opencart 3.0.3.8 - Sessjion Injection Vulnerability

Exploit Title: opencart 3.0.3.8 - Sessjion Injection Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10 using XAMPP,...

orangescrum 1.8.0 - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Testeted o...

orangescrum 1.8.0 - Privilege escalation (Authenticated) Vulnerability

Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Tested on: Windows 10 usi...

Bagisto 1.3.3 - Client-Side Template Injection Vulnerability

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an account and login your...

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. This module requires Metasploit:...

Gerdab.ir SQL Injection Vulnerability

This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...

D-Link DSL-3782 Pre-Authentication Remote Root Exploit

!/usr/bin/python2 preauth rece for dlink dsl-3782 pwned: 18.112021 @ 19:26 import sys import urllib2 requests import urllib import struct target = 'http://192.168.0.50/index.php' cgi-bin/ChgLang.asp' nopsled = "" NOP sled XOR $t0, $t0, $t0; as NOP is only null bytes for i in range74: nopsled +=...

Serva 4.4.0 TFTP Remote Buffer Overflow Exploit

Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow Metasploit Exploit Author: Yehia Elghaly Vendor Homepage: https://www.vercot.com/ Software Link : https://www.vercot.com/serva/download/ServaCommunityv4.4.0-21081411.zip Tested Version: 4.4.0 Tested on: Windows XP SP3 - Windows 7...

HTTPDebuggerPro 9.11 - Unquoted Service Path Vulnerability

Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10 WIN32OWNPROCESS...

CMSimple 5.4 - Local file inclusion to Remote code execution Exploit

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

Webrun 3.6.0.42 - (P_0) SQL Injection Vulnerability

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 =-=-=-= Description =-=-=-= Webrun version 3.6.0.42 is vulnerable to SQL Injection,...

FLEX 1085 Web 1.6.0 - HTML Injection Vulnerability

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary: ================ Th...

GNU gdbserver 9.2 - Remote Command Execution Exploit

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested on: Ubuntu Linux...

Bus Pass Management System 1.0 - (Search) SQL injection Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS MontereyVersion 12.0.1 SQL...

Wordpress WP Guppy 1.1 Plugin - WP-JSON API Sensitive Information Disclosure Vulnerability

Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash Help Display Help...

Linux Kernel 5.1.x - (PTRACE_TRACEME) pkexec Local Privilege Escalation Exploit (2)

Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel 4.19.0-kali5-amd64 CVE:...

Aimeos Laravel ecommerce platform 2021.10 LTS - (sort) SQL injection Vulnerability

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The Aimeos E-Commerce...

OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability

OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...

Wipro Holmes Orchestrator 20.4.1 Report Disclosure Vulnerability

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1 application, if at...

OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal Vulnerability

OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. Product: OX App Suite, OX Documents Vendor: OX Software GmbH Internal reference:...

Wipro Holmes Orchestrator 20.4.1 File Disclosure Exploit

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Log File Disclosure Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38283 import requests as rq import argparse import datetime import o...

Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass Vulnerability

Ionic Identity Vault versions 5.0.4 and below suffer from a PIN unlock lockout bypass vulnerability on both Android and iOS. Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-020 CVE ID: CVE-2021-44033 Subject: PIN Unlock Lockout Bypass Android & iOS Severity: Medium Effect: Authentication...

Pinkie 2.15 - TFTP Remote Buffer Overflow Exploit

Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS: Windows XP SP3 - Windows 7...

PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection Vulnerability

PuneethReddyHC Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability. CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection...

Modbus Slave 7.3.1 - Buffer Overflow Exploit

Exploit Title: Modbus Slave 7.3.1 - Buffer Overflow DoS Discovered by: Yehia Elghaly Vendor Homepage: https://www.modbustools.com/ Software Link : https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Tested Version: 7.3.1 Connect 5. - Paste the characters of txt file Registration Key 6....

Apache Storm Nimbus 2.2.0 Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In ord...

WordPress Preview E-mails For WooCommerce 1.6.8 Cross Site Scripting Vulnerability

WordPress Preview E-mails for WooCommerce plugin versions 1.6.8 and below suffer from a cross site scripting vulnerability. Description: Reflected Cross-Site Scripting Affected Plugin: Preview E-mails for WooCommerce Plugin Slug: woo-preview-emails Affected Versions: = 1.6.8 CVE ID: CVE-2021-4236...

Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free Exploit

Linux suffered from a use-after-free read vulnerability related to an SOPEERCRED and SOPEERGROUPS race with listen and connect. This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286. Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with...

Wordpress Smart Product Review 1.0.4 Plugin - Shell Upload Exploit

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4 Tested on: Kali Linu...

SuiteCRM 7.11.18 - Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

Quick.CMS 6.7 - Cross Site Request Forgery to Cross Site Scripting Vulnerability

Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows...

Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...

GitLab 13.10.2 - Remote Code Execution Exploit

Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/gitlab-org/gitlab...

LiquidFiles 3.5.13 Privilege Escalation Vulnerability

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

Online Reviewer System 2.4.0 SQL Injection Vulnerability

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

Sitecore Experience Platform (XP) Remote Code Execution Exploit

This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in...

Online Learning System 2.0 - Remote Code Execution Exploit

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux / Windows 10 CVE...

CMDBuild 3.3.2 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-site scripting XSS...

WordPress Contact Form to Email 1.3.24 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting XSS Authenticated Exploit Author: Mohammed Aadhil Ashfaq Vendor Homepage: https://form2email.dwbooster.com/ Version: 1.3.24 Tested on: wordpress POC 1. Click Contact form to Email...

Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download Exploit

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38146 import requests as rq import argparse port = 8001 change...

Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection Vulnerability

Talariax sendQuick Alertplus Server Admin version 4.3 suffers from a vulnerability that allows an authenticated user to perform error-based SQL injection via unsanitized form fields. Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered f...

Simple Subscription Website 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...

KONGA 0.14.9 - Privilege Escalation Exploit

Exploit Title: KONGA 0.14.9 - Privilege Escalation Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux - Ubuntu 20.04.3 LTS...

Fuel CMS 1.4.13 - (col) Blind SQL Injection Vulnerability

Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16, Apache 2.4.46 Steps...

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...

WordPress WPSchoolPress 2.1.16 Plugin - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.04 over WordPress...

PHP Laravel 8.70.1 - Cross Site Scripting to Cross Site Request Forgery Vulnerability

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We can bypass larav...

Mumara Classic 2.93 - (license) SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic through 2.93...

WordPress WP Symposium Pro 2021.10 Plugin - (wps_admin_forum_add_name) XSS Vulnerability

Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 - 'wpsadminforumaddname' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.wpsymposiumpro.com/ Software Link: https://wordpress.org/plugins/wp-symposium-pro/ Version: 2021.10 Tested o...

Xlight FTP 3.9.3.1 - Buffer Overflow Exploit

Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on OS: Windows XP SP3 - Windows...