Simple Online College Entrance Exam System 1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Exploit Author: Mevlüt Yılmaz Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

Simple Online College Entrance Exam System 1.0 - (Multiple) SQL injection Vulnerability

Exploit Title: Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated) Vulnerability

Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows 10, XAMPP...

django-unicorn 0.35.3 - Stored Cross-Site Scripting Vulnerability

Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS vulnerability by...

Online Traffic Offense Management System 1.0 - Privilage escalation Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

Online Enrollment Management System 1.0 - Authentication Bypass Vulnerability

Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...

Cmder Console Emulator 1.3.18 - (Cmder.exe) Denial of Service Exploit

Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service PoC Exploit Author: Aryan Chehreghani Vendor Homepage: https://cmder.net Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip Version: v1.3.18 Tested on: Windows 10 About - Cmder Console...

Loan Management System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Loan Management System 1.0 - SQLi Authentication Bypass Exploit Author: Merve Oral Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...

Online Traffic Offense Management System 1.0 - Multiple Remote Code Execution Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)

; Name: Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode 415 bytes ; Author: h4pp1n3ss ; Tested on: Microsoft Windows Version 10.0.19042.1237 ; Description: ; This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this...

Online DJ Booking Management System 1.0 - (Multiple) Blind Cross-Site Scripting Vulnerability

Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/ Version: V 1.0 Vulnerable endpoint:...

VMware vCenter Server Analytics (CEIP) Service File Upload Exploit

This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry CEIP service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default. This module...

Online Traffic Offense Management System 1.0 - Multiple SQL Injection Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple SQL Injection Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

Google SLO-Generator 2.0.0 - Code Execution Vulnerability

Exploit Title: Google SLO-Generator 2.0.0 - Code Execution Exploit Author: Kiran Ghimire Software Link: https://github.com/google/slo-generator/releases Version: = 2.0.0 Tested on: Linux CVE: CVE-2021-22557 Introduction: Is a tool to compute and export Service Level Objectives SLOs, Error Budgets...

Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation Exploit

A heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a denial of service via heap memory corruption through user name space. Kernels up to and including 5.11 are vulnerable. This module...

Online Traffic Offense Management System 1.0 - Multiple XSS Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

Tapatalk Plugins PHP Object Injection Vulnerability

PHP object injection vulnerability in all Tapatalk plugins that can allow attackers to execute PHP code, perform SQL injection, or cause denial of service conditions. Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allo...

Dahua Authentication Bypass Vulnerability

STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...

Wordpress MStore API 2.0.6 Plugin - Arbitrary File Upload Vulnerability

Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path from os import...

Wordpress BulletProof Security 5.1 Plugin - Sensitive Information Disclosure Vulnerability

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: = 5.1 Tested on:...

Company's Recruitment Management System SQL Injection Vulneraility

Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability. Company's Recruitment Management System SQL Injection Vulneraility Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the...

Local Offices Contact Directory Site SQL Injection Vulnerability

Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability. Local Offices Contact Directory Site SQL Injection Vulnerability...

Try My Recipe SQL Injection Vulnerability

Try My Recipe SQL Injection Vulnerability https://www.sourcecodester.com/php/14964/try-my-recipe-recipe-sharing-website-cms-php-and-sqlite-free-source-code.html CVE-nu11-17-092921 Vendor MySQL Vulnerability Description: The cid parameter appears on Recipe Sharing Website - CMS by:oretnom23 to be...

Apache HTTP Server 2.4.49 - Path Traversal Vulnerability

Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if $1 =3D=3D '' ; $2 =3D=3D '' ; then ech...

Wordpress TheCartPress 1.5.3.6 Plugin - Privilege Escalation Exploit

Exploit Title: Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation Unauthenticated Google Dork: inurl:/wp-content/plugins/thecartpress/ Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugin/thecartpress Version: spacehen www.github.com/spacehen" def printusage:...

High Infinity Technology HiKam S6 1.3.26 Spoofing / Broken Authentication Vulnerability

High Infinity Technology HiKam S6 versions 1.3.26 and below suffer from broken authentication, enumeration, message protocol downgrade, insufficient use of cryptography, insufficient message protocol checks, device spoofing, outdated components, and weak default credential vulnerabilities. suffer...

Odine Solutions GateKeeper 1.0 - (trafficCycle) SQL Injection Vulnerability

Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Exploit Author: Emel Basayar Vendor: Odine Solutions - odinesolutions.com Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/ Version: 1.0 Category: Webapps Tested on: Ubuntu 18 TLS...

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Vulnerability

Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ version 7.12.3 Tested o...

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0 ≤ version...

Student Quarterly Grading System 1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass Exploit Author: Blackhan Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...

Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Vulnerabilities

Exploit Title: Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...

Open Game Panel - Remote Code Execution (Authenticated) Exploit

Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...

Young Entrepreneur E-Negosyo System 1.0 - (PRODESC) Stored Cross-Site Scripting Vulnerability

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

Payara Micro Community 5.2021.6 - Directory Traversal Vulnerability

Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal Exploit Author: Yasser Khan N3Thunt3r Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html Software Link: https://www.payara.fish/downloads/payara-platform-community-edition/x Version:...

Online-Food-Ordering-Web-App SQL Injection Vulnerability

CVE-2021-41647 SQL Injection in Online-Food-Ordering-Web-App The Online-Food-Ordering-Web-App is vulnerable to un-authenticated error and time-based blind SQL Injection attacks. The username parameter on the /login.php page does not sanitize the user input, an attacker is able to bypass the login...

CMSimple_XH 1.7.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: CMSimpleXH 1.7.4 - Remote Code Execution RCE Authenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.cmsimple-xh.org/ Software Link: https://www.cmsimple-xh.org/?Downloads Version: 1.7.4 Category: Webapps Tested on: Linux/Windows CMSimpleXH is an open sour...

Vehicle Service Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Vehicle Service Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...

Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass Exploit Author: sanjay singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Tested on: Windows 10...

Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode 178 bytes

; Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode 178 bytes ; Description: ; This is a shellcode that pop a calc.exe. The shellcode iuses ; the PEB method to locate the baseAddress of the required module and the Export Directory Table ; to locate symbols. Als...

Phpwcms 1.9.30 - File Upload to XSS Vulnerability

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload with SVG...

Directory Management System 1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Directory Management System 1.0 - SQL Injection Authentication Bypass Exploit Author: SUDONINJA Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Version: v1.0 Tested on: Windows 10 Steps-To-Reproduce: St...

Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Vulneraility

Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Exploit Author: Nitin Sharma Vidvansh Vendor Homepage: https://code-projects.org Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/ Version: 1.0 Tested on: XAMPP / Windows 10...

Blood Bank System 1.0 - SQL Injection / Authentication Bypass Vulnerabilities

Exploit Title: Blood Bank System 1.0 - SQL Injection / Authentication Bypass Exploit Author: Nitin Sharma vidvansh Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code/ Software Link : https://download.code-projects.org/details/f44a4ba9-bc33-48c3-b030-02f62117d230 Version...

Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode (230 bytes)

; Name: Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode 230 bytes ; Author: h4pp1n3ss ; Tested on: Microsoft Windows Version 10.0.19042.1237 ; Description: ; This is a shellcode that ; pop a MessageBox and show the text "Pwn3d by h4pp1n3ss". In order to accomplish...

MiniOrange SAML Drupal Module 8.x-2.22 Privilege escalation via XML Signature Wrapping Vulnerability

Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED Tested on: Linux...

WhatsUpGold 21.0.3 - Stored Cross-Site Scripting Vulnerability

Exploit Title: WhatsUpGold 21.0.3 - Stored Cross-Site Scripting XSS Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.21.0.3, Build 188 Tested on: Windows 2019 Server CVE : CVE-2021-41318 Reference: https://f20.be/cves/poc-cve-2021-41318 Description:...

Wordpress JS Jobs Manager 1.1.7 Plugin - Unauthenticated Plugin Install/Activation Vulnerability

Exploit Title: Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation Google Dork: inurl:/wp-content/plugins/js-jobs/ Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/js-jobs/ Version: spacehen www.github.com/spacehen" def printusage: print"Usage...

Cmsimple 5.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests parser=...

Pharmacy Point of Sale System 1.0 - (Multiple) SQL Injection Vulnerability

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...