Acer Backup Manager Module 3.0.0.99 Unquoted Service Path Vulnerability

Exploit Title: Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 3.0.0.99 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step t...

ASUS HID Access Service 1.0.94.0 - (AsHidSrv.exe) Unquoted Service Path Vulnerability

Exploit Title: ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path Exploit Author: Alejandra Sánchez Vendor Homepage: www.asus.com Version: 1.0.94.0 Tested on: Windows 10 Pro x64 es Description: ATK Hotkey 1.0.94.0 suffers from an unquoted search path issue impacting the servi...

COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Auth Bypass Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 SQL Injection:...

Visual Studio Code 1.47.1 - Denial of Service Vulnerability

Exploit Tittle: Visual Studio Code 1.47.1 - Denial of Service Poc Exploit Author: H.H.A.Ravindu Priyankara Category: Denial of ServiceDOS Tested Version:1.47.1 Vendor: Microsoft Software Download Link:https://code.visualstudio.com/updates/ Write-Host "...

ManageEngine ADSelfService Plus 6.1 - CSV Injection Exploit

Exploit Title: ManageEngine ADSelfService Plus 6.1 - CSV Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: 6.1 Description:...

COVID19 Testing Management System 1.0 - (Admin name) Cross-Site Scripting Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 == Store...

Microsoft ACL Shortcomings Vulnerability

Hi @ll, the following is a substantially shortened version of and Windows NT supports access control for almost all its objects, "How Security Descriptors and Access Control Lists Work" and "How Permissions Work" provide a comprehensive and exhaustive explanation. "Access Control Lists" provides ...

NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery Vulnerability

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address. NiceHash Miner Excavator API Cross-Site...

WordPress Stop Spammers 2021.8 Plugin - (log) Reflected Cross-site Scripting Vulnerability

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link: https://downloads.wordpress.org/plugin/stop-spammer-registrations-plugin.zip...

In4Suit ERP 3.2.74.1370 - (txtLoginId) SQL injection Vulnerability

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite ERP 3.2.74.1370...

WebSSH for iOS 14.16.10 - (mashREPL) Denial of Service Exploit

Exploit Title: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service PoC Author: Luis Martinez Vendor Homepage: https://apps.apple.com/mx/app/webssh-ssh-client/id497714887 Software Link: App Store for iOS devices Tested Version: 14.16.10 Vulnerability Type: Denial of Service DoS Local Tested on...

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution Exploit

rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution. !/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/...

EgavilanMedia PHPCRUD 1.0 - (First Name) SQL Injection Vulnerability

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux 10 Vulnerable...

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and automated downloads of...

NetMotion Mobility Server MvcUtil Java Deserialization Exploit

This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server's MvcUtil.valueStringToObject method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x befo...

Customer Relationship Management (CRM) System 1.0 - (Category) Persistent Cross site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Printable Staff ID Card Creator System 1.0 - SQL injection / RCE via Arbitrary File Upload

Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable Staff ID Card...

Billing Management System 2.0 - Union based SQL injection (Authenticated) Vulnerability

Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...

IPFire 2.25 - Remote Code Execution (Authenticated) Exploit

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 156 Tested on: parr...

Dell DBUtil_2_3.sys IOCTL Memory Read / Write Exploit

The DBUtil23.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker to read and write kernel-mode memory. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Simple Chatbot Application 1.0 - (Category) Stored Cross site Scripting Vulnerability

Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on:...

Microsoft Internet Explorer 8 - (SetMouseCapture) Use After Free Exploit

Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free CVE : CVE-2013-3893 PoC: https://github.com/travelworld/cve20133893trigger.html/blob/gh-pages/params.json Exploit Author: SlidingWindow Vendor Advisory:...

Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...

Microsoft Windows TokenMagic Privilege Escalation Exploit

This Metasploit module leverages a UAC bypass TokenMagic in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected. This module requires Metasploit: https://metasploit.com/download Current source:...

Dental Clinic Appointment Reservation System 1.0 - (Firstname) Persistent Cross Site Scripting

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting Authenticated Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Exploit

Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE Authenticated Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE: CVE-2018-19422...

Podcast Generator 3.1 - (Long Description) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting XSS Exploit Author: Ayşenur KARAASLAN Vendor Homepage: https://podcastgenerator.net/demoV2/ Software Link: https://podcastgenerator.net/download and...

Student Management System 1.0 - (message) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Student Management System 1.0 - 'message' Persistent Cross-Site Scripting Authenticated Exploit Author: mohsen khashei kh4sh3i or email protected Vendor Homepage: https://github.com/amirhamza05/Student-Management-System Software Link:...

Chamilo LMS 1.11.14 - Remote Code Execution Exploit

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

Dental Clinic Appointment Reservation System 1.0 - (date) UNION based SQL Injection Vulnerability

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection Authenticated Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Microsoft Internet Explorer jscript9.dll Memory Corruption Exploit

There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. Internet Explorer:...

Mozilla Firefox 72 IonMonkey - JIT Type Confusion Exploit

Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://www.mozilla.org/en-US/firefox/new/ Versions: Firefox | | /| \ | |\ / / \ | | / | | / / / / |/ | /|/ \ / / || /|| / / / / /...

ScadaBR 1.0 / 1.1CE Windows Shell Upload Exploit

!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Windows7,...

Microsoft Internet Explorer 8/11 and WPAD service (Jscript.dll) - Use-After-Free Exploit

Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit as well as the...

OpenPLC WebServer 3 Remote Code Execution Exploit

Exploit Title: OpenPLC WebServer v3 - Authenticated Remote Code Execution Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster CVE: N/A...

ZeroShell 3.9.0 - Remote Command Execution Exploit

Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests import optparse import...

Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass Vulnerability

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass SQLi Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

ScadaBR 1.0 / 1.1CE Linux Shell Upload Exploit

!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Debian9,10Ubuntu16.04 CVE : CVE-2021-2682...

Hexagon G!nius Auskunftsportal SQL Injection Vulnerability

CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. Additional Information PoC Payload: id=test' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR113||...

ERPNext 12.18.0 / 13.0.0 Cross Site Scripting Vulnerability

Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta Vendor: Frappé Technologies https://frappe.io Credits: Troven...

ERPNext 12.18.0 / 13.0.0 SQL Injection Vulnerability

Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta Vendor: Frappé Technologies https://frappe.io Credits: Trovent...

Customer Relationship Management (CRM) System 1.0 SQL Injection Vulnerability

Exploit Title: Customer Relationship Management CRM System 1.0 - Admin Bypass SQLi Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Vulnerability

Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows 10 Pro 20H2 x64...

Chevereto 3.17.1 - Cross Site Scripting (Stored) Vulnerability

Exploit Title: Chevereto 3.17.1 - Cross Site Scripting Stored Google Dork: "powered by chevereto" Exploit Author: Akıner Kısa Vendor Homepage: https://chevereto.com/ Software Link: https://chevereto.com/releases Version: 3.17.1 Tested on: Windows 10 / Xampp Proof of Concept: 1. Press the Upload...

Customer Relationship Management (CRM) System 1.0 Shell Upload Vulnerability

Exploit Title: Customer Relationship Management CRM Unrestricted File Upload unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Customer Relationship Management (CRM) System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Customer Relationship Management CRM System 1.0 - Stored XSS Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

ExifTool DjVu ANT Perl Injection Exploit

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF...

SIS-REWE GO 7.5.0/12C Cross Site Scripting Vulnerability

======================================================================= title: Reflected Cross-site Scripting Vulnerabilities product: SIS Informatik - REWE GO vulnerable version: 7.5.0/12C fixed version: 7.7 SP17 CVE number: CVE-2021-31537 impact: Medium homepage:https://sisinformatik.com/rewe-g...

Odoo 12.0.20190101 - (nssm.exe) Unquoted Service Path Vulnerability

Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path Exploit Author: 1F98D Vendor Homepage: https://www.odoo.com/ Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo12.0.20190101.exe Tested Version: 12.0.20190101 Tested on OS: Windows Step to discover Unquoted Servic...