Sielco Analog FM Transmitter 2.12 Cookie Brute Force Vulnerability

Sielco Analog FM Transmitter 2.12 'id' Cookie Brute Force Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7...

Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery Vulnerability

!-- Sielco Analog FM Transmitter 2.12 Cross-Site Request Forgery Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7 EXC30GT 1.7.4...

WordPress WP Data Access 5.3.7 Privilege Escalation Vulnerability

The Wordfence team responsibly disclosed an authenticated Privilege Escalation vulnerability in the WP Data Access plugin. On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin...

Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Denial Of Service Exploit

Google Chrome Browser version 111.0.5563.64 suffers from an AXPlatformNodeCocoa fatal out-of-memory denial of service vulnerability on macOS. Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Fatal OOM/Crash macOS Vendor: Google LLC Product web page: https://www.google.com Affected version:...

WordPress Limit Login Attempts 1.7.1 Cross Site Scripting Vulnerability

WordPress Limit Login Attempts plugin versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability. On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin...

pfsenseCE v2.6.0 - Anti-brute force protection bypass Exploit

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing Vulnerability

Title: Microsoft-Edge-Chromium-based-Webview2-1.0.1661.34-Spoofing-Vulnerability Author: nu11secur1ty Date: 04.10.2023 Vendor: https://developer.microsoft.com/en-us/ Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/ Reference:...

dotclear 2.25.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: dotclear 2.25.3 - Remote Code Execution RCE Authenticated Application: dotclear Version: 2.25.3 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://dotclear.org/ Software Link: https://dotclear.org/download Date of found: 08.04.2023...

ESET Service 16.0.26.0 - (Service ekrn) Unquoted Service Path Vulnerability

Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Vendor : https://www.eset.com Version : 16.0.26.0 Tested on OS: Microsoft Windows 11 pro x64 PoC : ============== C:\sc qc ekrn SC QueryServiceConfig SUCCESS SERVICENAME: ekrn TYPE...

WebsiteBaker v2.13.3 - Cross-Site Scripting Vulnerability

Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...

ever gauzy v0.281.9 - JWT weak HMAC secret Vulnerability

Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a JWT signed using...

BrainyCP V1.0 - Remote Code Execution Exploit

Exploit Title: BrainyCP V1.0 - Remote Code Execution Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://brainycp.io Demo: https://demo.brainycp.io Tested on: Kali Linux CVE : N/A import requests credentials url = input"URL: " username = input"Username: " password = input"Password: " ip =...

Paradox Security Systems IPR512 - Denial Of Service Exploit

!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...

Online Computer and Laptop Store 1.0 - Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...

Roxy Fileman 1.4.5 - Arbitrary File Upload Vulnerability

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Exploit Author: Zer0FauLT email protected Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Windows 10 and Windows Server...

FortiRecorder 6.4.3 - Denial of Service Exploit

Exploit Title: FortiRecorder 6.4.3 - Denial of Service Exploit Author: Mohammed Adel Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder Version: 6.4.3 and below && 6.0.11 to 6.0.0 Tested on: Kali Linux CV...

ActFax 10.10 - Unquoted Path Services Vulnerability

Exploit Title: ActFax 10.10 - Unquoted Path Services Exploit Author: Birkan ALHAN @taftss Vendor Homepage: https://www.actfax.com Software Link: https://www.actfax.com/en/download.html Version: Version 10.10, Build 0551 2023-02-01 Tested on: Windows 10 21H2 OS Build 19044.2728 Discover to Unquote...

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...

Joomla! v4.2.8 - Unauthenticated information disclosure Exploit

!/usr/bin/env ruby Exploit Title: Joomla! v4.2.8 - Unauthenticated information disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2023-23752 Date: 2023-03-24 Vendor Homepage:...

Lucee Scheduled Job v1.0 - Command Execution Exploit

Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref :...

ZCBS / ZBBS / ZPBS v4.14k - Reflected Cross-Site Scripting Vulnerability

Exploit Title: ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting XSS CVE: CVE-2023-26692 Exploit Author: Abdulaziz Saad @b4zb0z Vendor Homepage: https://www.zcbs.nl Version: 4.14k Tested on: LAMP, Ubuntu Google Dork: inurl:objecten.pl?ident=3D --- Vulnerability : $GET'ident' Exploitation :...

Microsoft Excel 365 MSO (v 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution Vulnerability

Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

Adobe Connect 11.4.5 - Local File Disclosure Vulnerability

Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested on...

Suprema BioStar 2 v2.8.16 - SQL Injection Vulnerability

Exploit Title: Suprema BioStar 2 v2.8.16 - SQL Injection Exploit Author: Yuriy Vander Tsarenko https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/ Vendor Homepage: https://www.supremainc.com/ Software Link: https://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp Software...

Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://support.broadcom.com/external/content/SecurityAdvisories/0/21117 Version: 10.7.4-10.7.13 Tested on: relevant os CVE : CVE-2022-25630 Author Web:...

Icinga Web 2.10 - Arbitrary File Disclosure Exploit

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...

Goanywhere Encryption helper 7.1.1 - Remote Code Execution Exploit

// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link: https://www.dropbox.com/s/j31l8lgvapbopy3/ga703linuxx64.sh?dl=0 // Version: 7.1...

Medicine Tracker System v1.0 - Sql Injection Vulnerability

Exploit Title: Medicine Tracker System v1.0 - Sql Injection Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts0.zip Version: V1.0.0 Tested on: Windows/Linux Proof of Concept: 1-...

Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit

Exploit Title: Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit Author : TOUHAMI KASBAOUI Vendor Homepage : https://www.forcepoint.com/ Software: Stonesoft VPN Windows Version : 6.2.0 / 6.8.0 Tested on : Windows 10 CVE : N/A Description local privilege escalation vertical...

ENTAB ERP 1.0 - Username PII leak Vulnerability

Exploit Title: ENTAB ERP 1.0 - Username PII leak Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab software in...

Restaurant Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Restaurant Management System 1.0 - SQL Injection Exploit Author: calfcrusher email protected Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0 Tested on: Apache 2.4.6, PH...

Online Appointment System V1.0 - Cross-Site Scripting Vulnerability

Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...

Microsoft Windows 11 - (cmd.exe) Denial of Service Exploit

Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...

Google Chrome 109.0.5414.74 - Code Execution via missing lib file Vulnerability

Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...

X2CRM v6.6/6.9 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: X2CRM v6.6/6.9 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: Actionssubject CVE:...

X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: X2CRM v6.6/6.9 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: model CVE: Use...

Franklin Fueling Systems TS-550 - Default Password Vulnerability

Exploit Title: Franklin Fueling Systems TS-550 - Exploit and Default Password Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to find...

ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1 Tested on: Window...

Schneider Electric v1.0 - Directory traversal & Broken Authentication Vulnerability

Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and access to the...

NotrinosERP 0.7 - Authenticated Blind SQL Injection Exploit

Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage: https://notrinos.com/ Version: 0...

MAC 1200R - Directory Traversal Vulnerability

Exploit Title: MAC 1200R - Directory Traversal Google Dork: "MAC1200R" && port="8888" Exploit Author: Chunlei Shang, Jiangsu Public Information Co., Ltd. Vendor Homepage: https://www.mercurycom.com.cn/ Software Link: https://www.mercurycom.com.cn/product-1-1.html Version: all versions. REQUIRED...

Rukovoditel 3.3.1 - Remote Code Execution Vulnerability

Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

Altenergy Power Control Software C1.2.5 - OS command injection

Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests import argparse def...

Snitz Forum v1.0 - Blind SQL Injection Vulnerability

Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...

IBM Aspera Faspex 4.4.1 - YAML deserialization Remote Code Execution Exploit

Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This file implements a...

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Exploit

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

Wondershare Dr Fone 12.9.6 - Privilege Escalation Vulnerability

Exploit Title: Wondershare Dr Fone 12.9.6 - Privilege Escalation Exploit Author: Thurein Soe Vendor Homepage: https://drfone.wondershare.com Software Link: https://mega.nz/file/ZFd1TZIRe2WfCXryaH08C3VNGZH1yAIG6DU01p-MrDooq529I Version: Dr Fone version 12.9.6 Tested on: Window 10 10.0.19045.2604 C...

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Exploit

Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...

Best pos Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Best pos Management System v1.0 - SQL Injection Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/kruxton.zip Version:...

Music Gallery Site v1.0 - SQL Injection Vulnerability (2)

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page viewmusicdetails.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0961 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link: Music Galler...