39001 matches found
Razer Sila - Local File Inclusion Vulnerability
Exploit Title: Razer Sila - Local File Inclusion LFI Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version: RazerSila-2.0.441api-2.0.418 Tested on: Razer...
Online Banquet Booking System 1.0 Cross Site Request Forgery Vulnerability
Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...
Poultry Farm Management System 1.0 Shell Upload Vulnerability
Title: Poultry Farm Management System 1.0 Remote Code Execution RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Redcock-Farm.zip Reference:...
Cain & Abel 4.9.56 - Unquoted Service Path Vulnerability
Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1...
Xerox Versalink Denial Of Service Vulnerability
Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload. + Credits: Mahmoud Al-Qudsi + Website: https://neosmart.net/ + Source: https://neosmart.net/blog/?p=4865 + Media: https://twitter.com/mqudsi and https://twitter.com/neosmart Vendo...
Ab Stealer Web Panel Cross Site Scripting Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: email protected Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab Stealer"...
Movie Rating System 1.0 - SQL injection to Remote Code Execute (Unauthenticated) Exploit
Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only works correctly if...
ECOA Building Automation System Cross Site Request Forgery Vulnerability
ECOA building automation systems suffer from a cross site request forgery vulnerability. Many versions are affected. ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - E...
WordPress WP Sitemap Page 1.6.4 Plugin - Stored Cross-Site Scripting (XSS) Vulnerability
Exploit Title: WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting XSS Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/wp-sitemap-page/ Version: 1.6.4 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress...
Product Key Explorer 4.2.0.0 - (Name) Denial of Service Exploit
Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service POC Discovery by: SajjadBnd Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service DoS Local Tested...
WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Like Button 1.6.0 - Auth Bypass Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service...
Git Submodule - Arbitrary Code Execution Vulnerability
Exploit for linux platform in category local exploits These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git...
aws-cfn-bootstrap Local Code Execution Vulnerability
aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability. aws-cfn-bootstrap local code execution as root ============================================== The latest version of this advisory is available at:...
Adult Script Pro 2.2.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Adult Script Pro 2.2.4 - SQL Injection Vendor Homepage: http://www.adultscriptpro.com/ Software Link: http://www.adultscriptpro.com/order.html Demo: http://www.adultscriptpro.com/demo.html Version: 2.2.4 Category: Webapps Tested...
WebcamXP and Webcam 7 Directory Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability Google Dork: "powered by webcamxp" xhtml css Google Dork: "powered by webcam 7" Date: 2/22/2012 Author: Silent Dream Software Link:...
Joomla Component com_phocagallery SQL injection Vulnerability
Exploit for php platform in category web applications ============================================================= Joomla Component comphocagallery SQL injection Vulnerability =============================================================...
Flatnuke <= 2.5.5 Remote Code Execution
Exploit for unknown platform in category web applications ======================================= Flatnuke FlatNuke 2.5.5 remote commands execution FlatNuke 2.5.5 possibly prior versions remote commands execution a script by rgod at http://rgod.altervista.org form name="form1" method="post"...
Journyx 11.5.4 Cross Site Scripting Vulnerability
Journyx version 11.5.4 suffers from a cross site scripting vulnerability due to mishandling of the errordescription during an active directory login flow. Title: Journyx Reflected Cross Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability...
Ghostscript Command Execution / Format String Exploit
This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 an...
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution Exploit
!/usr/bin/env python -- coding: utf-8 -- TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution Vendor: AAF Digital HD Forum | Atelmo GmbH Product web page: http://www.aaf-digital.info | https://www.atemio.de Affected version: Firmware =2.01 Summary: The Atemio AM 520 HD Full HD...
Dawa pharma 1.0-2022 - Multiple SQL Injection Vulnerabilities
Title: dawa-pharma-1.0-2022 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P0349/best-pharmacy-billing-software-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The email parameter appears t...
OVOO Movie Portal CMS v3.3.3 - SQL Injection Vulnerability
Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host: localhost Cookie:...
RWS WorldServer 11.7.3 - Session Token Enumeration
Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Dork: /modules/winbizpayment/downloads/download.php country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Vendor Homepage:...
Optoma 1080PSTX Firmware C02 - Authentication Bypass Vulnerability
Exploit Title: Optoma 1080PSTX Firmware C02 - Authentication Bypass Exploit Author: Anthony Cole Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Vendor Homepage: http://optoma.com Version: Optoma 1080PSTX Firmware C02 Tested on: N/A CVE : CVE-2023-27823 Details By default...
Best pos Management System v1.0 - Remote Code Execution on File Upload Vulnerability
Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation Exploit
//Discovered by:: TOUHAMI KASBAOUI - VXREMALWARE //Reported to Citrix: 25/03/2023 //Tested Version: 22.2.1.103, 23.1.1.11/Last version //Exploit: https://github.com/sqrtZeroKnowledge/CitrixSecureAccessLPE0DAY define UNICODE define UNICODE include include include include include using namespace st...
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting XSS Exploit Author: @casp3r0x0 hassan ali al-khafaji Vendor Homepage: https://www.eve-ng.net/ Software Link: https://www.eve-ng.net/index.php/download/ Version: Free EVE Community Edition Version 5.0.1-13 Tested on: Free EVE Community...
iBooking v1.0.8 - Arbitrary File Upload Vulnerability
Exploit Title: iBooking v1.0.8 - Arbitrary File Upload Exploit Author: d1z1n370/oPty Vendor Homepage: https://codecanyon.net/item/ibooking-laravel-booking-system/30362088 Tested on: Linux Version: 1.0.8 Exploit Description: The application is prone to an arbitrary file-upload because it fails to...
Zstore 6.6.0 Cross Site Scripting Vulnerability
Title: zstore-6.6.0 - XSS-Reflected Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of manual insertion...
Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : DJ-Extensions │ │ Software :...
Coffee Shop Cashiering System 1.0 SQL Injection Exploit
Exploit Title: Coffee Shop Cashiering System - Authenticated Time Based Sql injection Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cscs.zip Version: 1.0 Tested on: Windows 10 + XAMPP 3.2.4...
SDT-CW3B1 1.1.0 - OS Command Injection Vulnerability
Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id...
Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities
Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...
Zepp 6.1.4-play User Account Enumeration Vulnerability
Zepp 6.1.4-play User Account Enumeration User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application com.huami.watch.hmwatchmanager Tested...
IdeaRE RefTree Shell Upload Vulnerability
=============================================================================== title: IdeaRE RefTree Remote Code Execution product: IdeaRE RefTree 2021.09.17 vulnerability type: Unrestricted File Upload CVE ID: CVE-2022-27249 severity: High CVSSv3 score: 8.8 CVSSv3 vector:...
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting Vulnerability
Exploit Title: ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App:...
WordPress Jetpack 9.1 Plugin - Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab...
WebACMS 2.1.0 Cross Site Scripting Vulnerability
Product: WebACMS Vendor: AFI Solutions GmbH Tested Version: 2.1.0 Fixed Version: - Vulnerability Type: Cross-Site Scripting CWE-79 CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N Score 6.4 CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Score 6.1 Solution Status: Unfixed Manufacturer Notificatio...
Simple Chatbot Application 1.0 - (message) Blind SQL injection Vulnerability
Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on: XAMPP, Windows 1...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Vulnerability
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download Vendor: FatPipe Networks Inc. Product web page:...
T-Soft E-Commerce 4 - change (admin credentials) Cross-Site Request Forgery Vulnerability
Exploit Title: T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux 2021.4 / xammp Category: WebApp Google Dork: intext:'T-Soft E-Ticaret Sistemleriyle...
Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Tailor Management System 1.0 Persistent Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Tailor Management System 1.0 - Stored Cross-Site Scripting Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...
Zyxel Armor X1 WAP6806 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal Exploit Author: Rajivarnan R Vendor Homepage: https://www.zyxel.com/ Software http://www.zyxelguard.com/WAP6806.asp Version: V1.00ABAL.6C0 CVE: 2020-14461 Tested on: Linux Mint /...
AIDA64 Engineer 6.20.5300 - (Report File) filename Buffer Overflow (SEH) Exploit
Exploit Title: AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow SEH Exploit Author: Hodorsec Version: v6.20.5300 Software Link: http://download.aida64.com/aida64engineer620.exe Vendor Homepage: https://www.aida64.com/products/aida64-engineer Tested on: Win7 x86 SP1 - Build 7601...
Joomla GMapFP 3.30 Component - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version: Version J3.30pro Tested on: Ubuntu PoC:...
VMware Fusion 11.5.2 - Privilege Escalation Exploit
Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software Link:...
Microsoft Windows 10 - Theme API (ThemePack) File Parsing Exploit
Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10 v.1803 17134.407 Tested on: Windows 7, 8.0, 8.1, 10, Server 2012, Server 2012 R2, Server 201...
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Exploit
Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...