nacar Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/ CWE:...

Allhandsmarketing LMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

Advanced HRM 1.6 Insecure Direct Object Reference

==================================================================================================================================== | Title : Advanced HRM v1.6 Reset admin login Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 62.0.3 32-b...

Adveris CMS 3.0 Cross Site Scripting

==================================================================================================================================== | Title : Adveris CMS v3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor :...

Ariadna CMS 0.3 Cross Site Scripting

==================================================================================================================================== | Title : Ariadna CMS v.3 - XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vendor ...

Aathesh Soft CMS 0.3.0 Cross Site Scripting

==================================================================================================================================== | Title : Aathesh Soft CMS v0.3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

ApnaTrademark CMS 2.5 SQL Injection

==================================================================================================================================== | Title : ApnaTrademark CMS V2.5 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

ArticleSetup Script CMS 1.02 Cross Site Request Forgery

==================================================================================================================================== | Title : ArticleSetup Script cms V1.02 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://articlesynergy.com/ ...

Allhandsmarketing LMS 2.0 Insecure Settings

==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

ApPHP MicroCMS 1.0.1 Host Header Injection

==================================================================================================================================== | Title : ApPHP MicroCMS v1.0.1 Host header attack Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

WordPress WP AutoComplete Search 1.0.4 SQL Injection

Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...

POS Codekop 2.0 Shell Upload

Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...