DHCP Broadband 4.1.0.1503 - (dhcpt.exe) Unquoted Service Path Vulnerability

Exploit Title: DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/dhcpbbv4retailx64.exe Tested Version: 4.1.0.1503 Vulnerability Type: Unquoted...

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is disabled by...

TFTP Broadband 4.3.0.1465 - (tftpt.exe) Unquoted Service Path Vulnerability

Exploit Title: TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/tftpbbv4retailx64.exe Tested Version: 4.3.0.1465 Vulnerability Type: Unquoted...

Linux/x86 - setreuid(0) + execve(/bin/sh) Shellcode (29 bytes)

/ Author: Artur ajes Szymczak 2021 Function: Linux x86 shellcode, setreuid to 0 and then execute /bin/sh Size: 29 bytes Testing: $ gcc -fno-stack-protector -z execstack shellcodetester.c -o shellcode shellcodetester.c: In function ‘main’: shellcodetester.c:25:2: warning: incompatible implicit...

OpenNetAdmin 18.1.1 Remote Command Execution Exploit

OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe...

AWS CloudShell Terminal Escape Injection / Remote Code Execution Vulnerabilities

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance. Terminal escape injection in AWS CloudShell The javascript terminal emulator used by...

BOOTP Turbo 2.0.0.1253 - (bootpt.exe) Unquoted Service Path Vulnerability

Exploit Title: BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/bootptdemox64.exe Tested Version: 2.0.0.1253 Vulnerability Type: Unquoted Service Pa...

PHP Timeclock 1.04 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on: PHP 4.4.9/5.3.3...

PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Vulnerability

Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on: PHP...

macOS Gatekeeper Check Bypass Exploit

This Metasploit module serves an OSX app as a zip that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If t...

Human Resource Information System 0.1 - Remote Code Execution Exploit

Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Human Resource Information System 0.1 - (First Name) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Voting System 1.0 - Remote Code Execution (Unauthenticated) Vulnerability

Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Sandboxie 5.49.7 - Denial of Service Exploit

Exploit Title: Sandboxie 5.49.7 - Denial of Service PoC Author: Erick Galindo Vendor Homepage: https://sandboxie-plus.com/ Software https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Classic-x64-v5.49.7.exe Version: 5.49.7 Tested on: Windows 10 Pro x64 es Proof of...

WifiHotSpot 1.0.0.0 - (WifiHotSpotService.exe) Unquoted Service Path Vulnerability

Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to...

Epic Games Rocket League 1.95 - Stack Buffer Overrun Vulnerability

Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com Epic Games Rocket League 1.95 AK::MemoryMgr::GetPoolName Stack Buffer Overrun Vendor: Epic Games Inc. | Psyonix, LLC Product web...

Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation Vulnerability

Exploit Title: Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation Date: 04.05.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.easy.ac Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation Vendor: Epic Games, Inc. Product web page:...

Sandboxie Plus 0.7.4 - (SbieSvc) Unquoted Service Path Vulnerability

Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Service Path Tested on OS: Window...

Voting System 1.0 - Authentication Bypass Vulnerability

Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link: https://www.sourcecodester.com/download-code?nid=12306&title=Voting+System+using+PHP%2FMySQLi+with+Source+Co...

Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated) Vulnerability

...

b2evolution 7-2-2 - (cf_name) SQL Injection Exploit

Exploit Title: b2evolution 7-2-2 - 'cfname' SQL Injection Author: @nu11secur1ty Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE: CVE-2021-28242 Proof: https://streamable.com/x51kso + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28242 from...

Wordpress WP Super Edit 2.5.4 Plugin - Remote File Upload Vulnerability

Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dork :...

Schlix CMS 2.2.6-6 - (title) Persistent Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Markright 1.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: Markright 1.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/dvcrn/markright Version: 1.0 Tested on: Linux, MacOs,Windows Software Description: A minimalist discount editor with github flavor, ...

Marky 0.0.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Marky 0.0.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an editor for markdown with a friendly...

StudyMD 0.3.2 - XSS to Remote Command Execution Vulnerability

Exploit Title: StudyMD 0.3.2 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jotron/StudyMD Version: 0.3.2 Tested on: Windows, Linux, MacOs Software Description: A cool app to study with markdown. Turns your...

Moeditor 0.2.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: Moeditor 0.2.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://moeditor.js.org/ Version: 0.2.0 Tested on: Windows, Linux, MacOs Software Description: Software to view and edit sales documentation Moeditor...

SnipCommand 0.1.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: SnipCommand 0.1.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux, MacOs Software Description: Open source command snippets manage...

Markdown Explorer 0.1.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Markdown Explorer 0.1.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jersou/markdown-explorer Version: 0.1.1 Tested on: Windows, Linux, MacOs Software Description: Easily explore, view and ed...

Xmind 2020 - XSS to Remote Command Execution Vulnerability

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and brainstorming tool,...

Anote 1.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: Anote 1.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/AnotherNote/anote Version: 1.0 Tested on: Linux, MacOs Software Description: A simple opensource note app support markdown only, anote...

Freeter 1.2.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Freeter 1.2.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://freeter.io/ Version: 1.2.1 Tested on: Windows, Linux, MacOs Software Description: It is an organizer for design, it allows you to work on as ma...

Markdownify 1.2.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: Markdownify 1.2.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/amitmerchant1990/electron-markdownify Version: 1.2.0 Tested on: Windows, Linux, MacOs Software Description: It is a lightweight...

Tagstoo 2.0.1 - Stored XSS to Remote Command Execution Vulnerability

Exploit Title: Tagstoo 2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacOs Software Description: Software to tag folders and files, with...

Savsoft Quiz 5 - (User Account Settings) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting Exploit Author: strider Software Link: https://github.com/savsofts/savsoftquizv5 Vendor: https://savsoftquiz.com Version: 5.0 Tested on: Ubuntu 20.04 LTS / Kali Linux...

IGEL OS Secure VNC/Terminal Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow services. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IGEL OS Secure...

Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution Exploit

This Metasploit module exploits an issue in the V8 engine on x86x64 builds of Google Chrome versions prior to 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process...

Human Resource Information System 1.0 Authentication Bypass / Account Creation Exploit

Exploit Title: Human Resource Information System 1.0 - Create Admin Account Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html Version:1.0 Tested on: windows...

Internship Portal Management System 1.0 - Remote Code Execution Via File Upload Exploit

Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload Unauthenticated Exploit Author: argenestel Vendor Homepage: https://www.sourcecodester.com/php/11712/internship-portal-management-system.html Software Link:...

TYPO3 6.2.1 SQL Injection Exploit

Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on backend.php Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://typo3.org/ Link: https://get.typo3.org/version/6.2.1 CVE: CVE-2021-31777 Proof: https://streamable.com/8v7v4i + Exploit Source:...

Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution Vulnerabilities

Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 SQL Injection...

GravCMS 1.10.7 Remote Command Execution Exploit

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and...

Gadget Works Online Ordering System 1.0 SQL Injection Vulnerability

Gadget Works Online Ordering System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Exploit Author: Richard Jones Vendor Homepage:...

Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)

Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...

Voting System 1.0 - Time based SQL injection Vulnerability

Exploit Title: Voting System 1.0 - Time based SQLI Unauthenticated SQL injection Exploit Author: Syed Sheeraz Ali Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)

Shellcode Title: Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode 205 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Shellcode Description: 64bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB & ExportTable method. Contai...

GitLab Community Edition (CE) 13.10.3 - (Sign_Up) User Enumeration Vulnerability

Exploit Title: GitLab Community Edition CE 13.10.3 - 'SignUp' User Enumeration Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 INFO: An unauthenticated attacker can remotely enumerate the existence of different...

Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)

Shellcode Title: Windows/x64 - Dynamic NoNull Add RDP Admin BOKU:SP3C1ALM0V3 Shellcode 387 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Full Disclosure: github.com/boku7/x64win-AddRdpAdminShellcode Shellcode Description: 64bit Windows 10...

GitLab Community Edition (CE) 13.10.3 - User Enumeration Exploit

Exploit Title: GitLab Community Edition CE 13.10.3 - User Enumeration Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 !/bin/bash Colors RED='\03338;5;196m' GREEN='\e38;5;47m' NC='\0330m' BOLD='\e1m'...

GetSimple CMS Custom JS 0.1 - CSRF to Stored XSS to Remote Code Execution Exploit

Exploit Title: GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Exploit Author: Bobby Cooke boku & Abhishek Joshi Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download/ & http://get-simple.info/extend/plugin/custom-js/1267/ Vendor: 4Enzo Version: v0.1 Tested again...