39001 matches found
Victor CMS 1.0 - (add_user) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'adduser' Persistent Cross-Site Scripting Exploit Author: Nitya Nand Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1....
Synology DiskStation Manager - smart.cgi Remote Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule \d+&minor=?\d+&build=?\d+ &junior=\d+&unique=synology\w+?^&+/x.freeze def initializeinfo = super updateinfo info, 'Name' = 'Synology DiskStation...
Joomla XCloner Backup 3.5.3 Plugin - Local File Inclusion (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion Authenticated Exploit Author: Mehmet Kelepçe / Gais Cyber Security Exploit-Db Author ID: 8763 Reference:...
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP,ASLR) Exploit
Exploit title: VUPlayer 2.49 .m3u - Local Buffer Overflow DEP,ASLR Exploit Author: Gobinathan L Vendor Homepage: http://www.vuplayer.com/ Version: v2.49 Tested on: Windows 7 Professional with ALSR and Full DEP Turned ON. Usage : $ python .py =================================== VUPlayer 2.49 Explo...
Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://projectworlds.in/ Software Link:...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
OpenEDX platform Ironwood 2.5 - Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian...
AbsoluteTelnet 11.21 - (Username) Denial of Service Exploit
Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21 Vulnerability Type: Denial of...
Composr CMS 10.0.30 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last...
PHPFusion 9.03.50 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
WebLogic Server Deserialization Remote Code Execution Exploit
This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers. This module require...
forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email) Vulnerability
Exploit for php platform in category web applications Exploit Title: forma.lms 5.6.40 - Cross-Site Request Forgery Change Admin Email Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Tested on: XAMPP for Linux 64bit 5.6.40-0 1 - Description - Vulnerable form:...
CloudMe 1.11.2 SEH / DEP / ASLR Buffer Overflow Exploit
Exploit Title: CloudMe 1.11.2 - SEH/DEP/ASLR Buffer Overflow Exploit Author: Xenofon Vassilakopoulos Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: CloudMe 1.11.2 Tested on: Windows 7 Professional x86 SP1 Steps to reproduce: 1...
CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit Author: Wade Guest Vendor Homepage: https://craftcms.com/ Software Link: https://plugins.craftcms.com/vcard Vulnerability Details:...
Mikrotik Router Monitoring System 1.2.3 - (community) SQL Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection Exploit Author: jul10l1r4 Julio Lira Vendor Homepage: https://mikrotik.com Software Link: https://mikrotik.com/download Version: = 1.2.3 Tested on: Debian ...
qdPM 9.1 - cfg[app_app_name] Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - 'cfgappappname' Persistent Cross-Site Scripting Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://qdpm.net Software Link: https://sourceforge.net/projects/qdpm/ Version: 9.1 Tested on: Windows 10...
online Chatting System 1.0 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: online Chatting System 1.0 - 'id' SQL Injection Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14224/online-chatting-system-using-phpmysql.html Software Link:...
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link:...
HP LinuxKI 6.01 - Remote Command Injection Exploit
Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE: CVE-2020-7209 !/usr/bin/e...
Oracle Hospitality RES 3700 5.7 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: Oracle Hospitality RES 3700 5.7 - Remote Code Execution Exploit Author: Walid Faour Vendor Homepage: https://www.oracle.com/industries/food-beverage/products/res-3700/ Software Link: N/A Available to customers Version: \ ...
Submitty 20.04.01 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Submitty 20.04.01 - Persistent Cross-Site Scripting Exploit Author: humblelad Vendor Homepage: http://submitty.org/ Software Link: https://github.com/Submitty/Submitty/releases Version: 20.04.01 Tested on: Mac Os Catalina CVE :...
Pi-Hole - heisenbergCompensator Blocklist OS Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole heisenbergCompensator Blocklist OS Command Execution', 'Description' = %q This exploits a command execution in Pi-Hole MSFLICENSE, 'Autho...
php-fusion 9.03.50 - (ctype) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version:...
Konica Minolta FTP Utility 1.0 - (LIST) Denial of Service Exploit
Exploit Title: Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service PoC v2 Found by: Alvaro J. Gene Socket0x03 Email: Socket0x03 at teraexe dot com Website: www dot teraexe dot com Vulnerable Application: Konica Minolta FTP Utility Version: 1.0 Server: FTP Server Vulnerable Command: LIST...
Online Examination System 1.0 - (eid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Examination System 1.0 - 'eid' SQL Injection Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14210/online-examination-system-project-using-phpmysql.html Software Link:...
Victor CMS 1.0 - (cat_id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'catid' SQL Injection Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested o...
Online Healthcare management system 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Healthcare management system 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14217/online-healthcare-patient-record-management-system-using-phpmysql.html Software...
Wordpress Ajax Load More 5.3.1 Plugin - (#1) Authenticated SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ajax Load More 5.3.1 - '1' Authenticated SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Vendor Homepage: https://connekthq.com/plugins/ajax-load-more/ Software Link:...
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://monstra.org Software Link: https://bitbucket.org/awilum/monstra/downloads/monstra-3.0.4.zip Version: 3.0.4...
Konica Minolta FTP Utility 1.0 - (NLST) Denial of Service Exploit
Exploit Title: Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service PoC Found by: Alvaro J. Gene Socket0x03 Software Link: https://konica-minolta-ftp-utility.software.informer.com/download/ Vulnerable Application: Konica Minolta FTP Utility Version: 1.0 Server: FTP Server Vulnerable Command:...
Dolibarr 11.0.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Dolibarr 11.0.3 Authenticated Cross Site Scripting Bug: XSS - Cross Site Scripting CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13094 Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSS...
Filetto 1.0 Denial Of Service Exploit
Title: Dolibarr 11.0.3 Authenticated Cross Site Scripting Bug: XSS - Cross Site Scripting CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13094 Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSSv3 Base Score: 7.4 AV:N, AC:L, PR:L, UI:N, S:C, C:L,...
Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization Vulnerability
Protection Licensing Toolkit ReadyAPI version 3.2.5 suffers from an unsafe deserialization vulnerability that allows for remote code execution. Product: Protection Licensing Toolkit, SoapUI/LoadUI/ServiceV Pro Manufacturer: jProductivity LLC, SmartBear Software Affected Versions: - ReadyAPI 3.2.5...
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Healthcare Patient Record Management System 1.0 - Authentication Bypass Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.sourcecodester.com Software Link:...
Victor CMS 1.0 - (comment_author) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'commentauthor' Persistent Cross-Site Scripting Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:...
Victor CMS 1.0 - Authenticated Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - Authenticated Arbitrary File Upload Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version...
NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for php platform in category web applications Exploit Title: NukeViet VMS 4.4.00 - Cross-Site Request Forgery Change Admin Password Exploit Author: JEBARAJ Vendor Homepage: https://nukeviet.vn/ Software Link:...
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service Vulnerabilities
------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference CWE-476 Vulnerable version: 2.3.0 - 2.3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution...
Microsoft Windows Task Scheduler Security Feature Bypass Vulnerability
Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his...
ManageEngine AssetExplorer Authenticated Command Execution Vulnerability
ManageEngine AssetExplorer versions prior to 6.5 6503 suffer from an authenticated remote command execution vulnerability. ManageEngine AssetExplorer Authenticated Command Execution Vulnerability Identifiers ------------------------------------------------- CVE-2019-19034...
vBulletin 5.6.1 - (nodeId) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version:...
ManageEngine Service Desk 10.0 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ManageEngine Service Desk 10.0 - Cross-Site Scripting Date: 2020-05-14 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.manageengine.com/ Software Link:...
ACal 2.2.6 Remote Code Execution Exploit
Exploit Title: ACal v2.2.6 - 1-Click Remote Code Execution Exploit Author: Bobby Cooke Date: May 14th, 2020 Vendor Homepage: http://acalproj.sourceforge.net/ Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download Version: 2.2.6 Tested On: Windows 10 Pro 1909 x6486 +...
E-Commerce System 1.0 - Unauthenticated Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: E-Commerce System 1.0 - Unauthenticated Remote Code Execution Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Vendor Homepage: https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html Software...
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation Vulnerability
Cellebrite UFED device implements local operating system policies that can be circumvented to obtain a command prompt. From there privilege escalation is possible using public exploits. Versions 5.0 through 7.5.0.845 are affected. Title: Cellebrite Restricted Desktop Escape and Escalation of User...
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution Google Dork: Not applicable Exploit Author: Seecko Das Vendor Homepage: https://www.crtindia.com/ Version: V3.3.0-190627 Tested on: Windows 10/Linux Kali CVE: N/A...
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH) Exploit
Exploit Title: Dameware Remote Support 12.1.1.273 - Buffer Overflow SEH Exploit Author: gurbanli Vulnerable Software: Solarwinds Dameware Remote Support 12.1.1.273 Vendor Homepage: https://www.solarwinds.com/ Version: 12.1.1.273 Software Link:...
Complaint Management System 1.0 - (username) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Complaint Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Tested on: XAMPP Version 5.6.40 / Windows 10...
Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting Exploit Author: gurbanli Vendor Homepage: https://www.sellacious.com Version: 4.6 Software Link: https://www.sellacious.com/free-open-source-ecommerce-software Document...
Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH) Exploit
Exploit Title: Remote Desktop Audit 2.3.0.157 - Buffer Overflow SEH Exploit Author: gurbanli Vulnerable Software: Remote Desktop Audit 2.3.0.157 Vendor Homepage: https://lizardsystems.com Version: 2.3.0.157 Software Link: https://lizardsystems.com/download/rdauditsetup.exe Tested on: Windows 7 x8...