Simple Client Management System 1.0 - (uemail) SQL Injection Vulnerability

Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip Version: 1.0 Tested...

Lightweight facebook-styled blog Authenticated Remote Command Execution Exploit

This module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweig...

TP-Link TL-WR841N - Command Injection Exploit

Exploit Title: TP-Link TL-WR841N - Command Injection Exploit Author: Koh You Liang Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/TL-WR841NJPV13161028.zip Version: TL-WR841N 0.9.1 4.0 Tested on: Windows 10 CVE : CVE-2020-35575 import requests import sys import...

rConfig <= 3.9.6 Shell Upload Exploit

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. This module requires Metasploit: https://metasploit.com/download Current source:...

Huawei dg8045 - Authentication Bypass Vulnerability

Title: Huawei dg8045 - Authentication Bypass Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 Hardware Version: VER.A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An attacker can lea...

Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Exploit

Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Unauthenticated Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip Version: 1....

Online Library Management System 1.0 - (Search) SQL Injection Vulnerability

Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip Version: 1.0 Tested on: Windows 10 Pro 64 Bit...

WordPress WP Google Maps 8.1.11 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting XSS Exploit Author: Mohammed Adam Vendor Homepage: https://www.wpgmaps.com/ Software Link: https://wordpress.org/plugins/wp-google-maps/ Version: 5.7.2 Tested on: Windows 10 CVE: CVE-2021-24383 References link:...

Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload Exploit

!/usr/bin/env ruby Exploit Title: Monitorr exploit toolkit Google Dorks: inurl:/assets/config/installation/register.php?action=register Author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/sec-it/monitorr-exploit-toolkit...

F5 BIG-IQ VE 8.0.0-2923215 Remote Root Vulnerability

F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...

WordPress Poll, Survey, Questionnaire and Voting system 1.5.2 - (date_answers) Blind SQL Injection

Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage: https://wpdevart.com/wordpress-polls-plugin Softwar...

HPE RDA-CAS 1.23.826 Denial Of Service Exploit

!/usr/bin/python -- coding: UTF-8 -- hpfreeze.py HPE Remote Device Access Unauthenticated Denial of Service Jeremy Brown jbrown3264/gmail June 2021 "Designed for the enterprise, HPE RDA Remote Device Access provides integrated remote connectivity for support automation, device telemetry and remot...

Cisco Modeling Labs 2.1.1-b19 Remote Command Execution Exploit

Cisco Modeling Labs 2.1.1-b19 Post-Auth RCE Vulnerability CVE-2021-1531 ======= Details ======= Authenticated command injection in the web portal via the X-Original-File-Name header. Tested with portal 'admin' user who does not have a system login or SSH access, but likely works for any user who...

Simple CRM 3.0 - (email) SQL injection (Authentication Bypass) Vulnerability

Exploit Title: Simple CRM 3.0 - 'email' SQL injection Authentication Bypass Exploit Author: Rinku Kumar rinku191 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version Description :...

Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Responsive Tourism Website 3.1 - Remote Code Execution RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14838/simple-responsive-tourism-website-using-php-free-source-code.html Version: V 3.1 Tested on: MacOS & Windows import...

ASUS DisplayWidget Software 3.4.0.036 - (ASUSDisplayWidgetService) Unquoted Service Path

Exploit Title: ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path Exploit Author: Julio Aviña Vendor Homepage: https://www.asus.com/ Software Link: https://dlcdnets.asus.com/pub/ASUS/LCD%20Monitors/MB16ACE/ASUSDisplayWidget3.4.0.036.exe.zip Version: 3.4.0.036...

Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR) Vulnerability

Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference IDOR Exploit Author: Pratik Khalane Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on:...

WordPress Admin Columns Plugin Cross Site Scripting Vulnerability

Product: Admin Columns WordPress Plug-In Manufacturer: Codepress Affected Versions: 5.5.2 Pro version, 4.3.2 Free version Tested Versions: 5.5.1 Pro version, 4.3 Free version Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Fixed Manufacturer Notification:...

Customer Relationship Management System (CRM) 1.0 - Remote Code Execution Exploit

Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

OpenEMR 5.0.1.7 - (fileName) Path Traversal (Authenticated) Exploit

Exploit Title: OpenEMR 5.0.1.7 - 'fileName' Path Traversal Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5017.zip Version: All versions prior to 5.0.2 Tested on: Ubuntu 18.04 CVE:...

Wise Care 365 5.6.7.568 - (WiseBootAssistant) Unquoted Service Path Vulnerability

Exploit Title: Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path Exploit Author: Julio Aviña Vendor Homepage: https://www.wisecleaner.com/wise-care-365.html Software Link: https://downloads.wisecleaner.com/soft/WiseCare3655.6.7.568.exe Version: 5.6.7.568 Service File Version...

Simple CRM 3.0 - (Change user information) Cross-Site Request Forgery Vulnerability

Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...

Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit (3)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based buffer overflow...

Simple CRM 3.0 - (name) Stored Cross site scripting Vulnerability

Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version Description : Simpl...

Lexmark Printer Software G2 Installation Package 1.8.0.0 - (LM__bdsvc) Unquoted Service Path

Exploit Title: Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LMbdsvc' Unquoted Service Path Exploit Author: Julio Aviña Vendor Homepage: https://www.lexmark.com/ Software Link: https://downloads.lexmark.com/downloads/drivers/LexmarkPrinterSoftwareG2InstallationPackage01292021.exe...

Websvn 2.6.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE : CVE-2021-32305 import...

iFunbox 4.2 - (Apple Mobile Device Service) Unquoted Service Path Vulnerability

Exploit Title: iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path Exploit Author: Julio Aviña Vendor Homepage: https://www.i-funbox.com/en/index.html Software Link: https://www.i-funbox.com/download/ifunboxsetup4.2.exe Version: 4.2 Service File Version: 486.0.2.23 Tested on: Window...

Remote Mouse GUI 3.008 - Local Privilege Escalation Vulnerability

Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411 Version: Remote Mouse 3.008 Tested on: Windows 10 Pro Version 21H1 Note: Local/RDP access is required to exploit this vulnerability This method is also known as Citrix Method Insecure GU...

ICE Hrm 29.0.0.OS - (Account Takeover) Cross-Site Scripting and Session Fixation Vulnerability

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to session...

ICE Hrm 29.0.0.OS - (xml upload) Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting XSS Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description The file upload feature in ICE Hrm Version 29.0.0.OS allows remote...

Dlink DSL2750U - (Reboot) Command Injection Exploit

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

ICE Hrm 29.0.0.OS - (Account Takeover) Cross-Site Request Forgery (CSRF) Vulnerability

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...

Node.JS - (node-serialize) Remote Code Execution Exploit (3)

Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 3 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://github.com/luin/serialize Software Link: https://github.com/luin/serialize Version: 0.0.4 Tested on: Windows & Ubuntu CVE : 2017-5941 var serialize = require'node-serialize...

VX Search 13.5.28 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe https://www.vxsearch.com/setupsx64/vxsearchentsetupv13.5.28x64.exe Tested...

Dup Scout 13.5.28 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.dupscout.com Software Links: https://www.dupscout.com/setupsx64/dupscoutsrvsetupv13.5.28x64.exe https://www.dupscout.com/setupsx64/dupscoutentsetupv13.5.28x64.exe Tested...

VeryFitPro 3.2.8 Insecure Transit Vulnerability

VeryFitPro 3.2.8 Insecure Transit Vulnerability Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application com.veryfit2hr.second Tested versions: VeryFitPro 3.2.8 Vendor: Shenzhen DO...

Disk Savvy 13.6.14 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe https://www.disksavvy.com/setupsx64/disksavvyentsetupv13.6.14x64.exe...

Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...

Unified Office Total Connect Now 1.0 - (data) SQL Injection Vulnerability

Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection Shodan Filter: http.title:"TCN User Dashboard" Exploit Author: Ajaikumar Nadar Vendor Homepage: https://unifiedoffice.com/ Software Link: https://unifiedoffice.com/voip-business-solutions/ Version: 1.0 Tested on: CentOS +...

Workspace ONE Intelligent Hub 20.3.8.0 - (VMware Hub Health Monitoring Service) Unquoted Service Pat

Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/ Tested Version: 20.3.8.0...

Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Exploit

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com Vendor Confirmation:...

Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Online Shopping Portal 3.1 - Remote Code Execution Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: V3.1 Tested on: Windows & Ubuntu import requests import random import string url =...

Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution Exploit

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will...

Sync Breeze 13.6.18 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...

Linux/x86 Custom Shellcode ASCII And-Sub Encoder

/ Title: Linux/x86 - Custom Shellcode ASCII And-Sub Encoder Date: 29.03.2021 Author: Xenofon Vassilakopoulos github : https://github.com/xen0vas/ASCII-AND-SUB-Encoder gcc -m32 sub.c -o sub Usage : ./sub -s \x41\xff\x41\x41 -b \x0a\x0d\x2f\x3a\x3f\x40\x80\x81\x82 / include include include include...

DiskPulse 13.6.14 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.diskpulse.com Software Links: https://www.diskpulse.com/setupsx64/diskpulseentsetupv13.6.14x64.exe https://www.diskpulse.com/setupsx64/diskpulsesrvsetupv13.6.14x64.exe...

CKEditor 3 - Server-Side Request Forgery Vulnerability

Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google dorks inurl...

Disk Sorter Server 13.6.12 - (Disk Sorter Server) Unquoted Service Path Vulnerability

Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability Type: Unquoted...

Teachers Record Management System 1.0 - (email) Stored Cross-site Scripting Vulnerability

Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 + XAMPP...

Teachers Record Management System 1.0 - (Multiple) SQL Injection (Authenticated) Vulnerability

Exploit Title: Teachers Record Management System 1.0 – Multiple SQL Injection Authenticated Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 + XAMPP...