Hospital Patient Record Management System v1.0 SQL injection Vulnerability

Title: Hospital Patient Record Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Reference:...

Hospital Patient Record Management System v1.0 Multiple SQL injection Vulnerability

Title: Hospital Patient Record Management System v1.0 Multiple SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Reference:...

WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation Vulnerability

Exploit Title: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation Exploit Author: Momen Eldawakhly Cyber Guy at Cypro AB Vendor Homepage: https://www.wago.com Version: Firmware version 03.05.1017 Tested on: PopOS! Linux CVE : CVE-2021-46388 ======================================== = The ordinar...

Owners Collection Management System v1.0 SQL - Injection Vulnerability

Title: Owners Collection Management System v1.0 SQL - Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html Reference:...

Win32k ConsoleControl Offset Confusion / Privilege Escalation Exploit

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This...

Hikvision IP Camera Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This...

Cobian Backup Gravity 11.2.0.582 - (CobianBackup11) Unquoted Service Path

Exploit Title: Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.cobiansoft.com/ Software Link : https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type: Unquoted Service Path...

Cobian Reflector 0.9.93 RC1 - (Password) Denial of Service Exploit

Exploit Title: Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/crSetup-0.9.93-RC1.exe Tested Version: 0.9.93 RC1 Vulnerability Type: Denial of Service DoS...

Casdoor 1.13.0 - SQL Injection (Unauthenticated) Vulnerability

// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...

Cobian Backup 11 Gravity 11.2.0.582 - (Password) Denial of Service Exploit

Exploit Title: Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type: Denial of Service DoS Loca...

Axis IP Camera Shell Upload Exploit

This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary...

Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the "Server" panel, in...

Bank Management System 1.0 SQL Injection Vulnerability

Title: Bank Management System - MCB Bank v1.0 - SQLi Author: nu11secur1ty Vendor: https://www.campcodes.com/projects/php/ by:Tariq Fareeds Software: https://www.campcodes.com/projects/php/bank-management-system-in-php-mysql-free-download/ Reference:...

WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting Vulnerability

Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to inject malicious JavaScript th...

Microsoft Exchange Server Remote Code Execution Exploit

This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2...

Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Vulnerability

Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mirrorgofull8050.exe Tested Version: 2.0.11.346 Vulnerability Type: Local Privilege Escalation Test...

Adobe ColdFusion 11 Remote Code Execution Vulnerability

Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: Adobe...

Microweber CMS 1.2.10 Local File Inclusion Exploit

Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on: Microweber CMS v1.2.10...

aaPanel 6.8.21 Directory Traversal Vulnerability

Exploit Title: aaPanel 6.8.21 - Directory Traversal Authenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.aapanel.com/ Software Link: https://www.aapanel.com Version: 6.8.21 Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker can get root user...

WebHMI 4.1 Cross Site Scripting Vulnerability

Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. Add a new register...

Simple Mobile Comparison Website v1.0 - SQL injection Vulnerability

Title: Simple Mobile Comparison Website v1.0 - SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15186/simple-mobile-comparison-website-phpoop-free-source-code.html Reference:...

Twitter reset account Private Method 0day Exploit

Twitter reset any Account Private Method Exploit...

WebHMI 4.1.1 Remote Code Execution Exploit

Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests import time import...

Air Cargo Management System v1.0 remote SQL Injection Vulnerability

Title: Air Cargo Management System v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html CVE - Air Cargo Management Systemv1.0 Description: Th...

ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification Exploit

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability. !/usr/bin/env python3 -...

Cyclades Serial Console Server 3.3.0 Privilege Escalation Vulnerability

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to V3.3.0-16 Tested on:...

WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability

The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...

Agirhnet 1.0 Cross Site Scripting Vulnerability

Exploit Title: Agirhnet - Reflected XSS via GET Google Dork: inurl:agirhnet Exploit Author: Daniel Martinez Adan aDoN90 Vendor Homepage: https://agirh.net/ Version: app version 1.0 CVSS : 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N URL:...

Auto Spare Parts Management 1.0 SQL Injection Vulnerability

Title: Auto-Spare-Parts-Management v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://github.com/pavanpatil45 Software: https://github.com/pavanpatil45/Auto-Spare-Parts-Management Description: The Referer HTTP header on Auto-Spare-Parts-Management v1.0 system appears to be vulnerable...

Cab Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

WordPress Perfect Survey Plugin - 1.5.1 - SQL injection (Unauthenticated) Exploit

Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link: https://web.archive.org/web/20210817031040/https://downloads.wordpress.org/plugin/perfect-survey.1.5.1.zip Version:...

Cosmetics And Beauty Product Online Store 1.0 SQL Injection Vulnerability

Title: Cosmetics-and-Beauty-Product-Online-Store v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html CVE-Medical Store Manageme...

HMA VPN 5.3 - Unquoted Service Path Vulnerability

Exploit Title: HMA VPN 5.3 - Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.hidemyass.com/ Software Link: https://www.hidemyass.com/en-us/downloads Version: 5.3.5913.0 Tested: Windows 10 Pro x64 es C:\Users\saudhsc qc HmaProVpn SC QueryServiceConfig SUCCESS...

Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path Vulnerability

Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path Discovery by: Johto Robbie Tested Version: 2.52.13001.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 Home Step to discover Unquoted Service Path: Go to Start and type cmd. Enter the following...

Simple Real Estate Portal System 1.0 SQL Injection Vulnerability

Title: Simple Real Estate Portal System v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html Description: The id parameter appears to be...

Microweber 1.2.11 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Microweber 1.2.11 - Remote Code Execution RCE Authenticated Google Dork: NA Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber Version: 1.2.11 Tested on: KALI OS CVE : CVE-2022-0557...

WordPress WP User Frontend 3.5.25 Plugin - SQL injection (Authenticated) Exploit

Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE: CVE-2021-25076 CWE...

Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Vulnerability

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to V3.3.0-16 Tested on:...

Cab Management System 1.0 - (id) SQL injection (Authenticated) Vulnerability

Exploit Title: Cab Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali linux Category:...

Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Vulnerability

Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ? cmd=connect&wscompression=true&destAddr=domain.com...

FileCloud 21.2 - Cross-Site Request Forgery Vulnerability

Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...

Datarobot Remote Code Execution Vulnerability

Exploit Title: Datarobot -- Remote Code Execution Vendor Homepage: https://www.datarobot.com Software Link: https://app.datarobot.com/ Version: TBD - awaiting build version from vendor Tested on: The issue affects all versions of the product up to the date of this submission Exploit Authors: Mike...

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Vulnerability

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site to be iframed...

Cosmetics And Beauty Product Online Store 1.0 Cross Site Scripting Vulnerability

Title: Cosmetics and Beauty Product Online Store v1.0 remote Multiple XSS-Reflected Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html CVE-Cosmetics and...

WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability

UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...

Dbltek GoIP - Local File Inclusion Vulnerability

Exploit Title: Dbltek GoIP - Local File Inclusion Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway...

Hotel Druid 3.0.3 - Remote Code Execution Exploit

Exploit Title: Hotel Druid 3.0.3 - Remote Code Execution RCE Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://www.hoteldruid.com/ Software Link: https://www.hoteldruid.com/download/hoteldruid3.0.3.tar.gz Version: 3.0.3 CVE : CVE-2022-22909 !/usr/bin/python3 import requests...

Connectify Hotspot 2018 (ConnectifyService) - Unquoted Service Path Vulnerability

Exploit Title: Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path Exploit Author : SamAlucard Vendor : Connectify Inc Version : Connectify Hotspot 2018 Vendor Homepage : https://www.connectify.me/ Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc Connectify SC...

Linux/MIPS - N32 MSB Reverse Shell Shellcode

/ mipsn32msblinuxrevsh.c - MIPS N32 MSB Linux reverse Copyright c 2022 Marco Ivaldi Basic MIPS N32 MSB Linux reverse shellcode, showcasing various techniques to avoid badchars. Cross-compile https://buildroot.org/ with: $ mips64-linux-gcc -static mipsn32msblinuxrevsh.c -o revsh Tested on Linux...

Solaris/SPARC - chmod(./me) Shellcode

/ sparcsolarischmod2.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Very small Solaris/SPARC chmod shellcode. See also: http://phrack.org/issues/70/13.htmlarticle Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode ma...