OpenCart 3.0.3.7 - (Change Password) Cross-Site Request Forgery Vulnerability

Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery CSRF Exploit Author : Mert Daş email protected Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Tested on: Server : Xampp Cross-si...

SAMI FTP Server 2.0.2 Denial Of Service Exploit

!/usr/bin/python e-mail: email protected Date: 06/08/2021 - 08 jun Version Vulnerable: SAMI FTP Server 2.0.2 OS Tested: Windows XP PACK 3 Brazilian e Windows 2000 import socket import sys if lensys.argv != 2: print "" print " " print " SAMI FTP Server 2.0.2 - Command 'USER' Denied of Service "...

Backup Key Recovery 2.2.7 - Denial of Service Exploit

Exploit Title: Backup Key Recovery 2.2.7 - Denial of Service PoC Author: Erick Galindo Vendor Homepage: http://www.nsauditor.com Software http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Version: 2.2.7.0 Tested on: Windows 10 Pro x64 es Proof of Concept: 1.- Copy printed "AAAAA..." stri...

NBMonitor 1.6.8 - Denial of Service Exploit

Exploit Title: NBMonitor 1.6.8 - Denial of Service PoC Author: Erick Galindo Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Version: 1.6.8 Tested on: Windows 10 Pro x64 es Proof of Concept: 1.- Copy printed "AAAAA..." string to...

Nsauditor 3.2.3 - Denial of Service Exploit

Exploit Title: Nsauditor 3.2.3 - Denial of Service PoC Author: Erick Galindo Vendor Homepage: http://www.nsauditor.com Software http://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.3.0 Tested on: Windows 10 Pro x64 es Proof of Concept: 1.- Copy printed "AAAAA..." string to clipboard...

WordPress wpDiscuz 7.0.4 Plugin - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9, Windows 7, Windows 10...

COVID-19 Testing Management System 1.0 SQL Injection Exploit

COVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021. Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Authentication Bypass Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor...

IcoFX 2.6 - (.ico) Buffer Overflow SEH + DEP Bypass using JOP Exploit

Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7 Ultimate x64 CVE:...

Sticky Notes & Color Widgets 1.4.2 - Denial of Service Exploit

Exploit Title: Sticky Notes & Color Widgets 1.4.2 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/sticky-notes-color-widgets/id1476063010 Version: 1.4.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of...

Rocket.Chat 3.12.1 - NoSQL Injection to Remote Code Execution (Unauthenticated) Exploit

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python import requests impo...

WordPress Smart Slider - 3.5.0.8 Plugin - (name) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting XSS Exploit Author: Hardik Solanki Software Link: https://wordpress.org/plugins/smart-slider-3/ Version: 3.5.0.8 Tested on Windows How to reproduce vulnerability: 1. Install WordPress 5.7.2 2. Install and...

OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution (Authenticated) Exploit

Exploit Title: OptiLink ONT1GEW GPON 2.1.11X101 Build 1127.190306 - Remote Code Execution Authenticated Exploit Authors: Developed by SecNigma and Amal. Vendor Homepage: https://optilinknetwork.com/ Version: ONT1GEW V2.1.11X101 Build.1127.190306 Mitigation: Ask the vendor to issue a router upgrad...

Wordpress wpDiscuz 7.0.4 Plugin - Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...

Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...

Cisco HyperFlex HX Data Platform Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...

My Notes Safe 5.3 - Denial of Service Exploit

Exploit Title: My Notes Safe 5.3 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/my-notes-safe/id689971781 Version: 5.3 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creatin...

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration Vulnerability

User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested versions: HealthForYou 1.11.1...

Inkpad Notepad & To do list 4.3.61 - Denial of Service Exploit

Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=esMX Version: 4.3.61 Category: DoS Android Vulnerability InkPad Bloc de notas - Tareas is vulnerable ...

Macaron Notes great notebook 5.5 - Denial of Service Exploit

Exploit Title: Macaron Notes great notebook 5.5 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/macaron-notes-great-notebook/id1079862221 Version: 5.5 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of...

SuiteCRM Log File Remote Code Execution Exploit

This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the...

FileCOPA FTP Server 1.01 Denial Of Service Exploit

!/usr/bin/perl e-mail: email protected Date: 04/06/2021 Version Vulnerable: FileCOPA FTP Server 1.01 OS Tested: Windows XP PACK 3 Brazilian e Windows 2000 Youtube video: https://youtu.be/A9cEoyY9Bd4 badchars \0x00\0x0a use Net::FTP; use Term::ANSIColor; $sis="$^O"; print $sis; if $sis eq "windows...

Color Notes 1.4 - Denial of Service Exploit

Exploit Title: Color Notes 1.4 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/gt/app/color-notes/id830515136 Version: 1.4 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a...

Monstra CMS 3.0.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover Vulnerability

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed. Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status:...

Blacknote 2.2.1 - Denial of Service Exploit

Exploit Title: Blacknote 2.2.1 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=esMX Version: 2.2.1 Category: DoS Android Vulnerability BlackNote Bloc de notas is vulnerable to a DoS condition when a...

VMware ESXi OpenSLP Heap Overflow Exploit

Proof of concept exploit for the OpenSLP heap overflow in VMware ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG. !/usr/bin/python3 CVE-2021-21974 PoC Exploit By: Johnny Yu @staightblast Tested against: 1 VMware ESXi 6.7.0...

Gitlab 13.9.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/1125425...

Exim base64d Buffer Overflow Exploit

!/usr/bin/python import sys import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; email protected" print def connecthost, port: global s global f s = socket.createconnectionhost,port f = s.makefile'rw', bufsize=0 def p...

CHIYU IoT Devices - Denial of Service Vulnerability

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all firmware versions 32...

Notepad notes 2.6.7 - Denial of Service Exploit

Exploit Title: Notepad notes 2.6.7 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.hlcsdev.x.notepad&hl=esMX Version: 2.6.7 Category: DoS Android Vulnerability Bloc de notas is vulnerable to a DoS condition when a long lists of...

4Images 1.8 - (redirect) Reflected XSS Vulnerability

Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...

ColorNote 4.1.9 - Denial of Service Exploit

Exploit Title: ColorNote 4.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=esMX Version: 4.1.9 Category: DoS Android Vulnerability Color Note is vulnerable to a DoS condition when a...

Microsoft RDP Remote Code Execution Exploit

!/usr/bin/python import socket from OpenSSL import from struct import pack, unpack from sys import argv, exit class x224ConnectionRequestPacket: def initself: total of 8 bytes self.rdpNegReq = pack ' 1110 E CDT - 0000 0 for class 0 and 1 0, dest-ref , 2 bytes fuzzable 0, src-ref , 2 bytes fuzzabl...

Cisco SD-WAN vManage 19.2.2 Remote Root Exploit

Cisco SD-WAN vManage 19.2.2 Remote Root Shell PoC / This PoC exploits CVE-2020–3387 through CVE-2020–3437 / function exploit var payload = new Image1,1; payload.src =...

FUDForum 3.1.0 - (srch) Reflected XSS Vulnerability

Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...

PHP 8.1.0-dev - (User-Agentt) Remote Code Execution Exploit

Exploit Title: PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Exploit Author: flast101 Vendor Homepage: https://www.php.net/ Software Link: - https://hub.docker.com/r/phpdaily/php - https://github.com/phpdaily/php Version: 8.1.0-dev Tested on: Ubuntu 20.04 References: -...

BasicNote 1.1.9 - Denial of Service Exploit

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is vulnerable to a DoS...

FUDForum 3.1.0 - (author) Reflected XSS Vulnerability

Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27520...

CHIYU IoT Devices - (Telnet) Authentication Bypass Exploit

Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware versions June 20...

Seo Panel 4.8.0 - (search_name) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417 -Description: A...

Cacti 1.2.12 SQL Injection / Remote Command Execution Exploit

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the pathphpbinary value is changed within the settings tab...

Seo Panel 4.8.0 - (from_time) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'fromtime' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28420 -Description: A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers ...

Products.PluggableAuthService 2.6.0 - Open Redirect Vulnerability

Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect Exploit Author: Piyush Patil Affected Component: Pluggable Zope authentication/authorization framework Component Link: https://pypi.org/project/Products.PluggableAuthService/ Version: =2.6.1"...

Thecus N4800Eco Nas Server Control Panel - Comand Injection Exploit

Exploit Title: Thecus N4800Eco Nas Server Control Panel - Comand Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: http://www.thecus.com/ Software Link: http://www.thecus.com/product.php?PRODID=83 Version: N4800Eco Description:...

Intel(R) Audio Service x64 01.00.1080.0 - (IntelAudioService) Unquoted Service Path Vulnerability

Exploit Title: IntelR Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 01.00.1080.0 File Version: 1.00.1080.0 Tested on: Microsoft® Windows 10 Home Single Language 10.0.19042 x64 es...

Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker apache/airflow:1.10 .10...

GetSimple CMS 3.3.4 - Information Disclosure Exploit

Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...

Seo Panel 4.8.0 - (category) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'category' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28418 -Description: A...

ProjeQtOr Project Management 9.1.4 - Remote Code Execution Vulnerability

Exploit Title: ProjeQtOr Project Management 9.1.4 - Remote Code Execution Exploit Author: Temel Demir Vendor Homepage: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV9.1.4.zip Version: v9.1.4 Tested on: Laragon @WIN10 Description : Remote co...

Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration) Exploit

Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure Username Enumeration Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Vulnerable versions: version 8.11.x to 8.15.0 Tested on: Kali Linux Proof Of...