TP-Link TL-WR940N V4 - Buffer OverFlow Exploit

Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow country: Iran Exploit Author: Amirhossein Bahramizadeh Category : hardware Dork : /userRpm/WanDynamicIpV6CfgRpm Tested on: Windows/Linux CVE : CVE-2023-36355 import requests Replace the IP address with the router's IP routerip = '192.168.0.1'...

Rukovoditel 3.4.1 - Multiple Stored XSS Vulnerability

Exploit Title: Rukovoditel 3.4.1 - Multiple Stored XSS Version: 3.4.1 Bugs: Multiple Stored XSS Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 24-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Vulnerability

Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Application: PodcastGenerator Version: v3.2.9 Bugs: Blind SSRF via XML Injection Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found:...

GZ Forum Script 1.8 - Stored Cross-Site Scripting Vulnerability

Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site Relea...

WebsiteBaker v2.13.3 - Stored XSS Vulnerability

Exploit Title: WebsiteBaker v2.13.3 - Stored XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author: Mirabbas Ağalarov...

Vacation Rental 1.8 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Vacation Rental 1.8 - Stored Cross-Site Scripting XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/vacation-rental-website.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the si...

Car Rental Script 1.8 - Stored Cross-site scripting Vulnerability

Exploit Title: Car Rental Script 1.8 - Stored Cross-site scripting XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/car-rental-php-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the si...

D-Link DAP-1325 - Broken Access Control Vulnerability

Exploit Title: D-Link DAP-1325 - Broken Access Control Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticated access to...

Zip And RAR FileExtractor 5.7 Cross Site Scripting Vulnerability

Exploit Title: Zip & RAR FileExtractor v5.7 - Reflected XSS Vendor Homepage: Penghui Zhao Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en Exploit Author: tmrswrr Category : ios app Version: v5.7 Tested on: Windows/Linux Description: Go to Wi-Fi Transfer sectio...

WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

SPIP 4.2.3 SQL Injection Vulnerability

Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server Side Sensitive information Disclosure! Author: nu11secur1ty Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip Reference:...

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference Vulnerability

Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...

Office Suite Premium 10.9.1.42602 Cross Site Scripting Vulnerability

Exploit Title: Office Suite Premium 10.9.1.42602 - Cross-Site Scripting reflected Exploit Author: tmrswrr Vendor Homepage: https://www.mobisystems.com/ Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506 Version: Office Suite Premium 10.9.1.42602 Tested on: Ubuntu...

Apache Druid JNDI Injection Remote Code Execution Exploit

This Metasploit module is designed to exploit the JNDI injection vulnerability in Druid. The vulnerability specifically affects the indexer/v1/sampler interface of Druid, enabling an attacker to execute arbitrary commands on the targeted server. The vulnerability is found in Apache Kafka clients...

Office Suite Premium 10.9.1.42602 Path Traversal Vulnerability

Exploit Title: Office Suite Premium 10.9.1.42602 - Path Traversal Exploit Author: tmrswrr Vendor Homepage: https://www.mobisystems.com/ Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506 Version: Office Suite Premium 10.9.1.42602 Tested on: Ubuntu 18.04 POC GET...

PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory

Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Dork: /modules/winbizpayment/downloads/download.php country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Vendor Homepage:...

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit Remote Code Execution Vulnerability

Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...

Microsoft SharePoint Enterprise Server 2016 - Spoofing Exploit

// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : Remote // Vendor Homepage: // Microsoft SharePoint Foundation 2013 Service Pack 1 // Microsoft SharePoint Server Subscription Edition // Microsoft...

MCL-Net 4.3.5.8788 - Information Disclosure Vulnerability

Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure Exploit Author: Victor A. Morales, GM Sectec Inc. Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php Version: 4.3.5.8788 other versions may be affected Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-34834 Description:...

Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing Vulnerability

Title: Microsoft OneNote Version 2305 Build 16.0.16501.20074 64-bit - Spoofing Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app Reference:...

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Exploit

Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1 REQUIRED Tested on:...

Nokia ASIKA 7.13.52 - Hard-coded private key disclosure Exploit

// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52 REQUIRED // Tested on:...

Azure Apache Ambari 2302250400 - Spoofing Exploit

Exploit Title: Azure Apache Ambari 2302250400 - Spoofing country: Iran Exploit Author: Amirhossein Bahramizadeh Category : Remote Vendor Homepage: Microsoft Apache Ambari Microsoft azure Hdinsights Tested on: Windows/Linux CVE : CVE-2023-23408 import requests Set the URL and headers for the Ambar...

Super Socializer 7.13.52 - Reflected XSS Exploit

Exploit Title: Super Socializer 7.13.52 - Reflected XSS Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=thechampsharingcount&urls%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E=https://www.google.com Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor...

Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated) Exploit

-- coding: utf-8 -- /usr/bin/env python Exploit Title: Bludit 3.13.1 Backup Plugin - Arbitrary File Download Authenticated Date: 2022-07-21 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: 3.13.1 Tested on:...

HiSecOS 04.0.01 - Privilege Escalation Exploit

Exploit Title: HiSecOS 04.0.01 - Privilege Escalation Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation Exploit Author: dreizehnutters Vendor Homepage: https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=15437&mediaformatid=50063&destinationid=10016 Version...

MOVEit SQL Injection Exploit

This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker can levera...

Windows 11 22h2 - Kernel Privilege Elevation Exploit

// Exploit Title: Windows 11 22h2 - Kernel Privilege Elevation // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : webapps // Vendor Homepage: // Tested on: Windows/Linux // CVE : CVE-2023-28293 include include // The vulnerable driver file name const char drivername =...

Xenforo Version 2.2.13 - Authenticated Stored XSS Vulnerability

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated) Exploit

Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software Link:...

SPIP v4.2.0 - Remote Code Execution (Unauthenticated) Exploit

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

The Shop v2.5 - SQL Injection Vulnerability

Exploit Title: The Shop v2.5 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json Accept:...

Groomify v1.0 - SQL Injection Vulnerability

Exploit Title: Groomify v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...

Student Study Center Management System v1.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Student Study Center Management System v1.0 - Stored Cross-Site Scripting XSS Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://phpgurukul.com Software Link:...

Diafan CMS 6.0 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya Karabag Vendor Homepage: https://www.diafancms.com/ Version: 6.0 Tested on: https://demo.diafancms.com Description: 1 https://demo.diafancms.com/ Go to main page and write your payload in Search in...

WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting Vulnerability

Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting XSS Google Dork: N/A Exploit Author: Harshit Joshi Vendor Homepage: https://community.broadcom.com/home Software Link: https://www.broadcom.com/products/identity/siteminder Version: 12.52 Tested on: Linux, Windows CVE:...

Jobpilot v2.61 - SQL Injection Vulnerability

Exploit Title: Jobpilot v2.61 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822 Demo Site: https://jobpilot.templatecookie.com Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Parameter: long GET Type: error-based...

projectSend r1605 - CSV injection Vulnerability

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC ========================================...

Online Thesis Archiving System v1.0 - Multiple SQL injection Vulnerability

Exploit Title: Online Thesis Archiving System v1.0 - Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip Version: 1.0 Teste...

Xoops CMS 2.5.10 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Xoops CMS 2.5.10 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: https://xoops.org/ Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10 Version: 2.5.10 Tested : https://www.softaculous.com/apps/cms/Xoops --- Description --- 1...

Monstra 3.0.4 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested : https://www.softaculous.com/softaculous/demos/Monstra --- Description --- 1 Login admin panel a...

projectSend r1605 - Stored XSS Vulnerability

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability

Exploit Title: Buffer Overflow in TP-Link Archer AX10EUV1.2230220 Exploit Author: Giuseppe Compare CVE: CVE-2023-34832 Vendor Homepage: https://www.tp-link.com/ Version: TP-Link Archer AX10EUV1.2230220 Buffer Overflow There is a buffer overflow in the FUN131e8 function due to using sprintf...

Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Textpattern CMS v4.8.8 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/filedownload/118/textpattern-4.8.8.zip Version: v4.8.8 Tested : https://release-demo.textpattern.co/ ---...

PyLoad 0.5.0 - Pre-auth Remote Code Execution Exploit

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import requests, argparse...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass Exploit

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit. Entering the URL in browser will give you access to the respective users acc...

Symmetricom SyncServer Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in /controller/ping.php in Symmetricom SyncServer. The S100 through S350 End of Life models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability. This module requires...

Online Examination System Project 1.0 - Cross-site request forgery Vulnerability

Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery CSRF Exploit Author: Ramil Mustafayev kryptohaker Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...