IpMatcher 1.0.4.1 Server-Side Request Forgery Vulnerability

IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service vectors. Exploit Title: SSRF in .N...

WordPress WP Event Manager 3.1.27 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin WP Event Manager - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/ Version: 3.1.27 Tested on: Firefox Contact me: email protected Steps To Reproduce : 1 - First Install the...

Prime95 Version 30.7 build 9 - Remote Code Execution Exploit

Exploit Title: Prime95 Version 30.7 build 9 - Remote Code Execution RCE Discovered by: Yehia Elghaly Vendor Homepage: https://www.mersenne.org/ Software Link : https://www.mersenne.org/ftproot/gimps/p95v307b9.win32.zip Tested Version: 30.7 build 9 Vulnerability Type: Buffer Overflow RCE Local...

TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path Vulnerability

Exploit Title: TCQ - 'ITeCProteccioAppServer.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea - https://twitter.com/ecarrilloeg Vendor Homepage: https://itec.es/programas/ Vulnerability Type: Unquoted Service Path Privilege Escalation Tested on OS: Microsoft Windows 11 Home To properl...

Anuko Time Tracker - SQL injection (Authenticated) Vulnerability

Exploit Title: Anuko Time Tracker - SQLi Authenticated Exploit Author: Altelus Vendor Homepage: https://www.anuko.com/ Software Link: https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d Version: Anuko Time Tracker 1.20.0.5640 Tested on: Linux CVE : CVE-2022-24707 An...

D-LINK DIR850 - Insecure Access Control Vulnerability

Exploit Title: DLINK DIR850 - Insecure Access Control Product: Dlink Model: DIR850 Date: 14/1/2022 CVE : CVE-2021-46378 Exploit Author: Ahmed Alroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit http:///config.dat...

Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated) Exploit

!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...

WordPress Blue Admin 21.06.01 Plugin - Cross-Site Request Forgery Vulnerability

Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Exploit Author : WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Vendor Homepage : https://wpscan.com/plugin/blue-admi Version : alert/XSS/' /...

D-LINK DIR850 - Open Redirect Vulnerability

Exploit Title: DLINK DIR850 - Open Redirect Product: Dlink Model: DIR850 CVE: CVE-2021-46379 Exploit Author: AhmedAlroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit...

PyScript - Read Remote Python Source Code Vulnerability

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE : CVE-2022-30286...

ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure Exploit

Exploit Title: ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Details:...

Explore CMS 1.0 - SQL Injection Vulnerability

Exploit Title: Explore CMS 1.0 - SQL Injection Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: CVE-2022-27412 POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an...

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (Authenticated) Exploit

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on MyBB's Admin CP in...

ExifTool 12.23 - Arbitrary Code Execution Exploit

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE: CVE-2021-22204 Sourc...

Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Vulnerability

Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Windows 10 64-bit Note:...

e107 CMS v3.2.1 - Multiple Vulnerabilities

Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1l PHP/7.4.2...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation...

TLR-2005KSH - Arbitrary File Upload Vulnerability

Exploit Title: TLR-2005KSH - Arbitrary File Upload Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428 Vulnerability Description...

Apache CouchDB 3.2.1 - Remote Code Execution Exploit

Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE:...

D-LINK DAP-1620 A1 v1.01 - Directory Traversal Vulnerability

Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://me.dlink.com/consumer Version: DAP-1620 - A1 v1.01 Tested on: Linux CVE : CVE-2021-46381 POST /apply.cgi HTTP/1.1 Content-Type: application/x-www-form-urlencoded Refere...

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService) Exploit

Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation ElevationService Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Windows 10 CVE :...

Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A Dom-based Cross-sit...

Cyclos 4.14.7 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Cyclos 4.14.7 - DOM Based Cross-Site Scripting XSS Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31674 Description: Cyclos 4 PRO 4.14.7 and before...

Ruijie Reyee Mesh Router - Remote Code Execution (Authenticated) Exploit

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS 1.55.1915 - EW3.01B11P35 an...

UDisk Monitor Z5 Phone - (MonServiceUDisk.exe) Unquoted Service Path Vulnerability

Exploit Title: UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea // https://twitter.com/ecarrilloeg Vendor Homepage: https://www.zte.com.cn/global/ Tested Version: 2.0.3.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Window...

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService) Exploit

Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation InstallAssistService Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Windows 10 CVE :...

Beehive Forum - Account Takeover Vulnerability

Exploit Title: Beehive Forum - Account Takeover Exploit Author: Pablo Santiago Vendor Homepage: https://www.beehiveforum.co.uk/ Software Link: https://sourceforge.net/projects/beehiveforum/ Version: 1.5.2 Tested on: Kali Linux and Ubuntu 20.0.4 CVE N/A PoC: https://imgur.com/a/hVlgpCg...

Google Chrome 78.0.3904.70 - Remote Code Execution Exploit

Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...

Microfinance Management System 1.0 - (customer_number) SQL injection Vulnerability

Exploit Title: Microfinance Management System 1.0 - 'customernumber' SQLi Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims0.zip...

SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE) Vulnerability

Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity XXE Google Dork: N/A Exploit Author: West Shepherd Vendor Homepage: https://www.sap.com/ Software Link: https://www.sap.com/ Version: 4.2 and 4.3 Tested on: Windows Server 2019 x64 CVE : CVE-2022-28213 References:...

Akka HTTP 10.1.14 - Denial of Service Exploit

Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697 import argparse...

WordPress Advanced Uploader 4.2 Plugin - Arbitrary File Upload (Authenticated) Vulnerability

Exploit Title: WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload Authenticated Exploit Author: Roel van Beurden Vendor Homepage: - Software Link: https://downloads.wordpress.org/plugin/advanced-uploader.4.2.zip Version: =4.2 Tested on: WordPress 5.9 on Ubuntu 18.04 CVE: CVE-2022-1103...

Bitrix24 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...

ImpressCMS v1.4.4 - Unrestricted File Upload Vulnerability

Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...

CSZ CMS 1.3.0 - (Multiple) Blind SQL injection Vulnerability

Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4, Apache 2.4...

Bookeen Notea - Directory Traversal Vulnerability

Exploit Title: Bookeen Notea - Directory Traversal Exploit Author: Clement MAILLIOUX Vendor Homepage: https://bookeen.com/ Software Link: N/A Version: BKR1.0.520210608 Tested on: Bookeen Notea Android 8.1 CVE : CVE 2021-45783 The affected version of the Bookeen Notea System Update is prone to...

WebTareas 2.4 - Blind SQL injection (Authenticated) Vulnerability

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py 127.0.0.1 1...

Magento eCommerce CE v2.3.5-p2 - Blind SQL injection Vulnerability

Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi Exploit Author: Aydin Naserifard Vendor Homepage: https://www.adobe.com/ Software Link: https://github.com/magento/magento2/releases/tag/2.3.5-p2 Version: 2.3.5-p2 Tested on: 2.3.5-p2 POC: 1PUT...

Spring4Shell Spring Framework Class Property Remote Code Execution Exploit

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...

School Dormitory Management System 1.0 SQL Injection Vulnerability

Title: School Dormitory Management 1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Reference:...

Travel Management System 1.0 Multiple SQL Injection Vulnerability

Title: Travel Management System 1.0 Multiple SQLi Author: nu11secur1ty Vendor: https://code-projects.org/author/fabian/ Software: https://code-projects.org/travel-management-system-using-php-source-code/ Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28079 Descriptio...

Craft CMS 3.7.36 Password Reset Poisoning Attack Vulnerability

Craft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive...

ChatBot Application With A Suggestion Feature 1.0 SQL Injection Vulnerability

Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html Version: 1.0 Tested...

PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting Vulnerability

Exploit Title: PHProjekt PhpSimplyGest / MyProjects, 1.3.0 - Stored XSS Cross-Site Scripting Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.phprojekt.altervista.org removed demo was at http://phprojekt.altervista.org/phpsimplygest130 Software Link:...

ZoneMinder Language Settings Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...

Red Planet Laundry Management System 1.0 SQL injection Vulnerability

Title: Red Planet Laundry Management System 1.0 SQLi Author: nu11secur1ty Vendor: https://laundry.redplanetcomputers.com/ Software: https://laundry.redplanetcomputers.com/ Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452 Description: The username parameter appear...

WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS Authenticated Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A cross site scripting reflected...

VMware Workspace ONE Access Template Injection / Command Execution Exploit

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user. This module requires Metasploit: https://metasploit.com/download Current source:...

Tenda HG6 3.3.0 Remote Command Injection Vulnerability

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces. Tenda HG6 v3.3.0 Remote Comman...

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

Exploit Title: WordPress Plugin stafflist 3.1.2 - SQL Injection Authenticated Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Vulnerable Code: $w = isset$GET'search' &&...