Ray OS v2.6.3 - Command Injection Exploit

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution. import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET =...

CHAOS RAT 5.0.1 Remote Command Execution Exploit

CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server. Exploit Title: CHAOS RAT v5.0.1 RCE Exploit Author: @chebuya Software Link: https://github.com/tiagorlampert/CHAOS...

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure Vulnerability

An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account,...

Daily Expense Manager 1.0 - (term) SQL injection Vulnerability

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link: https://download-media.code-projects.org/2020/01/DAILYEXPENSEMANAGERINPHPWITHSOURCECODE.zip Version: 1.0...

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass Exploit

Exploit Title: Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass Author: LiquidWorm Vendor: Positron srl Product web page: https://www.positron.it https://www.positron.it/prodotti/apparati-broadcast/stereo-multicoder/tra-7005/ Affected version: 1.20 TRA7K5REV107 TRA7K5REV1...

Best Student Result Management System v1.0 - Multiple SQL injection Vulnerability

Title: Best Student Result Management System v1.0 - Multiple SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

AnyDesk 7.0.15 - Unquoted Service Path Vulnerability

Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download Version: Software Version 7.0.15 Tested on:...

Wordpress Travelscape v1.0.3 Theme - Arbitrary File Upload Exploit

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from multiprocessing.dummy impor...

UP-RESULT 0.1 2024 SQL Injection Vulnerability

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference: https://portswigger.net/web-security/sql-injection...

Open Source Medicine Ordering System v1.0 - SQL injection Exploit

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb Extracted Admin Users...

Invision Community 4.7.15 SQL Injection Vulnerability

-------------------------------------------------------------------- Invision Community filter and \isarray \IPS\Request::i-filter 128 129 $url = $url-setQueryString 'filter', \IPS\Request::i-filter ; 130 foreach \IPS\Request::i-filter as $filterId = $allowedValues 131 132 $where = array...

Invision Community 4.7.16 Remote Code Execution Vulnerability

------------------------------------------------------------------------------ Invision Community = 4.7.16 toolbar.php Remote Code Execution Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

Human Resource Management System v1.0 - Multiple SQL injection Vulnerability

Title: Human Resource Management System v1.0 - Multiple SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Reference:...

WordPress Membership For WooCommerce Shell Upload Vulnerability

Exploit Title: Wordpress Plugin - Membership For WooCommerce Resultz Uploader Uploaded ?PHP...

User Registration And Login And User Management System 3.2 SQL Injection Vulnerability

Exploit Title: User Registration & Login and User Management System v3.2 - SQL Injection Unauthenticated Exploit Author: Yusuf DİNÇ Google Dork: NA Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/...

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...

ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Vulnerability

Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Vendor : https://www.eset.com Version : 17.0.16.0 Tested on OS: Microsoft Windows 10 pro x64 C:\wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v...

Wordpress Alemha Watermarker 1.3.1 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will run on anyone who...

Computer Laboratory Management System v1.0 - Multiple SQL injection Vulnerability

Title: Computer Laboratory Management System v1.0 - Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...

Quick CMS v6.7 en 2023 - (password) SQL injection Vulnerability

Title: Quick CMS v6.7 en 2023 - 'password' SQLi Author: nu11secur1ty Vendor: https://opensolution.org/ Software: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Reference: https://portswigger.net/web-security/sql-injection Description: The password parameter is vulnerable f...

ASUS Control Center Express 01.06.15 - Unquoted Service Path Vulnerability

Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path Privilege Escalation Exploit Author: Alaa Kachouh Vendor Homepage: https://www.asus.com/campaign/ASUS-Control-Center-Express/global/ Version: Up to 01.06.15 Tested on: Windows CVE: CVE-2024-27673...

Rapid7 nexpose - (nexposeconsole) Unquoted Service Path Vulnerability

Exploit Title: Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.rapid7.com/ Software Link: https://www.rapid7.com/products/nexpose/ Version: 6.6.240 Tested: Windows 10 x64 Step to discover Unquoted Service Path: C:\Users\saudhwmic...

GL.iNet MT6000 4.5.5 - Arbitrary File Download Exploit

Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...

Daily Habit Tracker 1.0 - SQL Injection Vulnerability

Exploit Title: Daily Habit Tracker 1.0 - SQL Injection Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian CVE :...

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) Exploit

Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip Version: 1.0 Tested on:...

Employee Management System 1.0 - (txtusername) and (txtpassword) SQL Injection Vulnerability

Exploit Title: Employee Management System 1.0 - txtusername and txtpassword SQL Injection Admin Login Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on:...

Employee Management System 1.0 - (txtfullname) and (txtphone) SQL Injection Vulnerability

Exploit Title: Employee Management System 1.0 - txtfullname and txtphone SQL Injection Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on: Debian CVE :...

Hospital Management System v1.0 - Stored Cross Site Scripting Vulnerability

Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting XSS Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://code-projects.org Software Link: https://code-projects.org/hospital-management-system-in-php-css-javascript-and-mysql-free-download/ Version: v1.0 Tested o...

OpenCart Core 4.0.2.3 - (search) SQL injection Vulnerability

Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description : Opencart allows...

Petrol Pump Management Software v1.0 - Remote Code Execution Vulnerability

Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution RCE Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: v1.0 Tested on:...

Daily Habit Tracker 1.0 - Broken Access Control Vulnerability

Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian CVE :...

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit

Exploit Title : Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit Author: E1 Coders CVE: CVE-2024-21338 require 'msf/core' class MetasploitModule 'CVE-2024-21338 Exploit', 'Description' = 'This module exploits a vulnerability in FooBar version 1.0. It may lead to remote code...

Simple Backup Plugin 2.7.10 - Path Traversal Exploit

Exploit Title: Simple Backup Plugin 0: printresponse.text Replace with the desired action for the downloaded content filepath = f'simplebackupfilename' with openfilepath, 'wb' as file: file.writeresponse.content printf'File saved in: filepath' else: print"Nothing was downloaded. You can try to...

Smart School 6.4.1 - SQL Injection Vulnerability

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

TeamCity Agent XML-RPC Command Execution Exploit

This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was t...

FoF Pretty Mail 1.1.2 Local File Inclusion Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail...

FoF Pretty Mail 1.1.2 Server-Side Template Injection Vulnerability

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS...

BioTime Directory Traversal / Remote Code Execution Exploit

BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5. . . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on...

Intel PowerGadget 3.6 Local Privilege Escalation Vulnerability

Vulnerability summary: Local Privilege Escalation from regular user to SYSTEM, via conhost.exe hijacking triggered by MSI installer in repair mode Affected Products: Intel PowerGadget Affected Versions: tested on PowerGadget3.6.msi a3834b2559c18e6797ba945d685bf174, file signed on ‎Monday, ‎Februa...

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution Exploit

Exploit Title: Gibbon LMS has an SSTI vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamIslam Rzayev,Fikrat Guliev, Ali Maharramli Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu 22.0 CVE :...

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service Exploit

Exploit Title: CVE-2024-27686: RouterOS-SMB-DOS Exploit Author: ice-wzl, Solstice Cyber Solutions Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download/archive Version: RouterOS devices ranging from 6.40.5 - 6.44 and 6.48.1 - 6.49.10 Tested on: RouterOS 6.40.5 - 6.44...

NodeBB v3.6.7 Broken Access Control Vulnerability

Exploit Title: Broken Access Control - on NodeBB v3.6.7 Exploit Author: Vibhor Sharma Vendor Homepage: https://nodebb.org/ Version: 3.6.7 Description: I identified a broken access control vulnerability in nodeBB v3.6.7, enabling attackers to access restricted information intended solely for...

Dell Security Management Server <1.9.0 - Local Privilege Escalation Exploit

Exploit Title: title Dell Security Management Server versions prior to 11.9.0 Exploit Author: author Amirhossein Bahramizadeh CVE : if applicable CVE-2023-32479 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege...

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure Exploit

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6 host detect by...

Purei CMS 1.0 - SQL Injection Vulnerability

Exploit Title: Purei CMS 1.0 - SQL Injection Exploit Author: Number 7 Vendor Homepage: purei.com Version: 1.0 Tested on: Linux Introduction: An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection transpires when web...

Workout Journal App 1.0 - Stored XSS Vulnerability

Exploit Title: Workout Journal App 1.0 - Stored XSS Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows / MacOS / Linux CVE...