WinRAR version 6.22 - Remote Code Execution via ZIP archive Exploit

Exploit Title : EXPLOIT WinRAR version 6.22 Vulnerability CVE-2023-38831 Author : E1.Coders Contact : E1.Coders at Mail dot RU Security Risk : High Description : All target's GOV & Military websites Expl0iTs: include include include include "zip.h" define PDFFILE "document.pdf" define FOLDERNAME...

Purei CMS 1.0 - SQL Injection Vulnerability

Exploit Title: Purei CMS 1.0 - SQL Injection Exploit Author: Number 7 Vendor Homepage: purei.com Version: 1.0 Tested on: Linux Introduction: An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection transpires when web...

Artica Proxy Unauthenticated PHP Deserialization Exploit

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...

SPA-CART CMS - Stored XSS Vulnerability

Exploit Title: SPA-CART CMS - Stored XSS Exploit Author: Eren Sen Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 CVE-ID: N/A Tested on: Kali Linux / Windows 10 Vulnerabilities Discovered Date : 2024/01/03 Vulnerability Type: Stor...

Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers t...

MobileShop master v1.0 - SQL Injection Vulnerability

Exploit Title: MobileShop master v1.0 - SQL Injection Vuln. + Exploit Author: "HAZIM ARBAŞ" from EMA Security LTD - Siber Güvenlik ve Bilişim Hizmetleri https://emasecurity.com + Vendor Homepage: https://code-projects.org/mobile-shop-in-php-css-javascript-and-mysql-free-download/ + Software Link:...

WordPress Bricks Builder Theme 1.9.6 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval...

LBT-T300-mini1 - Remote Buffer Overflow Exploit

include include define MAXLEN 256 define BUFFEROVERRUNLENGTH 50 define SHELLCODELENGTH 32 // NOP sled to increase the chance of successful shellcode execution char nopsledSHELLCODELENGTH =...

Nagios XI Version 2024R1.01 - SQL Injection Exploit

Exploit Title: NAGIOS XI SQLI Exploit Author: Jarod Jaslow MAWK https://www.linkedin.com/in/jarod-jaslow-codename-mawk-265144201/ Vendor Homepage: https://www.nagios.com/changelog/nagios-xi Software Link: https://github.com/MAWK0235/CVE-2024-24401 Version: Nagios XI Version 2024R1.01 Tested on:...

Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS Vulnerabilities

Exploit Title:Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS Exploit Author: Hakkı TOKLU Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: 1.0 Tested on: Windows 11 / PHP...

LimeSurvey Community 5.3.32 - Stored XSS Vulnerability

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on: Windows Client...

OpenNMS Horizon 31.0.7 Remote Command Execution Exploit

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versio...

Teacher Subject Allocation Management System 1.0 - (searchdata) SQL injection Vulnerability

Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi Exploit Author: Ersin Erenler Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17645 Version: 1.0...

Tramyardg Autoexpress 1.3.0 Cross Site Scripting Vulnerability

Exploit Title: tramyardg autoexpress - Stored Cross-Site Scripting XSS Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48903 References:...

Employee Management System 1.0 - (admin_id) SQL injection Vulnerability

Exploit Title: Employee Management System 1.0 - 'adminid' SQLi Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1.0 Tested on: Windows, Linux...

Tramyardg Autoexpress 1.3.0 SQL Injection Vulnerability

Exploit Title: tramyardg autoexpress - SQL Injection Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48901 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901...

Tramyardg Autoexpress 1.3.0 Authentication Bypass Vulnerability

Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles. Exploit Title: tramyardg autoexpress - Authentication Bypass...

Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution Vulnerabilities

Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution. Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload Exploit Author: kai6u Vendor Homepage: https://www.getlektor.co...

Simple Task List 1.0 - (status) SQL injection Vulnerability

Exploit Title: Simple Task List 1.0 - 'status' SQLi Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0 Tested on:...

Hitachi NAS SMU 14.8.7825 Information Disclosure Vulnerability

Exploit Title: Hitachi NAS HNAS System Management Unit SMU 14.8.7825 - Information Disclosure CVE: CVE-2023-6538 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host", required=True, type=str,...

Backdrop CMS 1.23.0 - Stored XSS Vulnerability

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body of the post...

Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated) Vulnerability

Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 Tested : https://www.softaculous.com/demos/WinterCMS 1 Login wit...

Karaf v4.4.3 Console - Remote Code Execution Exploit

!/usr/bin/python Exploit Title: Karaf v4.4.3 Console RCE Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-karaf-exploits.git Vendor Homepage: https://karaf.apache.org Software Link:...

LaborOfficeFree 19.10 - MySQL Root Password Calculator Exploit

Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on: Windows 10 CVE : CVE-2024-1346...

ZoneMinder Snapshots < 1.37.33 - Unauthenticated Remote Code Execution Exploit

import re import requests from bs4 import BeautifulSoup import argparse import base64 Exploit Title: Unauthenticated RCE in ZoneMinder Snapshots Date: 12 December 2023 Discovered by : @Unblvr1 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://zoneminder.com/ Software Link:...

Gibbon LMS < v26.0.00 - Authenticated Remote Code Execution Exploit

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu...

Quick.CMS 6.7 - SQL Injection Login Bypass Vulnerability

Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE : N/A How to exploit : -- Open...

vm2 - Sandbox Escape Exploit

/ Exploit Title: vm2 Sandbox Escape vulnerability Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM = require"vm2";...

UPS Network Management Card 4 - Path Traversal Vulnerability

Exploit Title: UPS Network Management Card 4 - Path Traversal Google Dork: inurl:nmc inurl:logon.htm Exploit Author: Víctor García Vendor Homepage: https://www.apc.com/ Version: 4 Tested on: Kali Linux CVE: N/A PoC: curl -k...

Nokia BMC Log Scanner - Remote Code Execution Vulnerability

Exploit Title: Nokia BMC Log Scanner Remote Code Execution Google Dork: N/A Date: November 29, 2023 Exploit Author: Carlos Andres Gonzalez, Matthew Gregory Vendor Homepage: https://www.nokia.com/ Software Link: N/A Version: 13 Tested on: Linux CVE : CVE-2022-45899 Description The BMC Log Scanner...

Atlassian Confluence < 8.5.3 - Remote Code Execution Exploit

Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Tested on: 8.5.3 CVE ...

WEBIGniter v28.7.23 - Stored XSS Vulnerability

Title: WEBIGniter v28.7.23 XSS Author: RedTeamer IT Security, Mesut Cetin Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting/stored Description: During the user creation process, the 'yourname' parameter fails...

WordPress File Upload Plugin < 4.23.3 - Stored XSS Vulnerability

Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "File Upload Plugin":...

JetBrains TeamCity 2023.05.3 - Remote Code Execution Exploit

Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: email protected - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on: 2023.05.3 -...

GitLab CE/EE < 16.7.2 - Password Reset Vulnerability

Exploit Title: GitLab CE/EE 16.7.2 - Password Reset Exploit Author: Sebastian Kriesten 0xB455 Twitter: https://twitter.com/0xB455 Vendor Homepage: gitlab.com Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ Version: 16.7.2,...

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution Exploit

Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: email protected - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import requests...

StimulusReflex 3.5.0 Arbitrary Code Execution Exploit

StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability. StimulusReflex CVE-2024-28121 Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10. Vulnerable code...

Ruijie Switch PSG-5124 26293 - Remote Code Execution Exploit

Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution RCE - Shodan Dork: http.htmlhash:-1402735717 - Fofa Dork: body="img/freeloginge.gif" && body="./img/loginbg.gif" - Exploit Author: ByteHunter - Email: email protected - Version: PSG-5124LINK SOFTWARE RELEASE:26293 - Tested on:...

KiTTY 0.76.1.13 - Start Duplicated Session Hostname Buffer Overflow Exploit

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

Honeywell PM43 < P10.19.050004 - Remote Code Execution Exploit

Exploit Title: Honeywell PM43 ' if htmlstartindex != -1: return responsetext:htmlstartindex else: return responsetext except requests.exceptions.RequestException as e: return f"Error: e" def main: parser = argparse.ArgumentParserdescription='Command Injection PoC for Honeywell PM43 Printers'...

KiTTY 0.76.1.13 - Start Duplicated Session Username Buffer Overflow Exploit

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

SolarView Compact 6.00 - Command Injection Exploit

Exploit Title: SolarView Compact 6.00 - Command Injection - Shodan Dork: http.html:"solarview compact" - Exploit Author: ByteHunter - Email: email protected - Version: 6.00 - Tested on: 6.00 - CVE : CVE-2023-23333 import argparse import requests def vulncheckipaddress, port: url =...

KiTTY 0.76.1.13 - Command Injection Exploit

Exploit Title: KiTTY 0.76.1.13 - Command Injection Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤ 0.76.1.13 Tested on: Microsoft Windows...

OSGi v3.8-3.18 Console - Remote Code Execute Exploit

!/usr/bin/python Exploit Title: OSGi v3.8-3.18 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...

OSGi v3.7.2 (and below) Console - Remote Code Execute Exploit

!/usr/bin/python Exploit Title: OSGi v3.7.2 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...

VMware Cloud Director 10.5 - Bypass identity verification Exploit

Exploit Title: VMware Cloud Director | Bypass identity verification Exploit Author: Abdualhadi khalifa Version: 10.5 CVE : CVE-2023-34060 import requests import paramiko import subprocess import socket import argparse import threading Define a function to check if a port is open def isportopenip,...

Cisco Firepower Management Center < 6.6.7.1 - Authenticated Remote Code Execute Exploit

Exploit Title: Cisco Firepower Management Center Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface fmcurl = "https://fmc.example.com"...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross sit...

Human Resource Management System 1.0 - (employeeid) SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection Exploit Author: Srikar Exp1o1t9r Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...