Exam Reviewer Management System 1.0 - (id) SQL Injection Vulnerability

Exploit Title: Exam Reviewer Management System 1.0 - ‘id’ SQL Injection Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...

WordPress 5.9.0 core Remote Code Execution 0day Exploit

This python exploit allow remote code execution, work with default installations and should not require any authentication or user interaction...

Grandstream GXV31XX settimezone Unauthenticated Command Execution Exploit

This Metasploit module exploits a command injection vulnerability in Grandstream GXV31XX IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authenticati...

Exam Reviewer Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...

AtomCMS v2.0 - SQL injection Vulnerability

Exploit Title: AtomCMS v2.0 - SQLi Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...

Wing FTP Server 4.3.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe...

Wordpress Simple Job Board 2.9.3 Plugin - Local File Inclusion Exploit

Exploit Title: Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion Exploit Author: Ven3xy Vendor Homepage: https://wordpress.org/plugins/simple-job-board/ Software Link: https://downloads.wordpress.org/plugin/simple-job-board.2.9.3.zip Version: 2.9.3 Tested on: Ubuntu 20.04 LTS CVE :...

PHP Everywhere 2.0.3 Remote Code Execution Vulnerability

On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level,...

Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...

FileBrowser 2.17.2 - Cross Site Request Forgery to Remote Code Execution Vulnerability

Exploit Title: FileBrowser 2.17.2 - Cross Site Request Forgery CSRF to Remote Code Execution RCE Exploit Author: FEBIN MON SAJI Vendor Homepage: https://filebrowser.org/ Software Link: https://github.com/filebrowser/filebrowser Version: FileBrowser setTimeoutfunction...

Windows/x86 - Locate kernel32 base address / Stack Crack method NullFree Shellcode (171 bytes)

171 bytes small Windows/x86 shellcode with a new method to find the kernel32 base address by walking down the stack and look for a possible Kernel32 address using a custom SEH handler. Each address found on the stack will be tested using the Exception handling function. If it's valid and starts...

QEMU Monitor HMP migrate Command Execution Exploit

This Metasploit module uses QEMU's Monitor Human Monitor Interface HMP TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04. This module requires Metasploit: https://metasploit.com/download Current source:...

Hotel Reservation System 1.0 - SQL injection (Unauthenticated) Vulnerability

Exploit Title: Hotel Reservation System 1.0 - SQLi Unauthenticated Google Dork: None Exploit Author: Nefrit ID Author Website: https://manadocoder.com Vendor Homepage: https://github.com/dhruvmullick Software Link: https://github.com/dhruvmullick/hotel-reservation-system Tested on: Kali Linux &...

WordPress CP Blocks 1.0.14 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting XSS Exploit Author: Shweta Mahajan Vendor Homepage: https://wordpress.org/plugins/cp-blocks/ Software Link: https://wordpress.org/plugins/cp-blocks/ Tested on Windows CVE: CVE-2022-0448 Reference:...

WordPress Security Audit 1.0.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting XSS Exploit Author: Shweta Mahajan Vendor Homepage: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/ Software Link: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/ Tested on Windows CVE...

Bustabit Bitcoin Server Seed way of earning Exploit

BustaBit used a root server seed to generate its current hash chain. PLAY: https://www.bustabit.com/play FAQ: https://www.bustabit.com/faq Each item in the hashchain represents a result in the game. My exploit provides you with the root server seed and a javascript file which you can start via:...

Hospital Management System 4.0 SQL Injection Vulnerability

Hospital Management System version 4.0 suffers from multiple remote SQL injection vulnerabilities. Original discovered of SQL injection in this version is attributed to Metin Yunus Kandemir in January of 2020. Title: Hospital Management System v4.0 Multiple SQL-Injections Author: nu11secur1ty...

WordPress International SMS For Contact Form 7 Integration 1.2 XSS Vulnerability

Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://wordpress.org/plugins/cf7-international-sms-integration/ Version: 1.2 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a...

FLAME II MODEM USB - Unquoted Service Path Vulnerability

Exploit Title: FLAME II MODEM USB - Unquoted Service Path Discovery by: Ismael Nava Vendor Homepage: https://www.telcel.com/personas/equipos/modems-usb/alcatel/x602a Software Links : N/A Is a BAM Tested Version: N/A Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 64 BITS C:wmic...

Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode (133 bytes)

; Shellcode Title: Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode 133 bytes ; Description: ; This shellcode is a new method to find kernel32 base address by parsing .text section of memory to find a pointer to kernel32 API. ; Shellcode Author: Tarek Ahmed ; Tested on:...

Shopmetrics Mystery Shopping Software Broken Access Control / XSS Vulnerability

======================================================================= title: Broken access control & Cross-Site Scripting product: Shopmetrics Mystery Shopping Software vulnerable version: SaaS platform before v21-11 fixed version: SaaS platform v21-11 CVE number: n/a for SaaS impact: Critical...

Voltage SecureMail Server Business Logic Bypass Vulnerability

======================================================================= title: Business Logic Bypass - Mail Relay Post-authenticated product: Voltage SecureMail Server vulnerable version: Voltage SecureMail Server v7.3.0.1 fixed version: Voltage SecureMail Server v7.3.0.1 CVE number: CVE-2021-381...

WordPress IP2Location Country Blocker 2.26.7 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan Bozogullarindan...

Servisnet Tessa - Add sysAdmin User (Unauthenticated) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...

Windows/x86 Download File / Execute Shellcode (458 bytes)

; Exploit Title: Windows/x86 - Download File and Execute / Dynamic PEB & EDT method Shellcode 458 bytes ; Exploit Author: Techryptic @Tech ; Date: 2022-01-31 ; Tested on: WIN7X86 ; Shoutout to 848 Advanced Software Exploitation and DSU. ; Description: ; The shellcode works in three parts. The fir...

WBCE CMS 1.5.2 - Remote Code Execution (Authenticated) Exploit

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo: https://github.com/WBCE/WBCECMS --...

Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...

WAGO 750-8xxx PLC Denial Of Service / User Enumeration Vulnerability

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 v03.08.08 suffer from denial of service and user enumeration vulnerabilities. ======================================================================= title: Denial of service & User Enumeration product: WAGO 750-8xxx PLC vulnerable version:...

Korenix Technology JetWave CSRF / Command Injection / Missing Authentication Vulnerabilities

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities...

Servisnet Tessa - Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Privilege Escalation Metasploit', 'Description' = %q This module exploits privilege escalation in Servisnet Tessa, triggered by...

Vivellio 1.2.1 User Account Enumeration Vulnerability

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...

Feberr 12.7 Shell Upload Vulnerability

Exploit Title: Feberr - Multivendor Digital Products Marketplace arbitrary file upload Version 12.7 Google Dork: N/A Exploit Author: Sohel Yousef - email protected Software Link: https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace Software link 2...

PHP Restaurants 1.0 - SQL injection (Unauthenticated) Vulnerability

Exploit Title: PHP Restaurants 1.0 - SQLi Unauthenticated Google Dork: None Exploit Author: Nefrit ID Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 Tested on: Kali Linux & Windows 10 SQL injection is a code injection techniqu...

Mozilla Firefox 67 - Array.pop JIT Type Confusion Exploit

Exploit Title: Mozilla Firefox 67 - Array.pop JIT Type Confusion Type: RCE Platform: Windows Exploit Author: deadlock Forrest Orr Author Homepage: https://forrest-orr.net Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://ftp.mozilla.org/pub/firefox/releases/65.0.1/win64/en-US...

Wordpress Download Monitor Plugin WordPress V 4.4.4 - SQL Injection (Authenticated) Exploit

Exploit Title: Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.download-monitor.com/ Software Link: https://downloads.wordpress.org/plugin/download-monitor.4.4.4.zip Version: 4.4.5 Tested on: Ubun...

Moodle 3.11.4 - SQL Injection Vulnerability

Exploit Title: Moodle 3.11.4 - SQL Injection Exploit Author: lavclash75 Vendor Homepage: https://moodle.org/ Version: Moodle 3.11 to 3.11.4 CVE: CVE-2022-0332 POC GET...

Wordpress 404 to 301 2.0.2 Plugin - SQL Injection (Authenticated) Exploit

Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on: Ubuntu 20.04 CV...

PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

WordPress Learnpress 4.1.4.1 Plugin - Arbitrary Image Renaming Vulnerability

Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested on: Linux CVE:...

CONTPAQi (R) AdminPAQ 14.0.0 - Unquoted Service Path Vulnerability

Exploit Title: CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path Discovery by: Angel Canseco Software Link: https://www.contpaqi.com/descargas Tested Version: 14.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 pro x64 english Step to discover Unquoted Service Path:...

WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability

Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/ Version: 1.0.2 Tested on: Windows 10 CVE: CVE-2021-24247 1. Description: The plugin settings are visible to all registered user...

Chamilo LMS 1.11.14 - Account Takeover Vulnerability

Exploit Title: Chamilo LMS 1.11.14 - Account Takeover Exploit Author: sirpedrotavares Vendor Homepage: https://chamilo.org Software Link: https://chamilo.org Version: Chamilo-lms-1.11.x Tested on: Chamilo-lms-1.11.x CVE: CVE-2021-37391 Publication:...

Huawei DG8045 Router 1.0 - Credential Disclosure Vulnerability

Title: Huawei DG8045 Router 1.0 - Credential Disclosure Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 HardwareVersion: VER.A CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. ...

WordPress Post Grid 2.1.1 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/post-grid/ Version: 2.1.1 Tested on: Windows 10 CVE: CVE-2021-24488 1. Description: This plugin creates a post grid from any post types. The slider import search...

WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy carousel slider for...

WordPress Domain Check 1.0.16 Plugin - Reflected Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://domaincheckplugin.com/ Software Link: https://wordpress.org/plugins/domain-check/...

Cisco Small Business RV Series Authentication Bypass / Command Injection Exploit

This Metasploit module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Th...

Moxa TN-5900 Firmware Post Authentication Command Injection Exploit

Moxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function webCERMGMTUpload. Title: Moxa TN-5900 Post...

Moxa TN-5900 Firmware Upgrade Checksum Validation Exploit

Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted Title: Moxa TN-5900 Firmware Upgrade Checksum Validation Vulnerability Publication URL:...

Fetch Softworks Fetch FTP Client 5.8 Denial Of Service Exploit

Fetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability. !/usr/bin/env python Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption Denial of Service Vendor: Fetch Softworks Product web page: https://www.fetchsoftworks.com Affected...