39001 matches found
Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass Vulnerability
Exploit Title: Cyber Cafe Management System Project CCMS 1.0 - SQL Injection Authentication Bypass Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ Version: 1.0 Tested on: XAMPP / Windows 10...
Mitrastar GPT-2541GNAC-N1 - Privilege escalation Vulnerability
Exploit Title: Mitrastar GPT-2541GNAC-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.mitrastar.com Platform: Mistrastar router devices GPT-2541GNAC-N1 HGU Tested on: Firmware BRg3.5100VNZ0b33 Vulnerability analysis:...
Pet Shop Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html Version: 1.0...
WordPress Select All Categories and Taxonomies 1.3.1 Plugin - Reflected Cross-Site Scripting
Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip Version: 1.3.1 Tested on: Windows 10...
WordPress Redirect 404 to Parent 1.3.0 Plugin - Reflected Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip Version: 1.3.0 Tested on: Windows 10 CVE: CVE-2021-24286 1. Description: This plugin redirects any...
OpenSIS 8.0 - (cp_id_miss_attn) Reflected Cross-Site Scripting Vulnerability
Exploit Title: OpenSIS 8.0 - 'cpidmissattn' Reflected Cross-Site Scripting XSS Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux CVE : CVE-2021-40310 OpenSIS Community Edition version 8.0 is...
Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting Vulnerabilities
Covid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July of 2021. CVE-2021-36621 Vendor Description Sourcecodester Online Covid Vaccination...
Storage Unit Rental Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Link:...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - (Add Admin) Cross-Site Request Forgery Vulnerability
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !-- FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit Vendor: FatPipe Networks Inc. Product web page:...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Vulnerability
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download Vendor: FatPipe Networks Inc. Product web page:...
FatPipe Networks WARP 10.2.2 - Authorization Bypass Vulnerability
Exploit Title: FatPipe Networks WARP 10.2.2 - Authorization Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP 10.2.2 Authorization Bypass Vendor: FatPipe Networks Inc. Product web page: https://www.fatpipeinc.com Affected version: WARP 10.2.2r38...
WordPress Popup 1.10.4 Plugin - Reflected Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter of its options pa...
WordPress Ultimate Maps 1.2.4 Plugin - Reflected Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/ultimate-maps-by-supsystic/ Version: 1.2.4 Tested on: Windows 10 CVE: CVE-2021-24274 1. Description: The plugin did not sanitize the tab parameter of...
Apache James Server 2.3.2 - Remote Command Execution (Authenticated) Exploit (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2 Tested on: Ubuntu...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Exploit
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) Vulnerability
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account Write Access Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account Write Access Vendor: FatPipe Networks Inc. Product web page:...
WordPress Contact Form 1.7.14 Plugin - Reflected Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.14 Tested on: Windows 10 CVE: CVE-2021-24276 1. Description: The Contact Form by Supsystic WordPress plugin...
WordPress TranslatePress 2.0.8 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Nosa Shandy Apapedulimu Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Reference:...
Simple Attendance System 1.0 Authentication Bypass Exploit
Exploit Title: Simple Attendance System v1.0 - Unauthenticated Add Admin Account Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
Ether MP3 CD Burner 1.3.8 - Buffer Overflow (SEH) Exploit
Exploit Title: EtherMP3CDBurner 1.3.8 - Buffer Overflow SEH Software Link: https://mp3-avi-mpeg-wmv-rm-to-audio-cd-burner.software.informer.com/download/?caa8ec-1.2 Software Link 2: https://anonfiles.com/X2Ff36J6ue/ethercdburnerexe Exploit Author: Achilles Tested Version: 1.3.8 Tested on: Windows...
Library System 1.0 - (student_id) SQL injection Vulnerability
Exploit Title: Library System 1.0 - 'studentid' SQL injection Authenticated Google Dork: intitle: "Library System by YahooBaba" Exploit Author: Vinay Bhuria Vendor Homepage: https://www.yahoobaba.net Software Link: https://www.yahoobaba.net/project/library-system-in-php Version: v1.0 Tested on:...
XAMPP 7.4.3 - Local Privilege Escalation Vulnerability
Exploit Title: XAMPP 7.4.3 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411, email protected Original Author: Maximilian Barz @S1lkys Vendor Homepage: https://www.apachefriends.org Version: XAMPP 7.2.29, 7.3.x 7.3.16 & 7.4.x 7.4.4 Tested on: Windows 10 + XAMPP 7.3.10...
Cisco RV130W 1.0.3.44 - Inject Counterfeit Routers Exploit
Exploit Title: Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers Exploit Author: Michael Alamoot Vendor Homepage: https://www.cisco.com/ Version: RV130W 1.0.3.44 Tested on: Kali linux ! /usr/bin/env python3 from scapy.contrib.eigrp import EIGRPAuthData from scapy.contrib.eigrp...
PASS-PHP 1.0 SQL Injection / Cross Site Scripting Exploit
Exploit Title: PASS-PHP by: oretnom23 v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.24.2021 Vendor: https://www.sourcecodester.com/user/257130/activity Link:...
WordPress Wappointment 2.2.4 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting XSS Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/wappointment.2.2.4.zip Version: 2.2.4 Tested on: Windows Description : Wappointment is prone to Stored Cross Site Scripting...
Cyberfox Web Browser 52.9.1 - Denial of Service Exploit
Exploit Title: Cyberfox Web Browser 52.9.1 - Denial-of-Service PoC Exploit Author: Aryan Chehreghani Vendor Homepage: https://cyberfox.8pecxstudios.com Software Link: https://www.techspot.com/downloads/6568-cyberfox-web-browser.html Version: v52.9.1 Possibly all versions Tested on: windows About ...
OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service Vulnerabilities
OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE I...
OpenVPN Monitor 1.1.3 Cross Site Request Forgery Vulnerability
OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-011 CVE ID: CVE-2021-31604 Subject: Cross-Si...
OpenVPN Monitor 1.1.3 Command Injection Vulnerability
OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID:...
Pharmacy Point of Sale System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Pharmacy Point of Sale System 1.0 - SQLi Authentication Bypass Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
SmarterTools SmarterTrack 7922 - (Multiple) Information Disclosure Vulnerability
Exploit Title: SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure Google Dork: intext:"Powered by SmarterTrack" Date: 23/01/2020 Exploit Author: Andrei Manole Vendor Homepage: https://www.smartertools.com/ Software Link: https://www.smartertools.com/smartertrack Version: TESTED ON...
Pharmacy Point Of Sale System 1.0 SQL Injection Vulnerability
Exploit Title: Pharmacy Point of Sale System v1.0 - SQLi Authentication Bypass Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
Microsoft Windows cmd.exe - Stack Buffer Overflow Vulnerability
Title: Microsoft Windows cmd.exe - Stack Buffer Overflow Author: John Page aka hyp3rlinx Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt ISR: ApparitionSec Vendor www.microsoft.com Product cmd.exe is the default command-line interpreter for t...
Gurock Testrail 7.2.0.3014 - (files.md5) Improper Access Control Vulnerability
Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Reference:...
Budget and Expense Tracker System 1.0 - Arbitrary File Upload Vulnerability
Exploit Title: Budget and Expense Tracker System 1.0 - Arbitrary File Upload Exploit Author: t//\1 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Tested on: Linux Version: 2.0 Exploit Description: The application is prone to a...
WordPress Fitness Calculators 1.9.5 Plugin - Cross-Site Request Forgery Vulnerability
Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery CSRF Author: 0xB9 Software Link: https://wordpress.org/plugins/fitness-calculators/ Version: 1.9.5 Tested on: Windows 10 CVE: CVE-2021-24272 1. Description: The plugin add calculators for Water intake, BMI...
WordPress Advanced Order Export For WooCommerce 3.1.7 Plugin - Reflected XSS Vulnerability
Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Version: 3.1.7 Tested on: Windows 10 CVE: CVE-2021-24169 1. Description: This plugin helps you to easil...
Backdrop CMS 1.20.0 - Multiple Cross-Site Request Forgery Vulnerability
Exploit Title: Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery CSRF Exploit Author: V1n1v131r4 Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.20.0/backdrop.zip Version: 1.20.0 Tested On: Kali Linux, Ubuntu 20.04...
Wordpress 3DPrint Lite 1.9.1.4 Plugin - Arbitrary File Upload Exploit
Exploit Title: Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/3dprint-lite/ Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/3dprint-lite/ Version: spacehen www.github.com/spacehen" def printusage: print"Usage: python3...
Redragon Gaming Mouse - (REDRAGON_MOUSE.sys) Denial Of Service Exploit
Exploit Title: Redragon Gaming Mouse - 'REDRAGONMOUSE.sys' Denial-Of-Service PoC Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.redragonzone.com/pages/download Reference:...
Police Crime Record Management Project 1.0 - Time Based SQL injection Vulnerability
Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi Exploit Author: t//\1 Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Tested on: Linux Version: 1.0 Exploit Description: The application is prone to an arbitrary...
Filerun 2021.03.26 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Filerun 2021.03.26 - Remote Code Execution RCE Authenticated Exploit Author: syntegris information solutions GmbH Credits: Christian P. Vendor Homepage: https://filerun.com Software Link:...
South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection Vulnerabilities
Exploit Title: South Gate Inn Online Reservation System v1.0 - Remote Code Execution Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/10584/south-gate-inn-online-reservation-system.html Software Link:...
Simple Attendance System 1.0 - Unauthenticated Blind SQL Injection Vulnerability
Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The application suffers from a...
Online Reviewer System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
OpenCats 0.9.4-2 -(docx) XML External Entity Injection Vulnerability
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
e107 CMS 2.3.0 - Remote Code Execution (Authenticated) Exploit
Exploit Title: e107 CMS 2.3.0 - Remote Code Execution RCE Authenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.0 Category: Webapps Tested on: Linux/Windows e107 is a free website content management system...
E-Negosyo System 1.0 Shell Upload Vulnerability
Exploit Title: E-Negosyo System 1.0 - Authenticated RCE Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category: Webapps Tested on: Ubuntu...
Sentry 8.2.0 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory: https://doc.lagout.org/Others/synacktivadvisorysentrypickle.pdf Tested o...
E-Negosyo System 1.0 SQL Injection Vulnerability
Exploit Title: E-Negosyo System 1.0 - Time-Based Blind SQLi - admin/login.php Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category:...