39001 matches found
GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection Vulnerabilities
Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflected and SQLi Vulnerability Author: nu11secur1ty Vendor: https://www.codester.com/ Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script Reference XSS:...
MobileTrans 4.0.11 Weak Service Permissions Vulnerability
Vendor Name: MobileTrans Product Name: MobileTrans Vendor Home Page: https://mobiletrans.wondershare.com/ Affected Versions: MobileTrans version 4.0.11 Vulnerability Type: Weak Service Permissions CWE-276 CVE Reference: CVE-2023-31748 Security Researcher: Thurein Soe Vulnerability description:...
Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload Vulnerabilities
======================================================================= title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: =3.8.49 fixed version: 3.8.50 or higher CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079 impact: High...
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting Vulnerabilities
Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2 Category: Webapps Teste...
Epson Stylus SX510W Printer Remote Power Off - Denial of Service Vulnerability
Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version: EPSONLinux UPnP/1.0 Epson UPn...
FLEX 1080 < 1085 Web 1.6.0 - Denial of Service Exploit
Exploit Title: FLEX 1080 1085 Web 1.6.0 - Denial of Service Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android CVE ID: CVE-2022-2591 !/usr/bin/env python3 import requests import re impor...
TinyWebGallery v2.5 - Stored Cross-Site Scripting Vulnerability
Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting XSS Application: TinyWebGallery Version: v2.5 Bugs: Stored Xss Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023...
RockMongo 1.1.7 - Stored Cross-Site Scripting Vulnerability
Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type: Stored Cross-Site Scripting...
FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking Vulnerabilities
Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the...
Spryker Commerce OS 1.0 SQL Injection Vulnerability
An SQL injection vulnerability affecting Spryker-based webshops was discovered in the order history search form. It can be exploited by authenticated attackers in order to retrieve information from the database e.g. customer and administrator login information, order details, etc.. Depending on t...
Found Information System 1.0 SQL Injection Vulnerability
Title: Found Information System 1.0 Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Reference:...
HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass Exploit
This utility generates the TOTP passcode used to sign in as the support service account user for HammerSpace GFS default installations. Both the OVA and ISO are affected. Versions 4.6.6-324 and below with a default installation are affected. Affected Product: HammerSpace Global Data Environment /...
ManageEngine ADAudit Plus Remote Code Execution Exploit
This Metasploit module exploits security issues in ManageEngine ADAudit Plus versions prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided...
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Vulnerability
Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction ================= A...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) Exploit
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution Vulnerability
Exploit Title: Codigo Markdown Editor v1.0.1 Electron - Arbitrary Code Execution Exploit Author: 8bitsec Vendor Homepage: https://alfonzm.github.io/codigo/ Software Link: https://github.com/alfonzm/codigo-app Version: 1.0.1 Tested on: Mac OS 13 Release Date: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3...
Ulicms 2023.1 sniffing-vicuna - Stored Cross-Site Scripting Vulnerability
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting XSS Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Stored Xss Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Vulnerability
Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880 Introduction...
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Vulnerability
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878 Introduction...
Cmaps v8.0 - SQL injection Vulnerability
Exploit Title: Cmaps v8.0 - SQL injection - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability...
Wolf CMS 0.8.3.1 - Remote Code Execution Vulnerability
Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" tab. Click on the...
File Thingie 2.5.7 - Remote Code Execution Exploit
!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Remote Code Execution RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on: N...
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Vulnerability
Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47875 Introduction ===============...
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution Vulnerability
Title: KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://kodcloud.com/ Software: https://github.com/kalcaddle/KodExplorer/releases/tag/4.51.03 Reference: https://portswigger.net/web-security/file-upload Description: By using this...
Online Pizza Ordering System v1.0 - Unauthenticated File Upload Exploit
Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...
Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability
Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...
Ulicms 2023.1 sniffing-vicuna - Remote Code Execution Vulnerability
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution RCE Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: RCE Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip Date o...
pluck v4.7.18 - Stored Cross-Site Scripting Vulnerability
Exploit Title: pluck v4.7.18 - Stored Cross-Site Scripting XSS Application: pluck Version: 4.7.18 Bugs: XSS Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 01-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Vulnerability
Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47874 Introducti...
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Vulnerability
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introduction...
Companymaps 8.0 Cross Site Scripting Vulnerability
Exploit Title: Reflected Cross Site Scripting - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29808 Description: The vulnerability found is...
Companymaps 8.0 SQL Injection Vulnerability
Exploit Title: Unauthenticated SQL injection - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability found is an SQL...
Companymaps v8.0 - Stored Cross Site Scripting Vulnerability
Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone the...
FS-S3900-24T4S - Privilege Escalation Exploit
Exploit Title: FS-S3900-24T4S Privilege Escalation Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printargs if lenargs != ...
PHP Restaurants 1.0 - SQL injection Authentication Bypass & Cross Site Scripting Vulnerabilities
Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting XSS Exploit Author: Or4nG.M4n Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 functions.php function login global $conn; $email =...
PHPJabbers Simple CMS 5.0 - SQL Injection Vulnerability
Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...
Adobe ColdFusion Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. This module requires Metasploit:...
Serendipity 2.4.0 - File Inclusion Remote Code Execution Exploit
Exploit Title: Serendipity 2.4.0 - File Inclusion RCE Author: nu11secur1ty Vendor: https://docs.s9y.org/index.html Software: https://github.com/s9y/Serendipity/releases/tag/2.4.0 Reference: https://portswigger.net/web-security/file-upload Reference:...
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please login from this...
projectSend r1605 - Private file download Vulnerability
Exploit Title: projectSend r1605 - Private file download Application: projectSend Version: r1605 Bugs: IDOR Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 24-01-2023 Author: Mirabbas Ağalarov Tested on: Linux Technical Details &...
Advanced Host Monitor v12.56 - Unquoted Service Path Vulnerability
Exploit Title: Advanced Host Monitor v12.56 - Unquoted Service Path CVE: CVE-2023-2417 Exploit Author: MrEmpy Vendor Homepage: https://www.ks-soft.net Software Link: https://www.ks-soft.net/hostmon.eng/downpage.htm Version: 12.56 Tested on: Windows 10 21H2 Title: ================ Advanced Host...
admidio v4.2.5 - CSV Injection Vulnerability
Exploit Title: admidio v4.2.5 - CSV Injection Application: admidio Version: 4.2.5 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 26.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Detail...
revive-adserver v5.4.1 - Cross-Site Scripting Vulnerability
Exploit Title: revive-adserver v5.4.1 - Cross-Site Scripting XSS Application: revive-adserver Version: 5.4.1 Bugs: XSS Technology: PHP Vendor URL: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/ Date of found: 31-03-2023 Author: Mirabbas Ağalarov Tested o...
SoftExpert (SE) Suite v2.1.3 - Local File Inclusion Vulnerability
Exploit Title: SoftExpert SE Suite v2.1.3 - Local File Inclusion Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.softexpert.com/ Version: 2.0 target=$1 u=$2 p=$3 file=$echo -n "$4"|base64 -w 0 end="\0330m\e0m" red="\e0;31m\0331m" blue="\e0;34m\0331m" echo -e "\n$4 : $file\...
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control Vulnerability
Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...
phpMyFAQ v3.1.12 - CSV Injection Vulnerability
Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
PHPFusion 9.10.30 - Stored Cross-Site Scripting Vulnerability
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...
ESET Forwarder 16.0.26.0 Unquoted Service Path Vulnerability
Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...
GLPI 9.5.7 - Username Enumeration Vulnerability
Exploit Title: GLPI 9.5.7 - Username Enumeration Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import BeautifulSoup Send ...
OpenEMR v7.0.1 - Authentication credentials brute force Exploit
Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force Date: 2023-04-28 Exploit Author: abhhi Abhishek Birdawade Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v701.tar.gz Version: 7.0.1 Tested on: Windows ''' Example...