Cotonti Siena 0.9.19 - (maintitle) Stored Cross-Site Scripting Vulnerability

Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST Vulnerable Paramete...

OpenEMR 5.0.1.3 - (register) Authentication Bypass Exploit

Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1.4 Tested on:...

Client Management System 1.1 - (Search) SQL Injection Vulnerability

Exploit Title: Client Management System 1.1 - 'Search' SQL Injection Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client Management System 1.1 ...

SysGauge 7.9.18 - (SysGauge Server) Unquoted Service Path Vulnerability

Exploit Title: SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.sysgauge.com Software Link: https://www.sysgauge.com/setups/sysgaugesrvsetupv7.9.18.exe Tested Version: 7.9.18 Vulnerability Type: Unquoted Service Path Tested on:...

Brother BRPrint Auditor 3.0.7 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://support.brother.com/ Software Links: https://support.brother.com/g/b/downloadhowto.aspx?c=us&lang=en&prod=dcp7060dall&os=10013&dlid=dlf102753000&flang=4&type3=214...

HashiCorp Nomad Remote Command Execution Exploit

This Metasploit module lets you create a batch job on HashiCorp's Nomad service to spawn a shell. The default option is to use the rawexec driver, which runs with high privileges. Development servers and clients explicitly enabling the rawexec plugin can spawn these type of jobs. Regular exec job...

Polkit 0.105-26 0.117-2 - Local Privilege Escalation Exploit

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit 0.117-2 Fedora...

Brother BRAgent 1.38 - (WBA_Agent_Client) Unquoted Service Path Vulnerability

Exploit Title: Brother BRAgent 1.38 - 'WBAAgentClient' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://brother.com Software Link: https://support.brother.com/g/b/downloadhowto.aspx?c=us&lang=en&prod=ads1000wus&os=10013&dlid=dlf002778000&flang=4&type3=46 Tested Version...

IPFire 2.25 Remote Code Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user. This module requires Metasploit: https://metasploit.com/download...

Client Management System 1.1 - (username) Stored Cross-Site Scripting Vulnerability

Exploit Title: Client Management System 1.1 - 'username' Stored Cross-Site Scripting XSS Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client...

Online Library Management System 2.0 Cross Site Request Forgery Vulnerability

Exploit Title: Online Library Management System Exploit Author : Mohit Dabas Vendor Homepage : https://phpgurukul.com Software Link : https://phpgurukul.com/online-library-management-system/ Version: 2.0 Tested on : LAMPP Description Online Library Management System has got CSRF in admin panel...

Post-it 5.0.1 - Denial of Service Exploit

Exploit Title: Post-it 5.0.1 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/es/app/post-it/id920127738 Version: 5.0.1 Category: DoS iOS Vulnerability Post-it is vulnerable to a DoS condition when a long list of characters is being used when creating a note:...

TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) Vulnerability

Exploit Title : TextPattern CMS 4.8.7 - Remote Command Execution Authenticated Exploit Author : Mert Daş email protected Software Link : https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web : https://textpattern.com/ Tested on: Server : Xampp First of all we should use file...

Stock Management System 1.0 - (user_id) Blind SQL injection Vulnerability

Exploit Title: Stock Management System 1.0 - 'userid' Blind SQL injection Authenticated Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip Version: 1.0...

Spy Emergency 25.0.650 - (Multiple) Unquoted Service Path Vulnerability

Exploit Title: Spy Emergency 25.0.650 - Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.spy-emergency.com/ Software Link: https://www.spy-emergency.com/download/download.php?id=1 Tested Version: 25.0.650.0 Vulnerability Type: Unquoted Service Path Tested on OS:...

COVID19 Testing Management System 1.0 - (State) Stored Cross-Site-Scripting Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting XSS Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Server: XAMPP...

Accela Civic Platform 21.1 - (successURL) Cross-Site-Scripting Vulnerability

Exploit Title: Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting XSS Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE-2021-34370...

Secure Notepad Private Notes 3.0.3 - Denial of Service Exploit

Exploit Title: Secure Notepad Private Notes 3.0.3 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/secure-notepad-private-notes/id711178888 Version: 3.0.3 Category: DoS iOS Vulnerability Secure Notepad - Private Notes is vulnerable to a DoS condition when...

PCMan FTP Server 2.0.7 Denial Of Service Exploit

!/usr/bin/python e-mail: email protected Version Vulnerable: KnFTP 1.0.0 Server OS Tested: Windows XP PACK 3 Brazilian import socket import sys if lensys.argv != 2: print "" print " " print " KnFTP 1.0.0 Server - 'LIST' Denied of Service " print " " print " Author: Fernando Mengali " print " "...

Small CRM 3.0 - (Authentication Bypass) SQL Injection Vulnerability

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL Injection on it's adm...

Tftpd64 4.64 - (Tftpd32_svc) Unquoted Service Path Vulnerability

Exploit Title: Tftpd64 4.64 - 'Tftpd32svc' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://bitbucket.org/phjounin/tftpd64/src/master/ Software Links: https://bitbucket.org/phjounin/tftpd64/wiki/Download%20Tftpd64.md Tested Version: 4.64 Vulnerability Type: Unquoted...

Notex the best notes 6.4 - Denial of Service Exploit

Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long list of characters i...

WibuKey Runtime 6.51 - (WkSvW32.exe) Unquoted Service Path Vulnerability

Exploit Title: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.wibu.com Software Links: https://www.wibu.com/us/support/user/downloads-user-software/file/download/5792.html Tested Version: 6.51 Vulnerability Type: Unquoted...

OpenEMR 5.0.1.3 - (manage_site_files) Remote Code Execution Exploit

Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on: Ubuntu 18.04...

Accela Civic Platform 21.1 - (contactSeqNumber) Insecure Direct Object References Vulnerability

Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...

KnFTP Server 1.0.0 Denial Of Service Exploit

!/usr/bin/python e-mail: email protected Version Vulnerable: KnFTP 1.0.0 Server OS Tested: Windows XP PACK 3 Brazilian import socket import sys if lensys.argv != 2: print "" print " " print " KnFTP 1.0.0 Server - 'LIST' Denied of Service " print " " print " Author: Fernando Mengali " print " "...

GLPI 9.4.5 - Remote Code Execution Exploit

Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...

Chrome SandboxedUnpacker Unsafe Shared Memory Use Vulnerability

Chrome: SandboxedUnpacker unsafe use of shared memory. If we look at the mojo interface gzipper.mojom services/datadecoder/public/mojom/gzipper.mojom: // An interface that lets callers compress and uncompress data using gzip. interface Gzipper // Compresses |data| using gzip and returns it as...

Zenario CMS 8.8.52729 - (cID) Blind & Error based SQL injection (Authenticated) Vulnerability

Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection Authenticated Exploit Author: Avinash R Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.52729 Tested on: Windows 10 Pro No OS restrictions CVE :...

NSClient++ 0.5.2.35 Remote Code Execution Exploit

This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled. This module requires Metasploit: https://metasploit.com/download Curre...

Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Vulnerability

Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Google Dork: In Shodan search engine, the filter is ""Server: email protected"" Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...

EasyFTP Server 1.7.0.11 Denial Of Service Exploit

!/usr/bin/python e-mail: email protected Date: 06/10/2021 - 10 jun Version Vulnerable: EasyFTP Server 1.7.0.11 - 'XRMD' Denied of Service OS Tested: Windows XP PACK 3 Brazilian import socket import sys if lensys.argv != 2: print "" print " " print " EasyFTP Server 1.7.0.11 - 'XRMD' Denied of...

Cerberus FTP Web Service 11 - (svg) Stored Cross-Site Scripting Vulnerability

Exploit Title: Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting XSS Exploit Author: Abdulazeez Alaseeri Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Tested on: JBoss server/windows Type: Web App Date: 06/07/2021 CVE: CVE-2021-33904...

NetSetMan Pro 4.7.2 Privilege Escalation Exploit

NetSetManPro 4.7.2 Privilege Escalation Exploit Affected Products NetSetManPro 4.7.2 other/older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2021-01.txt used for updates CVE-2021-34546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34546 Summar...

WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit

Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...

Accela Civic Platform 21.1 - (servProvCode) Cross-Site-Scripting Vulnerability

Exploit Title: Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting XSS Exploit Author: Abdulazeez Alaseeri Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Tested on: JBoss server/windows Type: Web App Date: 06/07/2021 CVE: CVE-2021-33904...

WordPress Database Backups 1.2.2.6 Plugin - (Database Backup Download) CSRF Vulnerability

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and download databa...

Microsoft SharePoint Server 16.0.10372.20060 - (GetXmlDataFromDataSource) SSRF Exploit

Exploit Title: Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery SSRF Exploit Author: Alex Birnberg Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=57462 Version: 16.0.10372.20060 Tested on: Windows Server 2019 CVE :...

OpenEMR 5.0.0 - Remote Code Execution (Authenticated) Exploit

Exploit Title: OpenEMR 5.0.0 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.0/openemr-5.0.0.zip/download Version: 5.0.0 Tested on: Windows 10...

Grocery crud 1.6.4 - (order_by) SQL Injection Vulnerability

Exploit Title: Grocery crud 1.6.4 - 'orderby' SQL Injection Exploit Author: TonyShavez Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: v2.0.1 Tested on: Linux Ubuntu Proof Of concept : ======================= Request: POST...

Solar-Log 500 2.8.2 - Incorrect Access Control Vulnerability

Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control Google Dork: In Shodan search engine, the filter is ""Server: email protected"" Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...

TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Exploit Author: Mert Daş email protected Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is prone to a cross-site...

memono Notepad Version 4.2 - Denial of Service Exploit

Exploit Title: memono Notepad Version 4.2 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/es/app/memono-bloc-de-notas/id906470619 Version: 4.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being...

Grav CMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) Exploit (2)

Exploit Title: GravCMS 1.10.7 - Arbitrary YAML Write/Update Unauthenticated 2 Original Exploit Author: Mehmet Ince Vendor Homepage: https://getgrav.org Version: 1.10.7 Tested on: Debian 10 Author: legend /usr/bin/python3 import requests import sys import re import base64 target=...

n+otes 1.6.2 - Denial of Service Exploit

Exploit Title: n+otes 1.6.2 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/n-otes/id596895960 Version: 1.6.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note:...

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes, xor encoded)

Exploit Title: Linux/x86 - execve /bin/sh Shellcode fstenv eip GetPC technique 70 bytes, xor encoded Exploit Author: d7x Tested on: Ubuntu x86 / shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell uses the fstenv GetPC technique to get the memory address dynamically...

Student Result Management System 1.0 - (class) SQL Injection Vulnerability

Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/ Version: 1.0 Category:...

OpenCart 3.0.3.6 - (subject) Stored Cross-Site Scripting Vulnerability

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Exploit Author: Mert Daş Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.7 Tested on: Windows 10 Stored Cross-site scriptingXSS: Stored XSS, also...

WordPress visitors-app 0.3 Plugin - (user-agent) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting XSS Exploit Author: Mesut Cetin Vendor Homepage: https://profiles.wordpress.org/domingoruiz/ Software Link: https://wordpress.org/plugins/visitors-app/ Version: 0.3 Tested on: Debian GNU/Linux 10 Reference...

Intelbras Router RF 301K - (DNS Hijacking) Cross-Site Request Forgery Vulnerability

Exploit Title: Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery CSRF Exploit Author: Rodolfo Mariano Version: Firmware 1.1.2-1.1.5 CVE: 2021-32403 Exploit Code: document.forms0.submit;...