XAMPP - Buffer Overflow Exploit

Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...

Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit

Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646 !/usr/bin/env python3 import socke...

DS Wireless Communication - Remote Code Execution Exploit

Exploit Title: DS Wireless Communication Remote Code Execution Exploit Author: MikeIsAStar Vendor Homepage: https://www.nintendo.com Version: Unknown Tested on: Wii CVE: CVE-2023-45887 """This code will inject arbitrary code into a client's game. You are fully responsible for all activity that...

SISQUALWFM 7.1.319.103 - Host Header Injection Vulnerability

Exploit Title: SISQUALWFM 7.1.319.103 Host Header Injection Discovered Date: 17/03/2023 Reported Date: 17/03/2023 Resolved Date: 13/10/2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Versio...

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload Vulnerabilities

Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Description - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the file uploa...

ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure Exploit

Exploit Title: ManageEngine ADManager Plus Build 7183 - Recovery Password Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

Splunk 9.0.4 - Information Disclosure Vulnerability

Exploit Title: Splunk 9.0.4 - Information Disclosure Date: 2023-09-18 Exploit Author: Parsa rezaie khiabanloo Vendor Homepage: https://www.splunk.com/ Version: 9.0.4 Tested on: Windows OS Splunk through 9.0.4 allows information disclosure by appending...

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over Exploit

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to the target server'...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Denial Of Service Exploit

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...

Online Nurse Hiring System 1.0 - Time-Based SQL Injection Vulnerability

Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826 Version: 1.0 Tested...

WyreStorm Apollo VX20 Incorrect Access Control Vulnerability

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Complaint Management System 2.0 SQL Injection Vulnerability

Exploit Title: Complaint-Management-System Multiple SQL Injection Vulnerabilities Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/complaint-management-sytem/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=7259 Version: V 2.0 Tested on: Windows 11 + XAMP...

IBM i Access Client Solutions Remote Credential Theft Vulnerability

IBM i Access Client Solutions ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

LaborOfficeFree 19.10 MySQL Root Password Calculator Exploit

LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10...

SCHLIX 2.2.8-1 Denial Of Service Exploit

Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service Exploit Author: Diyar Saadi Vendor Homepage: https://www.schlix.com Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: v2.2.8-1 Tested on: Windows 11 + XAMPP Description SCHLIX v2.2.8-1 is vulnerable to...

WyreStorm Apollo VX20 Account Enumeration Vulnerability

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery. + Credits: John...

WyreStorm Apollo VX20 Credential Disclosure Vulnerability

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Windows Defender Detection Mitigation Bypass Vulnerability

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...

Wordpress Seotheme - Remote Code Execution Unauthenticated Exploit

Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys , requests, re from multiprocessing.dummy import Pool from colorama import Fore from colorama import init initautoreset=True fr =...

Rail Pass Management System 1.0 - Time-Based SQL Injection Vulnerability

Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479 Version: 1.0 Test...

Zyxel zysh - Format string Exploit

Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,...

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Exploit

Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting Vulnerability

Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting XSS Authenticated Exploit Author: Furkan ÖZER Software Link: https://wordpress.org/plugins/advanced-page-visit-counter/ Version: 8.0.5 Tested on: Kali-Linux,Windows10,Windows 11 CVE: N/A Description: Advanced Page...

Elasticsearch - StackOverflow DoS Exploit

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

Online Nurse Hiring System 1.0 - Time-Based SQL Injection Vulnerability

Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826 Version: 1.0 Tested...

KiTTY 0.76.1.13 Command Injection Exploit

KiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue which is quite an interesting vector of attack. !/usr/bin/python...

Wordpress (simple urls) Plugin < 115 - XSS Vulnerability

Exploit Title: simple urls alertorigin...

Juniper SRX Firewalls&EX switches - PreAuth Remote Code Execution Exploit

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

PCMan FTP Server 2.0 - (pwd) Remote Buffer Overflow Vulnerability

Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows XP SP3...

GYM MS - GYM Management System - Cross Site Scripting Vulnerability

Exploit Title: GYM MS - GYM Management System - Cross Site Scripting Stored Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip Version: 1.0 Last Update: 31 August 2022 Tested On: Kal...

Curfew e-Pass Management System 1.0 - FromDate SQL Injection Vulnerability

Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login into the...

Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit

Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. !/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password...

runc 1.1.11 File Descriptor Leak Privilege Escalation Exploit

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc typically root...

Clinics Patient Management System 1.0 - Unauthenticated Code Execution Vulnerability

Exploit Title: Clinic's Patient Management System 1.0 - Unauthenticated RCE Exploit Author: Oğulcan Hami Gül Vendor Homepage: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Software Link:...

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with...

TP-Link TL-WR740N - UnAuthenticated Directory Transversal Vulnerability

Exploit Title: TP-Link TL-WR740N UnAuthenticated Directory Transversal Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N ---------------------------POC--------------------------...

MISP 2.4.171 - Stored XSS Vulnerability

Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low privileged account 1Click on...

TP-LINK TL-WR740N - Multiple HTML Injection Vulnerability

Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities Exploit Author: Shujaat Amin ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: Windows 10 ---------------------------POC----------------------------- 1 G...

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS Vulnerability

Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-35759 WhatsU...

Bank Locker Management System SQL Injection Vulnerability

Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/ Tested on: Windows ...

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page Vulnerability

Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting XSS on User Login Page Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://moosocial.com Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 11 CVE : CVE-2023-43325 Description: A Cross Site Scripting XSS...

Cacti pollers.php SQL Injection / Remote Code Execution Exploit

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the...

SISQUAL WFM 7.1.319.103 Host Header Injection Vulnerability

Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.103 Fixed Version: sisqualWFM - 7.1.319.111 CVE :...

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable. Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vulnerability

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations. TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page:...

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vulnerability

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration. TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vendor: TELSAT Srl Product web page:...

glibc syslog() Heap-Based Buffer Overflow Exploit

Qualys discovered a heap-based buffer overflow in the GNU C Library's vsysloginternal function, which is called by both syslog and vsyslog. This vulnerability was introduced in glibc 2.37 in August 2022. CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog...

XenForo 2.2.13 ArchiveImport.php Zip Slip Vulnerability

------------------------------------------------------------ XenForo zip; 201. $DS = \XF::$DS; 202. 203. if $this-extracted 204. 205. return; 206. 207. 208. for $i = 0; $i numFiles; $i++ 209. 210. $zipFileName = $zip-getNameIndex$i; 211. $fsFileName = $this-getFsFileNameFromZipName$zipFileName;...

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Vendor: Royal Apps GmbH Web page: https://www.royalapps.com Affected version: 6.0.1.1000 macOS Summary: Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems with different protocols...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...