Teachers Record Management System 1.0 - File Upload Type Validation Vulnerability

Exploit Title: Teachers Record Management System 1.0 – File Upload Type Validation Date: 17-01-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3187 =============================== STEPSTOREPRODUCE...

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Exploit Title: Sales Tracker Management System v1.0 – Multiple Vulnerabilities EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3184 ============================== CREDENTIAL TO USE ============================== ADMIN-ACCOUNT...

Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution Vulnerability

Anevia Flamingo XL version 3.6.20 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution...

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak Vulnerability

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX...

Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit

Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit + PoC Backup:...

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials Vulnerability

Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page:...

WordPress Workreap 2.2.2 Shell Upload Exploit

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author: Mohammad Hossei...

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vulnerability

Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution...

TerraMaster TOS 4.2.15 Remote Code Execution Exploit

This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. This module requires Metasploit: https://metasploit.com/download...

TerraMaster TOS 4.2.06 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute comman...

Oracle Weblogic PreAuth Remote Command Execution Exploit

Oracle Weblogic versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This Metasploit module exploits this vulnerability to trigger the JNDI...

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution Vulnerabilities

LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 ======================================================================== Contents ======================================================================== Summary CVE-2023-33865, a symlink vulnerability in /tmp/RenderDoc -...

Delta Electronics InfraSuite Device Master Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...

WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation Vulnerabilities

Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in...

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...

PaperCut PaperCutNG Authentication Bypass Exploit

This Metasploit module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the print-and-de vice.script.enabled and print.script.sandboxed options to allow for arbitrary code execution running in the builtin RhinoJS engine. This...

Expert Job Portal Management System 1.0 SQL Injection Vulnerability

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Vulnerability ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │...

CloudPanel 2.2.2 Privilege Escalation / Path Traversal Exploit

CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access. Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github :...

USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Vulnerability

Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Exploit Author: Jeffrey Bencteux Vendor Homepage: https://binisoft.org/ Software Link: https://binisoft.org/wfc Version: 4.1.0.0 Tested on: Microsoft Windows 11 Pro Vulnerability Type: Unquoted Service Path PS C:\ wmic servic...

MotoCMS Version 3.4.3 - SQL Injection Vulnerability

Title: MotoCMS Version 3.4.3 - SQL Injection Author: tmrswrr Date: 01/06/2023 Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.4.3 Description MotoCMS Version 3.4.3 SQL Injection via the keyword parameter. Steps to...

Macro Expert 4.9 - Unquoted Service Path Vulnerability

Exploit Title: Macro Expert 4.9 - Unquoted Service Path Exploit Author: Murat DEMIRCI Vendor Homepage: http://www.macro-expert.com/ Software Link: http://www.macro-expert.com/product/gmsetup4.9.exe Version: 4.9 Tested on: Windows 10 Proof of Concept : C:\Users\Muratsc qc "Macro Expert" SC...

Enrollment System Project v1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...

File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution Exploit

Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution RCE Exploit Author: Mateus Machado Tesser Vendor Homepage: https://advancedfilemanager.com/ Version: File Manager Advanced Shortcode 2.3.2 Tested on: Wordpress 6.1 / Linux Ubuntu 5.15 CVE: CVE-2023-2068...

Total CMS 1.7.4 - Remote Code Execution Vulnerability

Exploit Title: Total CMS 1.7.4 - Remote Code Execution RCE Exploit Author: tmrswrr Version: 1.7.4 Vendor home page : https://www.totalcms.co/ 1 Go to this page and click edit page button https://www.totalcms.co/demo/soccer/ 2After go down and will you see downloads area 3Add in this area shell.ph...

Barebones CMS v2.0.2 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: https://barebonescms.com/ Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip Version: v2.0.2 Tested : https://demo.barebonescms.com/ ---...

Tree Page View Plugin 1.6.7 - Cross Site Scripting Vulnerability

Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...

STARFACE 7.3.0.10 Broken Authentication Exploit

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

Bumsys Business Management System 1.0.3-beta Shell Upload Vulnerability

Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Tested on: Windows 11, XAMPP-8.2.0 CVE...

Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path Vulnerability

Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 - 'GamingServicesNet' Unquoted Service Path Exploit Author: tmrswrr Vendor : https://www.microsoft.com/store/productId/9MWPM2CQNLHN Version : 12.77.3001.0 Tested on OS: Windows 10 Enterprise Step to discover Unquoted Service Path:...

Unilogies Bumsys v1.0.3 beta - Unrestricted File Upload Vulnerability

Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Tested on: Windows 11, XAMPP-8.2.0 CVE...

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation Vulnerability

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

Online Security Guards Hiring System 1.0 - Reflected XSS Exploit

Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows 11 + XAMPP + PYTHON-3.X CVE :...

Flexense HTTP Server 10.6.24 - Buffer Overflow Exploit

Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the...

Faculty Evaluation System 1.0 - Unauthenticated File Upload Exploit

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

Pydio Cells 4.1.2 - Unauthorised Role Assignments Vulnerability

Exploit Title: Pydio Cells 4.1.2 - Unauthorised Role Assignments Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Privilege Escalation Security Risk: high Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

Qualcomm Adreno/KGSL Data Leakage Exploit

On Qualcomm Adreno/KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL versions without CONFIGQCOMKGSLUSESHMEM, KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VMPFNMAP set, which means...

Rukovoditel 3.3.1 - CSV injection Vulnerability

Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

WordPress ReviewX 1.6.13 Privilege Escalation Vulnerability

Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...

MotoCMS Version 3.4.3 - Server-Side Template Injection Vulnerability

Title: MotoCMS Version 3.4.3 - Server-Side Template Injection SSTI Author: tmrswrr Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.0.27 Description MotoCMS Version 3.4.3 Store Category Template was discovered to conta...

Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion Exploit

Qualcomm Adreno/KGSL suffers from an unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr. Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05,...

Pydio Cells 4.1.2 - Cross-Site Scripting via File Download Vulnerability

Exploit Title: Pydio Cells 4.1.2 - Cross-Site Scripting XSS via File Download Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

Pydio Cells 4.1.2 - Server-Side Request Forgery Vulnerability

Exploit Title: Pydio Cells 4.1.2 - Server-Side Request Forgery Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Server-Side Request Forgery Security Risk: medium Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

New MVC Shop 1.0 SQL Injection / Missing Attributes Vulnerability

Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection Description: The...

e-Biz Technocrats Pvt.Ltd SQL Injection Vulnerability

It appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected. Exploit Title: Sql...

Simple Customer Relationship Management CRM 2023 1.0 SQL Injection Vulnerability

Title: SCRMS-2023-05-27-1.0-Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html Reference: https://portswigger.net/web-security/sql-injection...

Camaleon CMS v2.7.0 - Server-Side Template Injection Vulnerability

Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection SSTI Exploit Author: PARAG BAGUL CVE: CVE-2023-30145 Description Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter. Affected Component All versions below...

Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability

Exploit Title: Filmora 12 version Build 1.0.0.7 - Unquoted Service Paths Privilege Escalation Exploit Author: Thurein Soe Vendor Homepage: https://filmora.wondershare.com Software Link: https://mega.nz/file/tQNGGZTQE1u20rdbT4R3pgSoUBG93IPAXqesJ5yyn6T8RlMFxaE Version: Filmora 12 Build 1.0.0.7 Test...

Zenphoto 1.6 - Multiple stored XSS Vulnerability

Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Exploit

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...