Sysax Multi Server 6.95 - (Password) Denial of Service Exploit

Exploit Title: Sysax Multi Server 6.95 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Tested Version: 6.95 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows...

Aero CMS v0.0.1 - PHP Code Injection (auth) Vulnerability

Exploit Title: Aero CMS v0.0.1 - PHP Code Injection auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win...

Atom CMS v2.0 - SQL Injection (no auth) Vulnerability

Exploit Title: Atom CMS v2.0 - SQL Injection no auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Windows 10 using XAMPP, Apache/2.4.48...

WordPress Translatepress Multilinugal plugin < 2.3.3 - Authenticated SQL Injection Vulnerability

Exploit Title: Translatepress Multilinugal WordPress plugin 2.3.3 - Authenticated SQL Injection Exploit Author: Elias Hohl Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Version: 2.3.3 Tested on: Ubuntu 20.04 CVE :...

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Vulnerability

Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor:...

Abantecart v1.3.2 - Authenticated Remote Code Execution Vulnerability

Exploit Title: Abantecart v1.3.2 - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26521 Confirmed on release 1.3.2 Vendor: https://www.abantecart.com/download Step1- Login with Admin Credentials Step2- Uploading .php files i...

Aero CMS v0.0.1 - SQL Injection (no auth) Vulnerability

Exploit Title: Aero CMS v0.0.1 - SQL Injection no auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

Mediconta 3.7.27 - (servermedicontservice) Unquoted Service Path Vulnerability

Exploit Title: Mediconta 3.7.27 - 'servermedicontservice' Unquoted Service Path Exploit Author: Luis Martinez Vendor Homepage: https://www.infonetsoftware.com Software Link : https://www.infonetsoftware.com/soft/instalarMedicontx.exe Tested Version: 3.7.27 Vulnerability Type: Unquoted Service Pat...

FlatCore CMS 2.1.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: FlatCore CMS 2.1.1 -Stored Cross Site Scripting Exploit Author: Sinem Şahin Vendor Homepage: https://flatcore.org/ Version: 2.1.1 Tested on: Windows & XAMPP == Tutorial http://HOST/install/index.php 2- Write XSS Payload into the username of the user account. 3- Press "Save" button...

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle Vulnerability

Exploit Title: NVFLARE 2.1.4 - Unsafe Deserialization due to Pickle Exploit Author: Elias Hohl Vendor Homepage: https://www.nvidia.com Software Link: https://github.com/NVIDIA/NVFlare Version: 2.1.4 Tested on: Ubuntu 20.04 CVE : CVE-2022-34668...

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Vulnerability

Exploit Title: Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Exploit Author: nu11secur1ty Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite Description: The...

WebTareas 2.4 - Reflected XSS (Unauthorised) Vulnerability

Exploit Title: WebTareas 2.4 - Reflected XSS Unauthorised Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Tested on: Windows 10 using XAMPP,...

Gestionale Open 12.00.00 - (DB_GO_80) Unquoted Service Path Vulnerability

Exploit Title: Gestionale Open 12.00.00 - 'DBGO80' Unquoted Service Path Exploit by: Luis Martinez Vendor Homepage: https://www.gestionaleopen.org/ Software Link : https://www.gestionaleopen.org/download/ Tested Version: 12.00.00 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10...

FortiOS FortiProxy FortiSwitchManager v7.2.1 - Authentication Bypass Vulnerability

Exploit Title: Fortinet Authentication Bypass v7.2.1 - FortiOS, FortiProxy, FortiSwitchManager Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.fortinet.com/ Version: FortiOS from 7.2.0 to 7.2.1 FortiOS from 7.0.0 to 7.0.6 FortiProxy 7.2.0 FortiProxy from 7.0.0 to 7.0.6...

Tftpd32_SE 4.60 - (Tftpd32_svc) Unquoted Service Path Vulnerability

Exploit Title: Tftpd32SE 4.60 - 'Tftpd32svc' Unquoted Service Path Discovery by: Ismael Nava Vendor Homepage: https://pjo2.github.io/tftpd64/ Software Links : https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd32SE-4.60-setup.exe Tested Version: 4.60 Vulnerability Type: Unquoted Service Path...

WebTareas 2.4 - Remote Command Execution (Authorized) Vulnerability

Exploit Title: WebTareas 2.4 - RCE Authorized Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.4...

PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS Vulnerability

Exploit Title: PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS Exploit Author: Prasheek Kamble Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/ Version: V 1.2 Vulnerable endpoint:...

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution Vulnerability

Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting XSS & Remote Command Execution RCE Discovery by: Rafael Pedrero Vendor Homepage: http://github.com/jokkedk/webgrind/ Software Link : http://github.com/jokkedk/webgrind/ Tested Version: 1.1 Tested on: Windows 10 using XAMPP Vulnerability...

Human Resources Management System v1.0 - Multiple SQL injection Vulnerability

Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...

Scdbg 1.0 - Buffer overflow DoS Vulnerability

Exploit Title: Scdbg 1.0 - Buffer overflow DoS Discovery by: Rafael Pedrero Vendor Homepage: http://sandsprite.com/blogs/index.php?uid=7&pid=152 Software Link : https://github.com/dzzie/VSLIBEMU Tested Version: 1.0 - Compile date: Jun 3 2021 20:57:45 Tested on: Windows 7, 10 CVSS v3: 7.5 CVSS...

ImpressCMS v1.4.3 - Authenticated SQL Injection Vulnerability

Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor: https://www.impresscms.org Source:...

Composr CMS Version <=10.0.39 - Authenticated Remote Code Execution Exploit

Exploit Title: Composr-CMS Version Commandr !/usr/bin/python3 import requests from bs4 import BeautifulSoup import time cookies = 'hascookies': '1', 'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c', You need to change this as it is dynamic 'commandrdir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',...

Resource Hacker v3.6.0.92 - Buffer overflow Vulnerability

Exploit Title: Resource Hacker 3.6.0.92 - Buffer overflow Discovery by: Rafael Pedrero Vendor Homepage: http://www.angusj.com/resourcehacker/ Software Link : http://www.angusj.com/resourcehacker/ Tested Version: 3.6.0.92 Tested on: Windows 10 CVSS v3: 7.3 CVSS vector:...

Hex Workshop v6.7 - Buffer overflow DoS Vulnerability

Exploit Title: Hex Workshop v6.7 - Buffer overflow DoS Discovery by: Rafael Pedrero Vendor Homepage: http://www.bpsoft.com, http://www.hexworkshop.com Software Link : http://www.bpsoft.com, http://www.hexworkshop.com Tested Version: v6.7 Tested on: Windows 10 CVSS v3: 7.3 CVSS vector:...

Desktop Central 9.1.0 - Multiple Vulnerabilities

Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...

Explorer32++ v1.3.5.531 - Buffer overflow Vulnerability

Exploit Title: Explorer32++ 1.3.5.531 - Buffer overflow Discovery by: Rafael Pedrero Vendor Homepage: http://www.explorerplusplus.com/ Software Link : http://www.explorerplusplus.com/ Tested Version: 1.3.5.531 Tested on: Windows 10 CVSS v3: 7.3 CVSS vector:...

Canteen Management v1.0 - XSS Reflected Vulnerability

Exploit Title: Canteen-Management v1.0 - XSS-Reflected Exploit Author: nu11secur1ty Vendor: Free PHP Projects & Ideas with Source Codes for Students | mayurik Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayurik/2022/Canteen-Management/Docs Reference:...

Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04 CVE :...

Clansphere CMS 2011.4 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Vendor Homepage: https://www.csphere.eu/ Version: 2011.4 Tested on: Windows & XAMPP == Tutorial http://HOST/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into the username of the...

Password Manager for IIS v2.0 - XSS Vulnerability

Exploit Title: Password Manager for IIS v2.0 - XSS Exploit Author: VP4TR10T Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/ Software Link: http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when changing user password: POST...

eXtplorer <= 2.1.14 - Authentication Bypass & Remote Code Execution Exploit

Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...

Online Diagnostic Lab Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Online Diagnostic Lab Management System v1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

D-Link DIR 819 A1 - Denial of Service Exploit

Exploit Title: DLink DIR 819 A1 - Denial of Service Date: 30th September, 2022 Exploit Author: @whokilleddb https://twitter.com/whokilleddb Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router Version: DIR-819 Firmware Version : 1.06 Hardware Version : A1...

Canteen Management v1.0 - SQL Injection Vulnerability

Exploit Title: Canteen-Management v1.0 - SQL Injection Exploit Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...

Frhed (Free hex editor) v1.6.0 - Buffer overflow Vulnerability

Exploit Title: Frhed Free hex editor v1.6.0 - Buffer overflow Discovery by: Rafael Pedrero Vendor Homepage: http://frhed.sourceforge.net/ Software Link : http://frhed.sourceforge.net/ Tested Version: 1.6.0 Tested on: Windows 10 CVSS v3: 7.3 CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:...

WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...

WordPress NEX-Forms plugin < 7.9.7 - Authenticated SQL injection Vulnerability

Exploit Title: NEX-Forms WordPress plugin =3D 5.0.12 AND time-based blind query SLEEP Payload: page=3Dnex-forms-dashboard&formid=3D1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution Exploit

Exploit Title: D-Link DNR-322L Exploit Writeup: https://lukasec.ch/posts/dlinkdnr322.html Vendor Homepage: https://dlink.com Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305 Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE...

Zentao Project Management System 17.0 - Authenticated Remote Code Execution Exploit

Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution RCE Exploit Author: mister0xf Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit Tested Using: Pyth...

AVS Audio Converter 10.3 - Stack Overflow (SEH) Exploit

Exploit Title: AVS Audio Converter 10.3 - Stack Overflow SEH Discovered by: Yehia Elghaly - Mrvar0x Tested Version: 10.3.1.633 Tested on OS: Windows 7 Professional x86 pop+ret Address=005154E6 Message= 0x005154e6 : pop ecx pop ebp ret 0x04 | startnull PAGEEXECUTEREAD AVSAudioConverter.exe ASLR:...

WebTareas 2.4 - SQL Injection (Unauthorised) Vulnerability

Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP,...

Sales Tracker Management System - Cross Site Scripting Vulnerability

A reflected Cross Site Scripting vulnerability in the "page" parameter in Sales Tracker Management System allows remote authenticated users to execute JavaScript code. Description A reflected Cross Site Scripting vulnerability in the "page" parameter in Sales Tracker Management System allows remo...

Online Graduate Tracer System - Multiple SQL injection Vulnerabilities

A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "age" parameter. Description A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System...

WorkOrder CMS 0.1.0 - SQL Injection Vulnerability

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='1...

WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS Vulnerability

WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities. Description: Reflected Cross-Site Scripting Affected Plugin: Watu Quiz Plugin Slug: watu Affected...

wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability

Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...

MAN-EAM-0003 V3.2.4 - XML External Entity (XXE) Vulnerability

Exploit Title: MAN-EAM-0003 V3.2.4 - XXE Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: http://guralp.com/ Version: 3.2.4 Authentication Required: NO CVE : CVE-2022-38840 Google dork: " webconfig menu.cgi " Tested on: Windows Exploit 1 - browse to http:// name/cgi-bin/xmlstatus.cgi 2 - cli...

Bitbucket v7.0.0 - Remote Code Execution Exploit

Exploit Title: Bitbucket v7.0.0 - RCE Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0 before version...

Monitorr 1.7.6m / 1.7.7d Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileg...

Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities

Exploit Title: Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: iPhone iOS 16.0 path traversal on HTTP built-in...