Multix 2.4 Cross Site Scripting Vulnerability

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on...

Feehi CMS 2.1.1 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using admin account at...

Wordpress WP-UserOnline 2.88.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

Teleport v10.1.1 - Remote Code Execution Vulnerability

Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...

Unified Remote Authentication Bypass / Code Execution Exploit

This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password f...

ProcessMaker Privilege Escalation Exploit

Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Exploit Author: Sornram Kampeera...

WiFi Mouse 1.8.3.4 - Remote Code Execution Exploit

Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf " Enter the Target IP...

Bookwyrm v0.4.3 - Authentication Bypass Vulnerability

Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE: CVE-2022-2651 Original...

Blink1Control2 2.2.7 - Weak Password Encryption Exploit

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const ArgumentParser =...

Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass Vulnerability

Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An authentication bypass...

Genesys PureConnect Cross Site Scripting Vulnerability

Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...

Social Share Buttons 2.2.3 SQL injection Vulnerability

Title: Social Share Buttons-2.2.3 SQLi Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection Vulnerability

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion Vulnerabilities

Exploit Title: Owlfiles File Manager 12.0.1 - multi vulnerabilities Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: Ios 16.0 path traversal on HTTP built-in server GET...

VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload Vulnerabilities

Exploit Title: VIAVIWEB Wallpaper Admin - Multiple vulnrabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login page...

PhotoSync 4.7 Local File Inclusion Vulnerability

Exploit Title: PhotoSync 4.7 IOS APP Local file inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://www.photosync-app.com/home.html Software Link: https://apps.apple.com/us/app/photosync-transfer-photos/id415850124 Version: 4.7 Tested on: iPhone IOS 16.0 GET...

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin ‘GetYourGuide Ticketing’ - Stored Cross-Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/search/GetYourGuide+Ticketing/ Version: 1.0.1 Tested on: Firefox Contact me: email protected Vulnerable code: " POC: ...

News247 News Magazine 1.0 Cross Site Scripting Vulnerability

Exploit Title: News247 - News Magazine CMS v1.0 – Stored Cross Site Scripting XSS Exploit Author: Ravinder Verma Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html Software Link:...

WordPress WPGateway 3.5 Privilege Escalation Vulnerability

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

Gitea 1.16.6 - Remote Code Execution Exploit

Exploit Title: Gitea Git Fetch Remote Code Execution Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration...

Academy Learning Management System 5.7 Shell Upload Exploit

Exploit Title: Academy Learning Management System 5.7 Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 Version: 5.7 Tested on Ubuntu 18.04 Totally wrong architecture f...

TIBCO JasperReports Server 8.0.2 Community Edition Code Execution Vulnerability

Due to JMX/RMI services in TIBCO JasperReports Server version 8.0.2 Community Edition performing unsafe deserialization, it is possible to execute arbitrary code and system commands on the server system. Product: JasperReports Server Manufacturer: TIBCO Software Inc. Tested Versions: 8.0.2...

Rocket LMS 1.6 Shell Upload Vulnerability

Exploit Title: Rocket LMS - Learning Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Version: Version 1.6 Tested on Ubuntu 18.04 base64 encode your...

Rocket LMS 1.6 Cross Site Scripting Vulnerability

Exploit Title: Rocket LMS - Learning Management System Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Version: Version 1.6 Tested on Ubuntu 18.04...

Infix LMS 4.3.0 IFRAME Injection Vulnerability

Exploit Title: Infix LMS - Learning Management System IFRAME Injection Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 Version: 4.3.0 Tested on Ubuntu 18.04 sign up as teacher go course page...

kampag CMS Local File Download / Disclosure Vulnerability

kampag CMS local file Download/Disclosure Vulnerability A local file download/disclosure vulnerability can lead to Directory Traversal attacks, where an attacker will try to find and access files on the web server to gain more useful information, such as log files. Log files can reveal the...

SmartRG Router 2.6.13 Remote Code Execution Exploit

Exploit Title: SmartRG Router - Remote Code Execution Exploit Author: Yerodin Richards Vendor Homepage: https://adtran.com Version: 2.5.15 / 2.6.13 confirmed Tested on: SR506n 2.5.15 & SR510n 2.6.13 CVE : CVE-2022-37661 import requests from subprocess import Popen, PIPE routerhost =...

Infix LMS 4.3.0 Shell Upload Vulnerability

Exploit Title: Infix LMS - Learning Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 Version: 4.3.0 Tested on Ubuntu 18.04 sign up as teacher go profile page and...

ESM ETAP Safety Manager 1.0.0.32 Cross Site Scripting Vulnerability

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...

Online Notice Board 2022 SQL injection Vulnerability

Title: ONLINE-NOTICE-BOARD-2022 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/razormist Software: https://www.sourcecodester.com/php/14317/online-notice-board-system.html Reference:...

@Drive 2.8 Local File Inclusion Vulnerability

Exploit Title: @Drive 2.8 Local File inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://evolutive.co/ Software Link: https://apps.apple.com/us/app/drive/id578982909 Version: 2.8 Tested on: iPhone ios 15.6 GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1 Host:...

InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal Vulnerability

Title: ====== AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: ======= Jens Regel, CRISEC IT-Security CVE: ==== CVE-2022-23854 Advisory: ========= https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: ========= 25.06.2021...

Sagemath 9.0 Overflow / Denial Of Service Exploit

sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...

AirDisk 7.5.5 Cross Site Scripting Vulnerability

Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 1/ Starting the...

mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting Vulnerability

Exploit Title: mbDrive Lite - WiFi flash disk 1.4.0 Reflected XSS Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/haw-yuan-yang/id291212805 Software Link: https://apps.apple.com/us/app/mbdrive-lite-wifi-flash-disk/id343254033 Version: 1.4.0 Tested on: iPhone io...

SACCO 2022 SQL injection Vulnerability

Title: SACCO-2022 SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/SACCO/docs/saccoshield.zip?raw=true Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayurik/2022/SAC...

WordPress BackupBuddy 8.7.4.1 Arbitrary File Read Vulnerability

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability. Description: Arbitrary File Download/Read Affected Plugin: BackupBuddy Plugin Slug: backupbuddy Plugin Developer: iThemes Affected Versions: 8.5.8.0 – 8.7.4.1 CVE ID:...

FTPManager 8.2 Local File Inclusion / Directory Traversal Exploit

Exploit Title: FTPManager 8.2 Local File inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/ftpmanager-ftp-sftp-client/id525959186 Version: 8.2 Tested on: Ios 15.6 GET...

WordPress Twenty Seventeen 3.0 Cross-origin resource sharing information Vulnerability

Title: WordPress 6.0.2 - THEME - Twenty Seventeen: 3.0- CORS-Vulnerability Author: nu11secur1ty Vendor: https://wordpress.org/ Software: Twenty SeventeenVersion: 3.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Twenty-Seventeen-3.0 Description: The...

FE File Explorer 11.0.4 Local File Inclusion Exploit

Exploit Title: FE File Explorer 11.0.4 Local File inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/fe-file-explorer-file-manager/id510282524 Version: 11.0.4 Tested on: iPhone ios 15.6 from ftplib import FTP import...

Apache Spark Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed i...

Wifi HD Wireless Disk Drive 11 Local File Inclusion Vulnerability

Exploit Title: Wifi HD Wireless Disk Drive Local File Inclusion Date: Aug 13, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: http://www.savysoda.com Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/ id311170976 Version: 11 Tested on: iPhone OS 155 GET...

Online Employee Leave Management System 1.0 Cross Site Request Forgery Vulnerability

Exploit Title: Online Employee Leave Management System 1.0 - Cross-Site Request Forgery addemployee.php Exploit Author: Amolo Hunters Software Link: https://www.sourcecodester.com/php/15374/online-employee-leave-management-system-php-free-source-code.html Version: 1.0 Tested on: Linux Title:...

WordPress All-in-One WP Migration 7.64 plugin - Unauthenticated Backup Download Exploit

Title: All-in-One-WP-Migration-7.64 low-protection-file-disclosure - Unauthenticated Backup Download Author: nu11secur1ty Date: 09.01.2022 Vendor: https://servmask.com/ Software: https://wordpress.org/plugins/all-in-one-wp-migration/ Reference:...

Mobile Mouse 3.6.0.4 Remote Code Execution Exploit

Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/env python3 import socket...

Online Market Place Site 1.0 SQL Injection Exploit

Online Market Place Site version 1.0 suffers from an unauthenticated blind SQL injection vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection. Exploit Title: Online Market Place Site v1.0 - Unauthenticated Blind Time-Based SQL Injection Exploit Author: Joe...

Cisco ASA-X With FirePOWER Services Authenticated Command Injection Exploit

This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual...

Apple macOS Remote Events Memory Corruption Exploit

This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes. !/usr/bin/env python -- coding: UTF-8 -- naval.py Apple macOS Remote Events Remote Memory Corruption Vulnerability Jeremy Brown...

Online Market Place Site 1.0 Cross Site Scripting Vulnerability

Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting XSS Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...

WordPress Netroics Blog Posts Grid 1.0 Plugin - Stored XSS Vulnerability

Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on: Centos 7 apache2 ...