39001 matches found
Yosoro 1.0.4 - Remote Code Execution Vulnerability
Exploit for macOS platform in category web applications Exploit title: Yosoro 1.0.4 - Remote Code Execution Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version:...
SearchBlox 8.6.6 - Cross-Site Request Forgery Vulnerability
Exploit for java platform in category web applications Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested...
Procps-ng - Multiple Vulnerabilities
Exploit for linux platform in category local exploits Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process...
DomainMod 4.09.03 - oid Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Exploit Author: longer(email protected) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod...
EasyService Billing 1.0 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications !-- Exploit Title: EasyService Billing 1.0 Cross-Site Scripting in 'q' Parameter Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Exploit Author: Divya Jain Version:...
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dork : Use You Mind :...
Listing Hub CMS 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Listing Hub CMS 1.0 - Multiple SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/listing-hub-cms-directory-listings-theme/21361294 Version: 1.0 Category: Webapps Tested on: Kali...
EasyService Billing 1.0 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications history.pushState'', '', '/' form action="http://test.com/EasyServiceBilling/quotation-new3-new2.php?add=true&id=139" method="P...
Employee Work Schedule 5.9 - (cal_id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: EWS 5.9 - 'search' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/employee-work-schedule-multicalendar/10545683 Version: 5.9 Category: Webapps Tested on: Kali linux Descripti...
Ajax Full Featured Calendar 2.0 - (search) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ajax Full Featured Calendar 2.0 - 'search' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ajax-full-featured-calendar-2/10158465 Version: 2.0 Category: Webapps Tested on: Kal...
GNU Barcode 0.99 - Memory Leak Exploit
Exploit for linux platform in category local exploits GNU Barcode 0.99 - Memory Leak Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Affected version: 0.99 Tested on: Ubuntu 16.04.4 Author: Gjo...
Lyrist - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Lyrist - Music Lyrics Script - SQL Injection Exploit Author: Meisam Monsef - email protected - @meisamrce Vendor Homepage: https://www.codester.com/items/7250/lyrist-music-lyrics-script Version: All Version Exploit :...
GNU Barcode 0.99 - Buffer Overflow Exploit
Exploit for linux platform in category local exploits GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu...
Symfony 2.7.0 < 4.0.10 - Denial of Service Exploit
Exploit for php platform in category dos / poc The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An applicati...
wityCMS 0.6.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link:...
Werewolf Online 0.8.8 - Information Disclosure Vulnerability
Exploit for Android platform in category local exploits Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link:...
Sitemakin SLAC 1.0 - my_item_search SQL Injection Vulnerability
CVE-2018-11535 Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 Description : Facebook Clone Script 1.0.5 has...
Facebook Clone Script 1.0.5 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Facebook Clone Script 1.0.5 - 'search' SQL Injection Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 POC : SQLi : Parameter : search Type : Union base...
easyLetters 1.0 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: easyLetters 1.0 - 'id' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyletters/5281396 Version: 1.0 Category: Webapps Tested on: Kali linux...
EasyService Billing 1.0 - (q) SQL Injection Vulnerability
Exploit for php platform in category web applications !-- Exploit Title: EasyService Billing 1.0 SQL Injection on page jobcard-ongoing.php?q= Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Exploit Author: Divya Jain Version:...
mySurvey 1.0 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: mySurvey 1.0 - 'statistic.php' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysurvey/6794645 Version: 1.0 Category: Webapps Tested on: Kali linux Description : You can see...
DomainMod 4.09.03 - sslpaid Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter Exploit Author: longer(email protected) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod...
ClipperCMS 1.3.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://www.clippercms.com/ Software Link:...
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload Vulnerability
Exploit for hardware platform in category web applications Exploit Title: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Google Dork: intitle:NUUO Network Video Recorder Login Exploit Author: email protected Vendor Homepage: http://www.nuuo.com Software Link: N/A Version: all Tested...
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubun...
BookingWizz Booking System 5.5 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: BookingWizz Booking System 5.5 - 'bs-services-add.php' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/booking-system/87919 Version: 5.5 Category: Webapps Tested on: Kali linu...
IssueTrak 7.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications ================ Exploit Title: SQL Injection Vulnerability in Issue Trak = 7.0 Possibly applicable up to version 9.7 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; = 7.0 extremely likely; up to 9.7 very likely Google Dork:...
Baby Names Search Engine 1.0 - (a) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Baby Names Search Engine v1.0 - 'a' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaGeni Vendor Homepage: https://codecanyon.net/item/baby-names-search-engine/11864316 Version: 2.0 Category: Webapps Tested o...
Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...
Ingenious School Management System - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ingenious School Management System - SQL Injection Exploit Author: Meisam Monsef - email protected - @meisamrce Vendor Homepage: https://www.codester.com/items/4945/ingenious-school-management-system Version: All Version Exploit...
My Directory 2.0 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: My Directory 2.0 - SQL Injection / Cross-Site Scripting Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/my-directory/15859886 Version: 2.0 Category: Webapps Tested on: Kali linux Descriptio...
ALFTP 5.31 - Local Buffer Overflow (SEH Bypass) Exploit
Exploit for windows platform in category local exploits Exploit Author: Gokul Babu Vendor Homepage: http://www.altools.com/downloads/alftp.aspx Vulnerable Software: http://advert.estsoft.com/?event=201001127730323 Tested on: Windows XP Professional SP3 -Version-2002 Steps to reproduce-1: eip...
Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)
include / ; Bind TCP Shellcode ; Copyright 2018, Luca Di Domenico ; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as published by ; the Free Software Foundation, either version 3 of the License, or ; at your option an...
Wordpress Events Calendar Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Events Calendar - SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-events-calendar-plugin/5025660 Version: 1.0 Category: Webapps Tested on:...
Joomla Full Social 1.1.0 Component - search_query SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! extension Full Social 1.1.0 - 'searchquery' SQL Injection Exploit Author: L0RD or email protected Software Link: https://extensions.joomla.org/extension/full-social/ Vendor Homepage: https://www.joomlaextensions.co.in/...
TPLink #TLWR840N / #TLWR841N - Authenticaton Bypass Vulnerability
Exploit for hardware platform in category web applications Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Website: SecureLayer7.net Contact: email protected Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware:...
Bitmain Antminer D3/L3+/S9 - Remote Command Execution Vulnerability
Exploit for hardware platform in category remote exploits Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution Google Dork: N/A Date: 27/05/2018 Exploit Author: Corrado Liotta Vendor Homepage: https://www.bitmain.com/ Software Link: N/A Version: Antminer - D3, L3...
Joomla jCart for OpenCart 2.3.0.2 Component - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or email protected Software Link:...
CloudMe Sync 1.11.0 - Buffer Overflow (SEH) (DEP Bypass) Exploit
Exploit for windows platform in category remote exploits Author: Juan Prescotto Tested Against: Win7 Pro SP1 64 bit Software Download: https://www.cloudme.com/downloads/CloudMe1109.exe Tested Against Version: 1.10.9 Special Thanks to my wife for allowing me spend countless hours on this passion o...
Joomla JoomOCShop 1.0 Component - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery Exploit Author: L0RD or email protected Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/joomocshop/ Vendor...
Wordpress Booking Calendar 3.0.0 Plugin - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-booking-calendar/4639530 Version: 3.0.0...
PHP Login And User Management 4.1.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary...
DLink #DSL2750B OS Command Injection Exploit
This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...
KomSeo Cart 1.3 - my_item_search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: KomSeo Cart 1.3 - 'edit.php' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: SITEMAKIN Vendor Homepage: https://sitemakin.com Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability...
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows...
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Dork: inurl:Satellite?c Date: 18.12.201 Exploit Author: Richard Alviarez Vendor Homepage: http://oracle.com Version: 7.x 11gR1 CVE: CVE-2018-2791 Category...
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?srank=1110 Version: 2 Tested on: Kali linux POC : eWallet ...
glibc 2.27 #GNU - Local Buffer Overflow Exploit
Exploit for linux platform in category local exploits Exploit Title: GNU glibc Vendor Homepage: http://www.gnu.org/ CVE: CVE-2018-11237 POC: $ cat mempcpy.c define GNUSOURCE 1 include include define N 97699 char aN; char bN+128; int main void memset a, 'x', N; char c = mempcpy b, a, N; assert c =...
Wecodex Restaurant CMS 1.0 - Login SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6 Version: 1.0 Categor...