39001 matches found
Navigate CMS 2.8.7 - (sidx) SQL Injection (Authenticated) Exploit
Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - ''sidx' SQL Injection Authenticated Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...
IObit Uninstaller 9.5.0.15 - (IObit Uninstaller Service) Unquoted Service Path Vulnerability
Title: IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path Author: Gobinathan L Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.5.0.15 Tested on: Windows 10 64bitEN About Unquoted Service Path :...
Cayin Digital Signage System xPost 2.5 - Remote Command Injection Exploit
Exploit for multiple platform in category web applications Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor:...
SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Vulnerability
Exploit for hardware platform in category web applications Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write...
Online Marriage Registration System 1.0 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Marriage Registration System 1.0 Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/ Software Link:...
Cayin Content Management Server 11.0 - Remote Command Injection (root) Vulnerability
Exploit for multiple platform in category web applications Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd...
Clinic Management System 1.0 - Unauthenticated Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Clinic Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link...
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" &...
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User) Vulnerability
Exploit for hardware platform in category web applications Title: SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery Add Super User Author: LiquidWorm Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User...
Cayin Signage Media Player 3.0 - Remote Command Injection (root) Exploit
Exploit for multiple platform in category web applications Title: Cayin Signage Media Player 3.0 - Remote Command Injection root Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology...
Oriol Espinal CMS 1.0 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection Google Dork: inurl:/eotoolsshare/ Exploit Author: TSAR Vendor Homepage: http://www.oriolespinal.es/eowd Software Link: http://www.oriolespinal.es/eotools Version: ALL VERSION UP TO LATE...
Hostel Management System 2.0 - (id) SQL Injection (Unauthenticated)
Exploit for php platform in category web applications Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Unauthenticated Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link:...
Navigate CMS 2.8.7 - Authenticated Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...
AirControl 1.4.2 - PreAuth Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...
Sabberworm PHP CSS Code Injection Vulnerability
Exploit for php platform in category web applications Sabberworm PHP CSS parser - Code injection =============================================================================== Identifiers ------------------------------------------------- CVE-2020-13756 CVSSv3 score...
vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
JSC JIT Out-Of-Bounds Access Vulnerability
The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations and vice versa during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations. JSC: JIT: Incorrect Common Subexpressi...
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: OpenCart 3.0.3.2 - Stored Cross Site Scripting Authenticated Exploit Author: Kailash Bohara Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart...
Clinic Management System 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Clinic Management System 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
vBulletin 5.6.1 SQL Injection Exploit
This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the...
Microsoft Windows - (SMBGhost) Remote Code Execution Exploit
!/usr/bin/env python ''' EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of m...
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...
We-Com OpenData CMS 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.0 Tested on: 5.5.0-kali1-amd64 --------------------------------------------------------...
We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: We-com Municipality portal CMS SQL Injection & XSS Vulnerability Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.1.x Tested on: 5.5.0-kali1-amd64...
VMware vCenter Server 6.7 - Authentication Bypass Exploit
Exploit for multiple platform in category web applications Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2020-0006.html Version: vCenter Server 6.7 before update 3f Tested on: vCenter...
Wordpress BBPress 2.5 Plugin - Unauthenticated Privilege Escalation Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Exploit Author: Raphael Karger Software Link: https://codex.bbpress.org/releases/ Version: BBPress 2.5 CVE: CVE-2020-13693 import argparse import requests impor...
macOS/x64 zsh RickRolling Shellcode (198 bytes)
/ Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems Volume, set the Volume to Maximum, and "Rick Roll" the user every time...
WordPress Multi-Scheduler 1.0.0 Plugin - Cross-Site Request Forgery (Delete User) Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://www.bdtask.com/ Software Link: https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.z...
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station...
Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Vulnerability
Exploit for multiple platform in category web applications Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version :...
Online-Exam-System 2015 - (fid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online-Exam-System 2015 - 'fid' SQL Injection Exploit Author: Berk Dusunur Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on:...
NOKIA VitalSuite SPM 2020 - (UserName) SQL Injection Vulnerability
Exploit for multiple platform in category web applications Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/...
EyouCMS 1.4.6 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://eyoucms.com Software Link:...
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Kuicms Php EE 2.0 - Persistent Cross-Site Scripting Vendor Homepage: https://kuicms.com Software Link: https://kuicms.com/kuicms.zip Version: Kuicms Php EE 2.0 Tested on: Windows CVE : N/A Vulnerable Request: POST...
OXID eShop 6.3.4 - (sorting) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: OXID eShop 6.3.4 - 'sorting' SQL Injection Exploit Author: VulnSpy Vendor Homepage: https://www.oxid-esales.com/ Software Link: https://github.com/OXID-eSales/oxideshopce Version: Versions 6.x prior to 6.3.4 Tested on:...
osTicket 1.14.1 - (Saved Search) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link:...
Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...
LimeSurvey 4.1.11 - (Permission Roles) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 Patch Link:...
osTicket 1.14.1 - (Ticket Queue) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link:...
BIND - (TSIG) Denial of Service Exploit
BIND - TSIG Denial of Service Exploit !/usr/bin/python coding:utf-8 from scapy.all import DNS, DNSQR, IP, sr1, UDP, DNSRRTSIG, DNSRROPT tsig = DNSRRTSIGrrname="local-ddns", algoname="hmac-sha256", rclass=255, maclen=0, macdata="", timesigned=0, fudge=300, error=16 dnsreq =...
OpenEMR 5.0.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Title: OpenEMR 5.0.1 - Remote Code Execution Exploit Author: Musyoka Ian Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...
StreamRipper32 2.6 - Buffer Overflow Exploit
Exploit Title: StreamRipper32 2.6 - Buffer Overflow PoC Exploit Author: Andy Bowden Tested On: Win10 x64 Download Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Vendor Page: http://streamripper.sourceforge.net/ Version: 2.6 Steps To Reproduce: Double click on "Add" in...
Online Discussion Forum Site 1.0 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...
WordPress Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Exploit Author: Austin Martin Google Dork: inurl:wp-content/uploads/wpdndcf7uploads/ Google Dork:...
Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...
GoldWave - Buffer Overflow (SEH Unicode) Exploit
Exploit Title: GoldWave 5.70 – Buffer Overflow SEH Unicode Exploit Author: Andy Bowden Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Download Link: http://goldwave.com//downloads/gwave570.exe Tested on: Windows 10 x86 PoC 1. generate crash.txt, copy contents to clipboard 2. open gold...
Pi-hole 4.4.0 - Remote Code Execution (Authenticated) Exploit
Exploit for linux platform in category web applications Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on:...
Wordpress Form Maker 5.4.1 Plugin - (s) SQL Injection (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research Vender Homepage: https://help.10web.io/ Version: = 5.4.1 Tested on: Ubuntu 18.04 Description: SQL injection i...
Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Open-AudIT 3.3.0 - Reflective Cross-Site Scripting Authenticated Exploit Author: Kamaljeet Kumar Vendor Homepage: https://opmantek.com/network-discovery-inventory-software/ Software Link: https://www.open-audit.org/downloads.php...