Wavlink WN533A8 - Password Disclosure Vulnerability

Exploit Title: Wavlink WN533A8 - Password Disclosure Exploit Author: Ahmed Alroky Author Company : AIactive Version: M33A8.V5030.190716 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34046 Tested on: Windows Exploit view-source:http://IPADDRESS/sysinit.shtml search for...

Wavlink WN533A8 - Cross-Site Scripting Vulnerability

Exploit Title: Wavlink WN533A8 - Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: M33A8.V5030.190716 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34048 Tested on: Windows Poc code history.pushState'', '', '/'...

Wavlink WN530HG4 - Password Disclosure Vulnerability

Exploit Title: Wavlink WN530HG4 - Password Disclosure Exploit Author: Ahmed Alroky Author Company : AIactive Version: M30HG4.V5030.191116 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34047 Tested on: Windows Exploit view-source:http://IPaddress/setsafety.shtml?r=52300...

WordPress Duplicator 1.4.7 Plugin - Information Disclosure Vulnerability

Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552 Reference: https://securitrust.fr...

Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) Exploit

Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...

NanoCMS v0.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS does not sanitis...

WordPress Duplicator 1.4.6 Plugin - Unauthenticated Backup Download Vulnerability

Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2551 Reference:...

Omnia MPX 1.5.0+r1 - Path Traversal Vulnerability

Exploit Title: Omnia MPX 1.5.0+r1 - Path Traversal Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.telosalliance.com/ Software Link: https://support.telosalliance.com/article/934ixoaz3l-mpx-node-release-notes-and-update-instructions Version: 1.5.0+r1 Tested on: MacOS PoC:...

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

Transposh WordPress Translation 1.0.8.1 Information Disclosure Vulnerability

Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tphistory" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "userlogin" attribute. Successfu...

WordPress WP-UserOnline 2.87.6 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting XSS Exploit Author: Steffin Stanly Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link: https://wordpress.org/plugins/wp-useronline/ Version: WP-UserOnline and enter the data into the Users...

Transposh WordPress Translation 1.0.8.1 Improper Authorization Vulnerability

Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber". 1. ADVISORY INFORMATION ======================= Product:...

Dingtian-DT-R002 3.1.276A - Authentication Bypass Exploit

Exploit Title: Dingtian-DT-R002 3.1.276A - Authentication Bypass Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2022-29593/ Vendor Homepage: https://www.dingtian-tech.com/enus/relay4.html Software Link:...

rpc.py 0.6.0 - Remote Code Execution Exploit

Exploit Title: rpc.py 0.6.0 - Remote Code Execution RCE Exploit Author: Elias Hohl Vendor Homepage: https://github.com/abersheeran Software Link: https://github.com/abersheeran/rpc.py Version: v0.4.2 - v0.6.0 Tested on: Debian 11, Ubuntu 20.04 CVE : CVE-2022-35411 import requests import pickle...

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Vulnerability

Exploit Title: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Exploit Author: LiquidWorm Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO...

Transposh WordPress Translation 1.0.8.1 Remote Code Execution Vulnerability

ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File CWE-646 Date found: 2022-02-21 Date published:...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution Vulnerability

Exploit Title: Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 - Remote Code Execution Exploit Author: LiquidWorm SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com...

Loan Management System 1.0 SQL Injection Vulnerability

Exploit Title: Loan Management System - SQL Injection via login page Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack vector for the SQ...

Transposh WordPress Translation 1.0.8.1 SQL Injection Vulnerability

Transposh WordPress Translation versions 1.0.8.1 and below have a "tpeditor" page at "/wp-admin/admin.php?page=tpeditor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application. 1...

Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability

Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptranslation" which is available to authenticated or unauthenticated users see CVE-2022-2461 that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative...

Loan Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Loan Management System - XSS Stored Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There are several functions and parameter...

Transposh WordPress Translation 1.0.7 Incorrect Authorization Vulnerability

Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users ...

Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability (2)

Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application...

Garage Management System 1.0 Shell Upload Exploit

Exploit Title: Garage Management System Remote Code Execution via File Upload Exploit Author: saitamang Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/garage.zip Version: 1.0 Tested on: Centos 7 + MySQL import...

PCProtect Endpoint 5.17.470 Tampering / Privilege Escalation Vulnerability

PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges. + Credits: Yehia Elghaly aka Mrvar0x + Website: https://mrvar0x.com/ + Source: https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/ Vendor:...

Hospital Information System 1.0 SQL Injection Exploit

Exploit Title: Hospital Information System - SQL Injection via login page Exploit Author: saitamang Vendor Homepage: https://code-projects.org Software Link: https://download-media.code-projects.org/2019/11/HOSPITALINFORMATIONSYSTEMINPHPWITHSOURCECODE.zip Version: 1.0 Tested on: Centos 7 apache2 ...

Roxy-WI Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...

Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Expert X Jobs Portal And Resume Builder 1.0 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script...

OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...

Dr. Fone 4.0.8 - (net_updater32.exe) Unquoted Service Path Vulnerability

Exploit Title: Dr. Fone v4.0.8- 'netupdater32.exe' Unquoted Service Path Discovery by: Esant1490 Vendor Homepage: https://drfone.wondershare.net Software Link : https://download.wondershare.net/drfonefull4008.exe Tested Version: 4.0.8 Tested on OS: Windows 10 Pro x64 en Vulnerability Type: Unquot...

CodoForum v5.1 - Remote Code Execution Exploit

Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04 CVE: CVE-2022-3185...

Kite 1.2021.610.0 - Unquoted Service Path Vulnerability

Exploit Title: Kite 1.2021.610.0 - Unquoted Service Path Exploit Author: Ghaleb Al-otaibi Vendor Homepage: https://www.kite.com/ Version: Version 4.2.0.1 U1 Tested on: Microsoft Windows 10 Pro - 10.0.19044 N/A Build 19044 CVE : NA Service info: C:\Windows\system32\cmd.exesc qc KiteService SC...

IOTransfer 4.0 - Remote Code Execution Exploit

Exploit Title: IOTransfer V4 – Remote Code Execution RCE Exploit Author: Tomer Peled Vendor Homepage: https://www.iobit.com Software Link: https://iotransfer.itopvpn.com/ Version: V4 and onward Tested on: Windows 10 CVE : 2022-24562 References:...

Emporium eCommerce Online Shopping CMS 1.2 SQL Injection Vulnerability

┌┌────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...

Asus GameSDK 1.0.0.4 Unquoted Service Path Vulnerability

Exploit Title: Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path Privilege Escalation Exploit Author: Angelo Pio Amirante Version: 1.0.0.4 Tested on: Windows 10 Patched version: 1.0.5.0 CVE: CVE-2022-35899 Step to discover the unquoted service path: wmic service get...

Spryker Commerce OS Remote Command Execution Vulnerability

Spryker Commerce OS with spryker/http module versions prior to 1.7.0 suffer from a remote command execution vulnerability due to a predictable value in use. Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE referenc...

Property Listing Script 3.1 SQL Injection Vulnerability

┌┌────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...

Travel Tours Script 1.0 SQL Injection Vulnerability

┌┌────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

Orange Station 1.0 SQL injection Vulnerability

Title: Orange Station 1.0 SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Reference:...

Microsoft Office Excel Silent Builder Exploit

0day exploit is a program that injects any executable formatted file .exe into the desired word .xls file. The exe is automatically executed when the project file is opened...

WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload Vulnerability

WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability. Description: Arbitrary File Upload/Deletion and Other Affected Plugin: Kaswara Modern WPBakery Page Builder Addons Plugin Slug: kaswara Affected Versions: = 3.0.1 CVE...

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

JBOSS EAP/AS 6.x Remote Code Execution Exploit

An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

WordPress Visual Slide Box Builder 3.2.9 SQL Injection Vulnerability

Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi Author: nu11secur1ty Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...

Nginx 1.20.0 - Denial of Service Exploit

Exploit Title: Nginx 1.20.0 - Denial of Service DOS Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bionic CVE:...

Dovecot IMAP Server 2.2 Improper Access Control Vulnerability

Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect usernamefilter and mechanism settings can be applied to passdb definitions. Thes...

Magnolia CMS 6.2.19 Cross Site Scripting Vulnerability

Exploit Title: Magnolia CMS = 6.2.19 - Stored Cross-Site Scripting XSS Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...

EQS Integrity Line Cross Site Scripting / Information Disclosure Vulnerabilities

EQS Integrity Line: Multiple Vulnerabilities Name Multiple Vulnerabilities in EQS Integrity Line Systems Affected EQS Integrity Line through 2022-07-01 Severity High Impact CVSSv2 High 8.8/10, score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor EQS Group AG https://www.eqs.com/ Advisory...