TotalAV 5.15.69 - Unquoted Service Path Vulnerability

Exploit Title: TotalAV 5.15.69 - Unquoted Service Path Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.totalav.com Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe Version: 5.15.69 Tested on: Windows 1...

Budget and Expense Tracker System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

WebsiteBaker 2.13.0 - Remote Code Execution (Authenticated) Exploit

Exploit Title: WebsiteBaker 2.13.0 - Remote Code Execution RCE Authenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://websitebaker.org/ Software Link: http://wiki.websitebaker.org/doku.php/en/downloads Version: 2.13.0 Category: Webapps Tested on: Linux/Windows WebsiteBaker...

OpenCats 0.9.4 XML Injection Vulnerability

Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph =...

ManageEngine OpManager SumPDU Java Deserialization Exploit

An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also...

Yenkee Hornet Gaming Mouse - (GM312Fltr.sys) Denial Of Service Exploit

Exploit Title: Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service PoC Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.yenkee.eu/gaming-mouse-hornet-aim/yms-3029 Reference:...

Church Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Church Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...

WordPress 5.7 - (Media Library) XML External Entity Injection Authenticated Vulnerability

Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447 !/bin/bash Author:...

Maxpatrol 8 / Xspider Denial Of Service Vulnerability

Positive Technologies Maxpatrol 8 and Xspider appears to suffer from a denial of service vulnerability. Exploit Title: Positive Technologies Maxpatrol 8 & Xspider Remote DoS Force clients disconect Exploit Author: AsCiI Vendor Homepage: https://www.ptsecurity.com/ Affected Positive Technologies...

Budget and Expense Tracker System 1.0 - Authenticated Bypass Vulnerability

Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass Exploit Author: Prunier Charles-Yves Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

Church Management System 1.0 - search SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...

Online Food Ordering System 2.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Online Food Ordering System 2.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Link:...

T-Soft E-Commerce 4 - change (admin credentials) Cross-Site Request Forgery Vulnerability

Exploit Title: T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux 2021.4 / xammp Category: WebApp Google Dork: intext:'T-Soft E-Ticaret Sistemleriyle...

Git git-lfs Remote Code Execution Exploit

This Metasploit modules exploits a critical vulnerability in Git Large File Storage Git LFS, an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository usi...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Exploit

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

Geutebruck instantrec Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and...

WordPress WooCommerce Booster Plugin 5.4.3 - Authentication Bypass Exploit

Exploit Title: WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass Exploit Author: Sebastian Kriesten 0xB455 Contact: https://twitter.com/0xB455 Affected Plugin: Booster for WooCommerce Plugin Slug: woocommerce-jetpack Vulnerability disclosure:...

Cloudron 6.2 Cross Site Scripting Vulnerability

Exploit Title: Cloudron 6.2 - Cross Site Scripting Reflected Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 Tested on: Demo / Localhost CVE : CVE-2021-31721 Proof of Concept: 1. Go to...

Simple Attendance System 1.0 - Authenticated bypass Vulnerability

Exploit Title: Simple Attendance System 1.0 - Authenticated bypass Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...

ImpressCMS 1.4.2 - Remote Code Execution (Authenticated) Exploit

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Authenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.impresscms.org/ Software Link: https://www.impresscms.org/modules/downloads/ Version: 1.4.2 Category: Webapps Tested on: Linux/Windows ImpressCMS is a...

Evolution CMS 3.1.6 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Example: python3...

AlphaWeb XE - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c "whoami" Referenc...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload Vulnerability

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload. I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE -------------------------...

Ulfius Web Framework Remote Memory Corruption Exploit

Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or potentially remote code execution with privileges of the running process. !/usr/bin/python3 guul.p...

AHSS-PHP 1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit Title: AHSS-PHP by: oretnom23 v1.0 is vulnerable in the application /scheduler/classes/Login.php to remote SQL-Injection-Bypass-Authentication + XSS-Stored Hijacking PHPSESSID Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.15.2021 Vendor:...

elFinder Archive Command Injection Exploit

elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT...

Textpattern CMS 4.8.3 Remote Code Execution Exploit

Exploit Title: Textpattern = 4.8.3 Remote code execution Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0 Install dependencies:...

Seowon 130-SLC router - (queriesCnt) Remote Code Execution (Unauthenticated) Vulnerability

Exploit Title: Seowon 130-SLC router - 'queriesCnt' Remote Code Execution Unauthenticated Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version: All Version...

Support Board 3.3.3 - Multiple SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection Unauthenticated Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.3 Tested on: Ubuntu 20.04.2 LTS ----- PoC 1:...

DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting Exploit

DMA Softlab Radius Manager version 4.4.0 chained exploit written in go that exploits session management and cross site scripting vulnerabilities. package main import "github.com/gorilla/mux" "fmt" "net/http" "net/url" "flag" "strings" "io/ioutil" "log" / should be able to: 1. Inject javascript in...

Purchase Order Management System 1.0 - Remote File Upload Exploit

Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Version: v1.0 Tested...

Active WebCam 11.5 - Unquoted Service Path Vulnerability

Exploit Title: Active WebCam 11.5 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.techspot.com/downloads/175-active-webcam.html Vendor Homepage: https://www.pysoft.com/ Version: 11.5 Tested on: Windows 10 Note: "Start on Windows...

Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Vulnerability

Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Exploit Author: Abhiram V Vendor Homepage: https://parl.ai/ Software Link: https://github.com/facebookresearch/ParlAI Version: 1.1.0 Tested on: Linux CVE: CVE-2021-24040 References :...

Wordpress Download From Files 1.48 Plugin - Arbitrary File Upload Exploit

Exploit Title: Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/download-from-files Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/download-from-files/ Version: spacehen www.github.com/spacehen" def printusage:...

Apartment Visitor Management System (AVMS) 1.0 - SQL injection to Remote Code Execution 0day Exploit

Exploit Title: Apartment Visitor Management System AVMS 1.0 - SQLi to RCE Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10395 Version: 1.0 Tested on:...

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)

Title: Windows/x64 - Reverse TCP 192.168.201.11:4444 Shellcode 330 Bytes Author: Xenofon Vassilakopoulos Tested on: Windows/x64 - 10.0.19043 N/A Build 19043 / MIT License Copyright c 2021 Xenofon Vassilakopoulos Permission is hereby granted, free of charge, to any person obtaining a copy of this...

Men Salon Management System 1.0 - Multiple Vulnerabilities

Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql Version: 1.0 Tested on: Windows 10 - XAMPP Server Vulnerable pa...

ECOA Building Automation System Hidden Backdoor Accounts Vulnerability

ECOA Building Automation System Hidden Backdoor Accounts and backdoor Function Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster...

ECOA Building Automation System Weak Default Credentials Vulnerability

ECOA Building Automation System Weak Default Credentials Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...

ECOA Building Automation System Hardcoded SSH Credentials Vulnerability

ECOA building automation systems have hardcoded SSH credentials. Many versions are affected. ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA...

ECOA Building Automation System Cookie Poisoning / Authentication Bypass Vulnerabilities

ECOA building automation systems suffer from a cookie poisoning vulnerability that allows for authentication bypass. Many versions are affected. ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

POMS-PHP 1.0 SQL Injection Exploit

Exploit Title: POMS-PHP by: oretnom23 v1.0 is vulnerable to remote SQL-Injection-Bypass-Authentication. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Link:...

ECOA Building Automation System Configuration Download Information Disclosure Vulnerability

ECOA building automation systems suffer from a configuration download information disclosure vulnerability. Many versions are affected. ECOA Building Automation System Configuration Download Information Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

ECOA Building Automation System Missing Encryption Vulnerability

ECOA building automation systems suffer from missing encryption of sensitive information. Many versions are affected. ECOA Building Automation System Missing Encryption Of Sensitive Information Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...

ECOA Building Automation System Arbitrary File Deletion Vulnerability

ECOA building automation systems suffer from an arbitrary file deletion vulnerability. Many versions are affected. ECOA Building Automation System Arbitrary File Deletion Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS...

ECOA Building Automation System Path Traversal / Arbitrary File Upload Vulnerabilities

ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected. ECOA Building Automation System Path Traversal Arbitrary File Upload Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA E...

ECOA Building Automation System Local File Disclosure Vulnerability

ECOA Building Automation System Local File Disclosure Vulnerability Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE...

ECOA Building Automation System Directory Traversal Vulnerability

ECOA building automation systems suffer from directory traversal vulnerability that allows for content disclosure. Many versions are affected. ECOA Building Automation System Directory Traversal Content Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

ECOA Building Automation System Cross Site Request Forgery Vulnerability

ECOA building automation systems suffer from a cross site request forgery vulnerability. Many versions are affected. ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - E...