Wondershare Dr.Fone 11.4.9 - (DFWSIDService) Unquoted Service Path Vulnerability

Exploit Title: Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 11.4.9 Vulnerability Type: Unquoted Service Path Tested o...

File Sanitizer for HP ProtectTools 5.0.1.3 - (HPFSService) Unquoted Service Path Vulnerability

Exploit Title: File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path Exploit Author : SamAlucard Vendor : Hewlett-PackardHP Version : File Sanitizer for HP ProtectTools 5.0.1.3 Vendor Homepage : http://www.hp.com Tested on OS: Windows 7 Pro Analyze PoC : ==============...

Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode

/ sparcsolarisexec.c - Solaris/SPARC execve shellcode Copyright c 2022 Marco Ivaldi Pretty standard Solaris/SPARC setuid/execve shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC execve shellcode 12 + 48 = 60 bytes / / setuid0 /...

TOSHIBA DVD PLAYER Navi Support Service - (TNaviSrv) Unquoted Service Path Vulnerability

Exploit Title: TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path Exploit Author : SamAlucard Vendor : TOSHIBA Version : TOSHIBA Navi Support Service 1.00.0000 Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\Users\Administradorsc qc TNaviSrv SC QueryServiceConf...

Wondershare MobileTrans 3.5.9 - (ElevationService) Unquoted Service Path Vulnerability

Exploit Title: Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mobiletransfull5793.exe Tested Version: 3.5.9 Vulnerability Type: Unquoted Service Pat...

Connectify Hotspot 2018 (ConnectifyService) - Unquoted Service Path Vulnerability

Exploit Title: Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path Exploit Author : SamAlucard Vendor : Connectify Inc Version : Connectify Hotspot 2018 Vendor Homepage : https://www.connectify.me/ Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc Connectify SC...

Solaris/SPARC - chmod(./me) Shellcode

/ sparcsolarischmod2.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Very small Solaris/SPARC chmod shellcode. See also: http://phrack.org/issues/70/13.htmlarticle Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode ma...

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode

/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...

Wondershare UBackit 2.0.5 - (wsbackup) Unquoted Service Path Vulnerability

Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted Service Path Tested on OS:...

Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/fmlurlsvc/ Exploit Author: Braiant Giraldo Villa Contact: @ironfortress Twitter Vendor Homepage: https://www.fortinet.com/products/email-security Software Link:...

Wondershare FamiSafe 1.0 - (FSService) Unquoted Service Path Vulnerability

Exploit Title: Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download-es.wondershare.com/famisafefull7869.exe Tested Version: 1.0 Vulnerability Type: Unquoted Service Path Tested on OS...

WordPress dzs-zoomsounds 6.60 Plugin - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: WordPress Plugin dzs-zoomsounds - Remote Code Execution RCE Unauthenticated Google Dork: inurl:wp-content/plugins/dzs-zoomsounds Exploit Author: Overthinker1877 1877 Team Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Version: 6.60 Tested on: Windows / Linux impo...

Intel(R) Management Engine Components 6.0.0.1189 - (LMS) Unquoted Service Path Vulnerability

Exploit Title: IntelR Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path Exploit Author : SamAlucard Vendor : Intel Version : IntelR Management Engine Components 6.0.0.1189 Vendor Homepage : https://www.intel.com Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc...

Medical Store Management System 1.0 SQL Injection Vulnerability

Title: Medical Store Management System v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://github.com/abhisheks008 Software: https://github.com/abhisheks008/Medical-Store-Management-System CVE-Medical Store Management System v1.0 Description: The cid parameter fom customer-add.php app...

Ignition Remote Code Execution Exploit

Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. This module require...

WordPress Cozmoslabs Profile Builder 3.6.1 Cross Site Scripting Vulnerability

The Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a WordPress plugin that is installed on over 50,000 WordPress websites. This vulnerability makes it possible for an...

Vicidial 2.14-783a SQL Injection Vulnerability

=============== Vicidial v2.14-783a - DB SQL Injection Web Vulnerability Vulnerability Class: ==================== SQL Injection Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== Vicidial is a software suite that is...

Zepl Notebook Sandbox Escape Vulnerability

Exploit Title: Zepl Notebook - Sandbox Escape Vendor Homepage: https://zepl.com/ Software Link: https://app.zepl.com/ Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date of this submission Exploit...

Zepl Notebook Remote Code Execution Vulnerability

Exploit Title: Zepl Notebook - Remote Code Execution Vendor Homepage: https://zepl.com/ Software Link: https://app.zepl.com/ Version: All previous versions of product to the date of this submission Tested on: The issue affects all versions of the product up to the date of this submission Exploit...

Algorithmia MSOL Remote Code Execution Vulnerability

Exploit Title: Algorithmia MSOL - Remote Code Execution Vendor Homepage: https://algorithmia.com/ Software Link: https://algorithmia.com/product Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date o...

Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control Vulnerabilities

Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities...

Google Play Protect 22.4.25 Detection Bypass Vulnerability

Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Exploit Author: Aryan Chehreghani Contact: email protected Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play Protect is Google's built-in...

Tiny File Manager 2.4.3 Shell Upload Exploit

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "email protected" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then...

Telegram Android 8.4.4 Denial Of Service Vulnerability

Telegram Android version 8.4.4 suffers from a denial of service vulnerability. Telegram Android v8.4.4 - Denial of Service PoC Product & Service Introduction: =============================== Telegram is a freeware, cross-platform, cloud-based instant messaging IM service. The service also provide...

Simple Student Quarterly Result/Grade System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (Unauthenticated) Vulnerability

Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P: https://www.uniview.com/download.do?id=1819568 Tested...

Emerson PAC Machine Edition 9.80 Build 8695 - (TrapiServer) Unquoted Service Path Vulnerability

Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.80 Build 8695 Vulnerability Type:...

ServiceNow - Username Enumeration Exploit

Exploit Title: ServiceNow - Username Enumeration Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...

TeamSpeak 3.5.6 - Insecure File Permissions Vulnerability

Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions Exploit Author: Aryan Chehreghani Contact: email protected Vendor Homepage: https://www.teamspeak.com Software Link: https://www.teamspeak.com/en/downloads Version: 3.5.6 Tested on: Windows 10 x64 About - TeamSpeak : TeamSpeak TS is a...

WordPress Error Log Viewer 1.1.1 Plugin - Arbitrary File Clearing (Authenticated) Vulnerability

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...

Multi-Vendor Online Groceries Management System 1.0 - (id) Blind SQL Injection Vulnerability

Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

H3C SSL VPN Username Enumeration Vulnerability

H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotel...

Slurp 1.10.2 Format String Vulnerability

Exploit Title: Slurp 1.10.2 - Remote Format String Date: 2022-02-12 Author: Milad Karimi slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offe...

Simple Bakery Shop Management System 1.0 SQL Injection Vulnerability

Title: Simple Bakery Shop Management System v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html Description: The username parameter...

Nagios XI Autodiscovery Shell Upload Exploit

This Metasploit module exploits a path traversal issue in Nagios XI before version 5.8.5. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field containin...

WordPress International SMS For Contact Form 7 Integration 1.2 CSRF Vulnerability

WordPress International SMS for Contact Form 7 Integration plugin version 1.2 suffers from a cross site request forgery vulnerability. Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross-Site Request Forgery CSRF Author: Milad Karimi Software Link:...

Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Vulnerability

Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version: ECOSYS M2035dn Tested on: Linu...

Subrion CMS 4.2.1 - Cross Site Request Forgery (Add Admin) Vulnerability

Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based CMS & framework,...

Accounting Journal Management System 1.0 - (id) SQL injection (Authenticated) Vulnerability

Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...

Nokia Transport Module Authentication Bypass Vulnerability

The TRS web console allows an authenticated user to remotely manage the BTS and its configuration. Analysis discovered an authentication bypass vulnerability in the web management console. BTS TRS web console version FTMW20FP22019.08.160010 is affected. title: Nokia Transport Module Authenticatio...

WordPress 5.9 Cross Site Scripting Vulnerability

WordPress versions 5.9 and below suffer from a cross site scripting vulnerability in the author and contributor roles. Per the researcher, WordPress is addressing this in their next release and considers this a medium severity vulnerability. Document Title: =============== Wordpress = 5.9...

WordPress Jetpack 9.1 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab...

Home Owners Collection Management System 1.0 - Account Takeover Vulnerability

Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.htm...

Home Owners Collection Management System 1.0 - Remote Code Execution Vulnerability

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQLi / Code Execution Vulnerabilities

Tokheim Profleet DiaLOG Fuel Management System version 11.005.02 suffers from a remote SQL injection vulnerability that can allow for remote code execution. Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Exploit Author: golem445 Vendor Homepage:...

WordPress Secure Copy Content Protection and Content Locking 2.8.1 Plugin - SQL-Injection Exploit

Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link: https://downloads.wordpress.org/plugin/secure-copy-content-protection.2.8.1.zip...

Home Owners Collection Management System 1.0 - (id) Blind SQL Injection Vulnerability

Exploit Title: Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html Versio...

WordPress Contact Form Builder 1.6.1 Plugin - Cross Site Scripting Vulnerability

Exploit Title: Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting XSS Author: Milad karimi Software Link: https://wordpress.org/plugins/contact-forms-builder/ Version: 1.6.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Contact Form Builder from any post...

Cain & Abel 4.9.56 - Unquoted Service Path Vulnerability

Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1...

Hospital Management Startup 1.0 - (Multiple) SQL injection Vulnerability

Exploit Title: Hospital Management Startup 1.0 - 'loginid' SQLi Exploit Author: nu11secur1ty Vendor: https://github.com/kabirkhyrul Software: https://github.com/kabirkhyrul/HMS CVE-2022-23366 Description: The loginid and password parameters from Hospital Management Startup 1.0 appear to be...