KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass Vulnerabilities

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through inputid POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting...

Online Shopping Portal 3.1 SQL Injection Vulnerability

Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020. Exploit Title: Online Shopping Portal - time-based blind SQL Injectio...

News Portal Project 3.1 SQL Injection Vulnerability

Exploit Title: News Portal Project - Multiple time-based SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/news-portal-project-in-php-and-mysql/ Version: 3.1 Tested on: Windows 10, XAMPP Descripti...

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure Vulnerabilities

KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files vi...

WordPress Backup Guard Authenticated Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. Please find a text-only version below sent to security mailing lists. The complete version on...

WordPress KN Fix Your Title 1.0.1 Plugin - (Separator) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting XSS Exploit Author: Aakash Choudhary Software Link: https://wordpress.org/plugins/kn-fix-your/ Version: 1.0.1 Category: Web Application Tested on Mac How to Reproduce this Vulnerability: 1. Install...

Webmin 1.973 - (run.cgi) Cross-Site Request Forgery Vulnerability

Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery CSRF Exploit Author: Mesh3l911 & Z0ldyck Vendor Homepage: https://www.webmin.com Repo Link: https://github.com/Mesh3l911/CVE-2021-31761 Version: Webmin 1.973 Tested on: All versions POC By \0331;m \0331;37mMesh3l\0331;m \0331;36m...

Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode

Exploit Title: Linux/x86 - Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 - Egghunter Reverse TCP Shell Shellcode Generator with dynamic IP and port Shellcode Author: d7x https://d7x.promiselabs.net/...

Dolibarr ERP/CRM 10.0.6 - Login Brute Force Exploit

Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force Exploit Author: Creamy Chicken Soup Vendor Homepage: https://www.dolibarr.org Software Link: https://sourceforge.net/projects/dolibarr/ Version: 10.0.6 Tested on: Windows 10 - 64bit CVE: CVE-2020-7995 function brute$url,$username,$passwd...

WordPress LearnPress 3.2.6.8 Plugin - Privilege Escalation Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin/?action=accept-to-be-teacher&userid= Done!...

PEEL Shopping 9.3.0 - (id) Time-based SQL Injection Vulnerability

Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to 9.4.0 Tested on:...

WordPress Mimetic Books 0.2.13 Plugin - (Default Publisher ID field) XSS Vulnerability

Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting XSS Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/mimetic-books/ Version: 0.2.13 Category: Web Application Tested on Mac How to Reproduc...

WordPress LearnPress 3.2.6.7 Plugin - (current_items) SQL Injection (Authenticated) Vulnerability

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login with a cred 3...

Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution Vulnerabilities

Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities. Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution Vulnerabilities...

Aruba Instant 8.7.1.0 - Arbitrary File Modification Exploit

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aruba Instant 8.5.x:...

Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Exploit

Exploit Title: Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Discovered by: Jeroen - IT Nerdbox Exploit Author: Metin Yunus Kandemir Version: sg2000-2000.1331 Vendor Homepage: https://www.seagate.com/ Software Link:...

Linux Kernel 2.6.19 < 5.9 - (Netfilter) Local Privilege Escalation Exploit

/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...

Aruba Instant (IAP) - Remote Code Execution Exploit

Aruba Instant IAP - Remote Code Execution Exploit import socket import sys import struct import time import threading import urllib3 import re import telnetlib import xml.etree.ElementTree as ET import requests urllib3.disablewarnings CONTINUERACE = True SNPRINTFCREATEFILEMAXLENGTH = 245 def...

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit

Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit Author: Salman Asad @deathflash1411 Version: Argus Surveillance DVR 4.0 Tested on: Windows 7 x86 Build 7601 & Windows 10 Reference: https://deathflash1411.github.io/blog/cracking-argus-surveillance-passwords Note: Argus...

ForgeRock Access Manager / OpenAM 14.6.3 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution RCE Unauthenticated Date: 2021-07-14 Exploit Author: Photubias – tijldotdeneutatHowestdotbe for www.ic4.be Vendor Advisory: 1 https://backstage.forgerock.com/knowledge/kb/article/a47894244 Vendor Homepage:...

WordPress Popular Posts 5.3.2 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link: https://downloads.wordpress.org/plugin/wordpress-popular-posts.5.3.2.zip Versio...

osCommerce 2.3.4.1 - Remote Code Execution Exploit (2)

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

WordPress Current Book 1.0.1 Plugin - (Book Title and Author field) Stored Cross-Site Scripting

Exploit Title: WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting XSS Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/current-book/ Version: 1.0.1 Category: Web Application How to Reproduce this...

Webmin 1.973 - Cross-Site Request Forgery (CSRF) Exploit

Exploit Title: Webmin 1.973 - Cross-Site Request Forgery CSRF Exploit Author: Mesh3l911 & Z0ldyck Vendor Homepage: https://www.webmin.com Repo Link: https://github.com/Mesh3l911/CVE-2021-31762 Version: Webmin 1.973 Tested on: All versions POC By \0331;m \0331;37mMesh3l\0331;m \0331;36m...

Invoice System 1.0 - (Multiple) Stored Cross-Site Scripting Vulnerability

Exploit Title: Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14858/invoice-system-using-phpoop-free-source-code.html Tested on: Server: XAMPP...

Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) Vulnerability

Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting XSS Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 CVE : CVE-2019-0221 Requirements: SSI support must be enabled within Apache Tomcat. SSI support is not enabled by...

Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)

Exploit Title: Linux/x86 - Bind User Specified Port Shell /bin/sh Shellcode 102 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Bind Shell /bin/sh with dynamic port binding Null-Free Shellcode 102 bytes Usage: gcc -z execstack -o bindshell bindshell.c ./bindshell 7000 Binding to 7000...

Garbage Collection Management System 1.0 - SQL Injection / Arbitrary File Upload Exploit

Exploit Title: Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload Exploit Author: Luca Bernardi - bernardiluca.job at protonmail.com | luca.bernardi at dedagroup.it Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

WordPress WPFront Notification Bar 1.9.1.04012 Plugin - Stored Cross-Site Scripting (XSS) Vulnerabil

Exploit Title: WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting XSS Exploit Author: Swapnil Subhash Bodekar Vendor Homepage: Software Link: https://wordpress.org/plugins/wpfront-notification-bar/ Version: 1.9.1.04012 Tested on Windows Category: Web Application H...

OpenEMR 5.0.1.3 - (manage_site_files) Remote Code Execution (Authenticated) Exploit (2)

Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated 2 Exploit author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Docker PoC:...

Apache Tomcat 9.0.0.M1 - Open Redirect Vulnerability

Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 CVE : CVE-2018-11784 Proof of Concept: Identify a subfolder within your application http://example.com/test/ Modify the URL to...

Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)

Exploit Title: Linux/x86 - Reverse dynamic IP and port/TCP Shell /bin/sh Shellcode 86 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Reverse TCP Shell with dynamic IP and port binding Shellcode tested on Ubuntu 12.04 LTS Usage: gcc -z execstack -o shellreversetcp shellreversetcp.c $...

Polkit D-Bus Authentication Bypass Exploit

A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operati...

Church Management System 1.0 - SQL Injection / Arbitrary File Upload / Remote Code Execution Exploit

Exploit Title: Church Management System 1.0 - SQL Injection Authentication Bypass + Arbitrary File Upload + RCE Exploit Author: Eleonora Guardini eleguardini93 at gmail dot com or eleonora.guardini at dedagroup dot com Vendor Homepage: https://www.sourcecodester.com Software Link:...

Zoo Management System 1.0 - (Multiple) Stored Cross-Site-Scripting Vulnerability

Exploit Title: Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting XSS Exploit Author: Subhadip Nag Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Server: XAMPP Description Zoo...

Wyomind Help Desk 1.3.6 - Remote Code Execution Vulnerability

Exploit Title: Wyomind Help Desk 1.3.6 - Remote Code Execution RCE Exploit Author: Patrik Lantz Vendor Homepage: https://www.wyomind.com/magento2/helpdesk-magento-2.html Version: Content-Type: multipart/form-data; boundary=---------------------------243970849510445067673127196635 Content-Length:...

Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit

Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link: https://downloads.wordpress.org/plugin/sp-client-document-manager.4.21.zip Version:...

Linux/x86 Bindshell With Dynamic Port Binding Shellcode (102 bytes)

Exploit Title: Linux/x86 - bindshell with dynamic shellcode port binding size: 102 bytes Exploit Author: d7x Tested on: Ubuntu x86 / x86 bindshell with dynamic shellcode port binding size: 102 bytes tested on Ubuntu 12.04 LTS Author: d7x https://d7x.promiselabs.net/ https://www.promiselabs.net/ /...

Employee Record Management System 1.2 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Employee Record Management System 1.2 - Stored Cross-Site Scripting XSS Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Tested on: Server: XAMPP Description...

Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Exam Hall Management System 1.0 - Unrestricted File Upload + Remote Command Execution Exploit

Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload + RCE Unauthenticated Exploit Author: Davide 'yth1n' Bianchin Contacts: davide dot bianchin at dedagroup dot it Vendor Homepage: https://www.sourcecodester.com Software Link:...

Okta Access Gateway 2020.5.5 Authenticated Remote Root Vulnerability

Okta Access Gateway v2020.5.5 Post-Auth Remote Root RCE CVE-2021-28113 ======= Details ======= There are two command injection bugs can that be triggered after authenticating to the web UI. Since the injection occurs when a script is executed with sudo, the commands are ran with root privileges...

MikroTik RouterOS 6.x Reachable Assertion Failure / Null Pointer Dereference Vulnerabilities

MikroTik RouterOS version 6.x suffers from having multiple null pointer dereference vulnerabilities and a reachable assertion failure MikroTik RouterOS 6.x Reachable Assertion Failure / Null Pointer Dereference Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor...

WordPress Plainview Activity Monitor 20161228 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution RCE Authenticated 2 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://wordpress.org/plugins/plainview-activity-monitor/ Software Link:...

Rocket.Chat 3.12.1 - NoSQL Injection to Remote Code Execution (Unauthenticated) Exploit (2)

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a faster exploit...

Online Covid Vaccination Scheduler System 1.0 - (username) time-based blind SQL Injection

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Phone Shop Sales Managements System 1.0 - SQL injection (Authentication Bypass) Vulnerability

Exploit Title: Phone Shop Sales Managements System 1.0 - Authentication Bypass SQLi Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version:...

Netgear DGN2200v1 - Remote Command Execution (Unauthenticated) Exploit

Exploit Title: Netgear DGN2200v1 - Remote Command Execution RCE Unauthenticated Exploit Author: SivertPL Vendor Homepage: https://www.netgear.com/ Version: All prior to v1.0.0.60 !/usr/bin/python """ NETGEAR DGN2200v1 Unauthenticated Remote Command Execution Author: SivertPL email protected Date:...