ECOA Building Automation System Cross Site Request Forgery Vulnerability

ECOA building automation systems suffer from a cross site request forgery vulnerability. Many versions are affected. ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - E...

ECOA Building Automation System Remote Privilege Escalation Vulnerability

ECOA Building Automation System Remote Privilege Escalation Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...

Bus Pass Management System 1.0 - (adminname) Stored Cross-Site Scripting Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting XSS Exploit Author: Emre Aslan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip Version: 1.0 Tested on:...

WordPress TablePress 1.14 Plugin- CSV Injection Vulnerability

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress 5.8.0 2...

Rencode Denial Of Service Vulnerability

Rencode Denial Of Service Vulnerability 1 About Rencode Rencode is a "Python module for fast basic object serialization similar to bencode". https://github.com/aresch/rencode This library is used as a faster and more efficient data encoder than bencode. There are implementations in other language...

Ionic Identity Vault 4.7 Android Biometric Authentication Bypass Vulnerability

Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android. Product: Identity Vault Vendor: Ionic CVE ID: CVE-2021-3145 Subject: Biometric Authentication Bypass on Android Severity: Medium Effect: Authentication Bypass Introduction...

WordPress Survey & Poll 1.5.7.3 Plugin - (sss_params) SQL Injection Exploit (2)

Exploit Title: WordPress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection 2 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Tested on:...

WordPress WP Sitemap Page 1.6.4 Plugin - Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting XSS Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/wp-sitemap-page/ Version: 1.6.4 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress...

Antminer Monitor 0.5.0 - Authentication Bypass Vulnerability

Exploit Title: Antminer Monitor 0.5.0 - Authentication Bypass Dork:https://www.zoomeye.org/searchResult?q=%22antminer%20monitor%22 Exploit Author: CQR.company / Vulnz. Vendor Homepage: https://github.com/anselal/antminer-monitor, https://twitter.com/intent/follow?screenname=AntminerMonitor Softwa...

SmartFTP Client 10.0.2909.0 - (Multiple) Denial of Service Exploit

Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Exploit Author: Eric Salario Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Version: 10.0.2909.0 32 and 64 bit Tested on: Microsoft Windows 10 32 bit and 64 bit...

Patient Appointment Scheduler System 1.0 - Persistent / Stored XSS Exploit

Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link: https://www.sourcecodester.com/download-code?nid=1492...

Bus Pass Management System 1.0 - (viewid) Insecure direct object references Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

Argus Surveillance DVR 4.0 - Unquoted Service Path Vulnerability

Exploit Title: Argus Surveillance DVR 4.0 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Version: Argus Surveillance DVR 4.0 Tested on: Windows 10 Note: "Start as service on Windows Startup" must be enabled in Program Options Proof of Concept: C:\Users\deaths...

OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability

Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-40352 How to Reproduc...

Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution

Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution RCE Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

FlatCore CMS 2.0.7 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu Server 21.04 CVE:...

Windows Defender Application Guard Denial Of Service Vulnerability

Windows Defender Application Guard also known as "WDAG", Microsoft Defender Application Guard, and "MDAG" can be closed by any script or website loaded in WDAG by redirecting the browser to a URL with a long hostname e.g, 10,000 characters long. This can cause a denial-of-service condition. Impac...

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal Vulnerability

Product: Artica Proxy VMWare Appliance Vendor/Manufacturer: ArticaTech https://www.articatech.com Affected Versions: 4.30.000000 =SP273 Tested Versions: 4.30.000000 SP273 Vulnerability Type: Relative path traversal CWE-23, Improper Limitation of a Pathname to a restricted Directory CWE-22, CWE 35...

Remote Mouse 4.002 - Unquoted Service Path Vulnerability

Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on: Windows 10 Proof...

WPanel 4.3.1 - Remote Code Execution (Authenticated) Exploit

Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...

WordPress Duplicate Page 4.4.1 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting XSS Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/duplicate-page/ Version: 4.4.1 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress...

Compro Technology IP Camera - (index_MJpeg.cgi) Stream Disclosure Vulnerability

Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized access vulnerability,...

Compro Technology IP Camera - (mjpegStreamer.cgi) Screenshot Disclosure Vulnerability

Exploit Title: Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40382 There is an unauthorized access...

Compro Technology IP Camera - (killps.cgi) Denial of Service Exploit

Exploit Title: Compro Technology IP Camera - 'killps.cgi' Denial-of-Service DoS Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40378 There is a backdoor prefabricated in the...

Compro Technology IP Camera - (Multiple) Credential Disclosure Vulnerability

Exploit Title: Compro Technology IP Camera - 'Multiple' Credential Disclosure Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40380 There are unauthorized access vulnerabilitie...

Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated) Vulnerability

Exploit Title: Compro Technology IP Camera - RTSP stream disclosure Unauthenticated Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40379 Some devices have unauthorized access ...

Dolibarr ERP / CRM 14.0.1 - Privilege Escalation Vulnerability

Exploit Title: Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Exploit Author: Vishwaraj101 Vendor Homepage: https://www.dolibarr.org/ Affected Version: = 14.0.1 Patch: https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d Summary: Using the below chain of issues...

OpenSIS Community 8.0 - (cp_id_miss_attn) SQL Injection Vulnerability

Exploit Title: OpenSIS Community 8.0 - 'cpidmissattn' SQL Injection Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux A SQL injection vulnerability exists in the Take Attendance functionality of...

Geutebruck Remote Command Execution Exploit

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and...

Telegram Desktop 2.9.2 - Denial of Service Exploit

Exploit Title: Telegram Desktop 2.9.2 - Denial of Service PoC Exploit Author: Aryan Chehreghani Vendor Homepage: https://telegram.org Software Link: https://telegram.org/dl/desktop/win64 Tested Version: 2.9.2 x64 Tested on OS: Windows 10 Enterprise About App Telegram is a messaging app with a foc...

Moxa Command Injection / Cross Site Scripting Vulnerabilities

======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage...

WordPress GetPaid payments plugin 2.4.6 - HTML Injection Vulnerability

Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection Exploit Author: Niraj Mahajan Software Link: https://wordpress.org/plugins/invoicing/ Version: 2.4.6 Tested on Windows Steps to Reproduce: 1. Install Wordpress 5.8 2. Install and Activate "WordPress Payments Plugin |...

Traffic Offense Management System 1.0 - SQL Injection to Remote Code Execution Exploit

Exploit Title: Traffic Offense Management System 1.0 - SQLi to Remote Code Execution RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html Version: 1.0 Tested on: Linux import...

Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit

Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions before 7.12.5 Tested o...

Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation Exploit

Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10.37 are vulnerable to a bug in the eBPF verifier's verification of ALU32 operations in the scalar32minmaxand function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not b...

WordPress ProfilePress 3.1.3 Plugin - Privilege Escalation (Unauthenticated) Exploit

Exploit Title: WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation Unauthenticated Exploit Author: Numan Rajkotiya Vendor Homepage: https://profilepress.net/ Software Link: https://downloads.wordpress.org/plugin/wp-user-avatar.3.0.zip Version: 1 ProfilePress Formerly WP User Avatar 3.0 -...

BSCW Server XML Injection Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an XML tag injection vulnerability. ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version:...

Git LFS Clone Command Execution Exploit

Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of...

BSCW Server Remote Code Execution Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated RCE product: BSCW Server...

Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Exploit

Exploit Title: Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write Authenticated Exploit Author: BitTheByte Description: Authenticated path traversal vulnerability. Exploit Research: https://www.tenable.com/security/research/tra-2020-59 Vendor Homepage: https://umbraco.com/ Version:...

Online Leave Management System 1.0 SQL Injection Vulnerability

Online Leave Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: OLMS - PHP by: oretnom23 v1.0 SQL-Injection-Bypass-Authentication in /leavesystem/classes/Login.php. Author: nu11secur1ty Testing and Debugging:...

COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection Exploit

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR by: oretnom23 v1.0 remote...

Projectsend r1295 - (name) Stored XSS Vulnerability

Exploit Title: Projectsend r1295 - 'name' Stored XSS Exploit Author: Abdullah Kala Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/387/ Version: r1295 Tested on: Ubuntu 18.04 Description: Firstly add client group. After uploading the file from the...

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-18818, CVE-2019-19609...

ZesleCP 3.1.9 - Remote Code Execution (Authenticated) Exploit

Title: ZesleCP 3.1.9 - Remote Code Execution RCE Authenticated Author: Numan Türle Vendor Homepage: https://zeslecp.com/ Software Link: https://zeslecp.com/ Version: =3.1.9 https://www.youtube.com/watch?v=5lTDTEBVq-0 !/usr/bin/python3 -- coding: utf-8 -- ZesleCP - Remote Code Execution...

Bus Pass Management System 1.0 - (viewid) SQL Injection Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'viewid' SQL Injection Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

MySQL User-Defined (Linux) x32 / x86_64 - (sys_exec) Local Privilege Escalation Exploit (2)

Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux x8664 using...

Usermin 1.820 - Remote Code Execution (Authenticated) Exploit

Title: Usermin 1.820 - Remote Code Execution RCE Authenticated Author: Numan Türle Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: =1820 https://www.youtube.com/watch?v=wiRIWFAhz24 !/usr/bin/python3 -- coding: utf-8 -- Usermin - Remot...

Strapi 3.0.0-beta - Set Password (Unauthenticated) Exploit

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "email protecte...

Strapi 3.0.0-beta.17.7 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...