Shoplazza 1.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...

Virtual Reception v1.0 - Web Server Directory Traversal Vulnerability

Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal Exploit Author: Spinae Vendor Homepage: https://www.virtualreception.nl/ Version: win7sp1rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY Tested on: all We discovered the web server of the Virtual Reception...

Covenant v0.5 - Remote Code Execution Exploit

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows defender disable...

WPForms 1.7.8 - Cross-Site Scripting Vulnerability

Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...

WordPress WP All Import v3.6.7 - Remote Code Execution Exploit

Exploit Title: WP All Import v3.6.7 - Remote Code Execution RCE Authenticated Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://www.wpallimport.com/ Software Link: https://wordpress.org/plugins/wp-all-import/advanced/ scroll down to select the version Version: =...

Internet Download Manager v6.41 Build 3 - Remote Code Execution Vulnerability

Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...

Revenue Collection System v1.0 - Remote Code Execution Exploit

Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip Tested on: Kali Linux,...

DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Vulnerability

Exploit Title: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09 Firmware Version: ME1.00 Tested on: Windows 11 Details -...

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...

Book Store Management System 1.0.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Book Store Management System 1.0.0 - Stored Cross-Site Scripting XSS Exploit Author: Rajeshwar Singh Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsmsci.zip Tested on: Windows/XAMPP Payload use...

Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Exploit

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows 7, Windo...

Human Resource Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...

Helmet Store Showroom v1.0 - SQL Injection Vulnerability

Exploit Title: Helmet Store Showroom v1.0 - SQL Injection Exploit Author: Ameer Hamza Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Software Link:...

Outline V1.6.0 - Unquoted Service Path Vulnerability

Exploit Title: Outline V1.6.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://getoutline.org/ Software Link: https://getoutline.org/ Tested Version: V1.6.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 11 Enterprise Step to...

Pega Platform 8.1.0 - Remote Code Execution Vulnerability

Exploit Title: Pega Platform 8.1.0 - Remote Code Execution RCE Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.3.7 Tested on: Red Hat Enterprise 7 CVE : CVE-2022-24082...

BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability

Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...

Google Chrome 109.0.5414.74 Unsafe Library Load Vulnerability

Google Chrome version 109.0.5414.74 on Ubuntu attempts to load libnssckbi.so from a user-writable location and if missing, a replacement piece of malware can be used by an attacker to achieve code execution. Although privilege escalation is not likely as an attacker would already need access to t...

Jetpack 11.4 - Cross Site Scripting Vulnerability

Exploit Title: Jetpack 11.4 - Cross Site Scripting XSS Author: Behrouz Mansoori Software Link: https://wordpress.org/plugins/jetpack Version: 11.4 Tested on: Mac m1 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via...

ReQlogic v11.3 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting XSS Exploit Author: Okan Kurtulus Vendor Homepage: https://reqlogic.com Version: 11.3 Tested on: Linux CVE : 2022-41441 Proof of Concept: 1- Install ReQlogic v11.3 2- Go to...

WordPress Jetpack 11.4 Cross Site Scripting Vulnerability

Exploit Title: Jetpack 11.4 - Cross Site Scripting XSS Author: Behrouz Mansoori Software Link: https://wordpress.org/plugins/jetpack Version: 11.4 Tested on: Mac m1 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via...

Label Studio 1.5.0 - Authenticated Server Side Request Forgery Vulnerability

Exploit Title: Label Studio 1.5.0 - Authenticated Server Side Request Forgery SSRF Google Dork: intitle:"Label Studio" intext:"Sign Up" intext:"Welcome to Label Studio Community Edition" Date: 2022-10-03 Exploit Author: @DeveloperNinja, email protected Vendor Homepage:...

Tunnel Interface Driver - Denial of Service Exploit

// Exploit Title: Tunnel Interface Driver - Denial of Service // Exploit Author: ExAllocatePool2 // Vendor Homepage: https://www.microsoft.com/ // Software Link: https://www.microsoft.com/en-us/software-download/windows10 // Version: Windows 10 Pro Version 21H2 OS Build 19044.1288 // Tested on:...

Moodle LMS 4.0 - Cross-Site Scripting Vulnerability

Exploit Title: Moodle LMS 4.0 - Cross-Site Scripting XSS Exploit Author: Saud Alenazi Vendor Homepage: https://moodle.org/ Software Link: https://git.in.moodle.com/moodle Version: 4.0 Tested on: XAMPP, Windows 10 Contact: https://twitter.com/dmaral3noz Description: A Cross Site Scripting XSS...

Social-Share-Buttons v2.2.3 - SQL Injection Vulnerability

Title: Social-Share-Buttons v2.2.3 - SQL Injection Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

SolarWinds Information Service (SWIS) Remote Command Execution Exploit

The SolarWinds Information Service SWIS is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead t...

Online shopping system advanced 1.0 - Multiple Vulnerabilities

Exploit Title: Online shopping system advanced 1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Vendor Homepage: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software Link : https://github.com/PuneethReddyHC/online-shopping-system-advanced/archive/master.zip Tested...

RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution

RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands. + Credits: John Page aka hyp3rlinx + Websit...

iBooking v1.0.8 - Arbitrary File Upload Vulnerability

Exploit Title: iBooking v1.0.8 - Arbitrary File Upload Exploit Author: d1z1n370/oPty Vendor Homepage: https://codecanyon.net/item/ibooking-laravel-booking-system/30362088 Tested on: Linux Version: 1.0.8 Exploit Description: The application is prone to an arbitrary file-upload because it fails to...

Subrion CMS 4.2.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Subrion CMS 4.2.1 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Vendor Homepage: https://intelliants.com/ Version: 4.2.1 Tested on: Windows & XAMPP == Tutorial http://HOST/panel/fields/add 2- Write XSS Payload into the tooltip value of the field add page. 3- Press...

OPSWAT Metadefender Core - Privilege Escalation Exploit

Exploit Title: OPSWAT Metadefender Core - Privilege Escalation Exploit Author: Ulascan Yildirim Vendor Homepage: https://www.opswat.com/ Version: Metadefender Core 4.21.1 Tested on: Windows / Linux CVE : CVE-2022-32272 =============================================================================...

HDD Health 4.2.0.112 - (HDDHealth) Unquoted Service Path Vulnerability

Exploit Title: HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path Exploit Author: Jorge Manuel Lozano Gómez Vendor Homepage: https://www.panterasoft.com Software Link: https://hdd-health.softonic.com Version : 4.2.0.112 Tested on: Windows 11 64bit CVE : N/A About Unquoted Service Path :...

Beauty salon v1.0 - Remote Code Execution Exploit

Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...

SugarSync 4.1.3 - (SugarSync Service) Unquoted Service Path Vulnerability

Exploit Title: SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path Exploit Author: Jorge Manuel Lozano Gómez Vendor Homepage: https://www1.sugarsync.com Software Link: https://www1.sugarsync.com/apps/windows/ Version : 4.1.3 Tested on: Windows 11 64bit CVE : N/A About Unquoted Service Pat...

Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access Vulnerability

Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access Date: 19th July 2022 Exploit Author: dsclee1 Vendor Homepage: tp-link.com Software Link: http://download.tplinkcloud.com/firmware/TapoC310v1en1.3.0Build220328Rel.64283nu1649923652150.bin Version: 1.3.0 Tested on: Linux ...

Hashicorp Consul v1.0 - Remote Command Execution Exploit

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...

ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

rukovoditel 3.2.1 - Cross-Site Scripting Vulnerability

Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...

X-Skipper-Proxy v0.13.237 - Server Side Request Forgery Vulnerability

Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580 Summary: Skipper...

Senayan Library Management System v9.5.0 - SQL Injection Vulnerability

Title: Senayan Library Management System v9.5.0 - SQL Injection Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0 Description: The...

YouPHPTube <= 7.8 - Multiple Vulnerabilities

Exploit Title: YouPHPTube getLanguage; if !empty$GET'lang' $GET'lang' = striptags$GET'lang'; $SESSION'language' = $GET'lang'; @includeonce "$global'systemRootPath'locale/$SESSION'language'.php"; The parameter "lang" can be modified and load a php file in the server. In Document root: /phpinfo.php...

Joomla! 4.2.7 Unauthenticated Information Disclosure Exploit

!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...

SuperMailer v11.20 - Buffer overflow DoS Vulnerability

Exploit Title: SuperMailer v11.20 - Buffer overflow DoS Exploit Author: Rafael Pedrero Vendor Homepage: https://int.supermailer.de/downloadnewslettersoftware.htm Software Link : https://int.supermailer.de/smintsw.zip / https://int.supermailer.de/smintswx64.zip Tested Version: v11.20 32bit/64bit...

Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...

VMware Workstation 15 Pro - Denial of Service Exploit

Title: VMware Workstation 15 Pro - Denial of Service Author: Milad Karimi Tested on: Windows 10 Pro and Windows 7 Pro SP1 with VMware® Workstation 15 Pro 15.5.6 build-16341506 Affected: VMware Workstation Pro/Player 15.x config.version = "8" virtualHW.version = "4" displayName = "credit's to...

Employee Performance Evaluation System v1.0 - File Inclusion / Remote Code Execution Exploit

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html...

System Mechanic v15.5.0.61 - Arbitrary Read/Write Exploit

/ Exploit Title: System Mechanic v15.5.0.61 - Arbitrary Read/Write Exploit Author: Brandon Marshall Vendor Homepage: https://www.iolo.com/ Tested Version - System Mechanic version 15.5.0.61 Driver Version - 5.4.11 - amp.sys Tested on OS - 64 bit Windows 10 18362 Fixed Version - System Mechanic...

WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities

Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Vendor Homepage: http://wpn-xm.org/ Software Link : https://github.com/WPN-XM/WPN-XM/ Tested Version: 0.8.6 Tested on: Windows 10 using XAMPP Vulnerability Type: Local File Inclusion LFI &...

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit

Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 Writeup:...

SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution Vulnerability

Exploit Title: SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26982 Confirmed on release 2.1.1 Vendor: https://download.simplemachines.org/ Note- Once we insert the vulnerable php code, we can ev...