CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated) 1 min read Exploit/Advisories Vulnerabilties CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated) admin April 14, 2021 # Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated) # Google Dork: "citsmart.local"...Read More
phpPgAdmin 7.13.0 – COPY FROM PROGRAM Command Execution (Authenticated) 1 min read Exploit/Advisories Vulnerabilties phpPgAdmin 7.13.0 – COPY FROM PROGRAM Command Execution (Authenticated) admin April 1, 2021 # Exploit Title: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated) # Date: 29/03/2021 # Exploit...Read More
ScadaBR 1.0 – Arbitrary File Upload (Authenticated) (2) 4 min read Exploit/Advisories Vulnerabilties ScadaBR 1.0 – Arbitrary File Upload (Authenticated) (2) admin April 1, 2021 # Exploit Title: ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2) # Date: 04/21 # Exploit Author:...Read More
ScadaBR 1.0 – Arbitrary File Upload (Authenticated) (1) 3 min read Exploit/Advisories Vulnerabilties ScadaBR 1.0 – Arbitrary File Upload (Authenticated) (1) admin April 1, 2021 # Exploit Title: ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1) # Date: 03/2021 # Exploit Author:...Read More
WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated) 1 min read Exploit/Advisories Vulnerabilties WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated) admin March 29, 2021 # Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated) # Google Dork:...Read More
Dolibarr ERP/CRM 11.0.4 – File Upload Restrictions Bypass (Authenticated RCE) 4 min read Exploit/Advisories Vulnerabilties Dolibarr ERP/CRM 11.0.4 – File Upload Restrictions Bypass (Authenticated RCE) admin March 25, 2021 # Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE) # Date: 16/06/2020 #...Read More
Ovidentia 6 – ‘id’ SQL injection (Authenticated) 1 min read Exploit/Advisories Vulnerabilties Ovidentia 6 – ‘id’ SQL injection (Authenticated) admin March 25, 2021 # Exploit Title: Ovidentia 6 - 'id' SQL injection (Authenticated) # Exploit Author: Felipe Prates Donato (m4ud)...Read More
Codiad 2.8.4 – Remote Code Execution (Authenticated) 3 min read Exploit/Advisories Vulnerabilties Codiad 2.8.4 – Remote Code Execution (Authenticated) admin March 24, 2021 # Exploit Title: Codiad 2.8.4 - Remote Code Execution (Authenticated) # Discovery by: WangYihang # Vendor Homepage:...Read More
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection ≈ Packet Storm 2 min read Exploit/Advisories Vulnerabilties KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection ≈ Packet Storm admin March 20, 2021 KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology,...Read More
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Command Injection (Authenticated) 2 min read Exploit/Advisories Vulnerabilties KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 – Command Injection (Authenticated) admin March 19, 2021 # Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) # Date: 03.02.2021 #...Read More
rConfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated) 2 min read Exploit/Advisories Vulnerabilties rConfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated) admin March 18, 2021 # Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) # Date: 2021-03-17 #...Read More
rConfig 3.9.6 – ‘path’ Local File Inclusion (Authenticated) 1 min read Exploit/Advisories Vulnerabilties rConfig 3.9.6 – ‘path’ Local File Inclusion (Authenticated) admin March 15, 2021 # Exploit Title: rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) # Date: 2021-03-12 # Exploit Author:...Read More
Monitoring System (Dashboard) 1.0 – File Upload RCE (Authenticated) 6 min read Exploit/Advisories Vulnerabilties Monitoring System (Dashboard) 1.0 – File Upload RCE (Authenticated) admin March 12, 2021 # Exploit Title: Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated) # Exploit Author: Richard Jones...Read More
Textpattern 4.8.3 – Remote code execution (Authenticated) (2) 3 min read Exploit/Advisories Vulnerabilties Textpattern 4.8.3 – Remote code execution (Authenticated) (2) admin March 5, 2021 # Exploit Title: Textpattern 4.8.3 - Remote code execution (Authenticated) (2) # Date: 03/03/2021 # Exploit Author:...Read More
Web Based Quiz System 1.0 – ‘eid’ Union Based Sql Injection (Authenticated) 1 min read Exploit/Advisories Vulnerabilties Web Based Quiz System 1.0 – ‘eid’ Union Based Sql Injection (Authenticated) admin March 5, 2021 # Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated) # Date:...Read More
Local Services Search Engine Management System (LSSMES) 1.0 – Blind & Error based SQL injection (Authenticated) 1 min read Exploit/Advisories Vulnerabilties Local Services Search Engine Management System (LSSMES) 1.0 – Blind & Error based SQL injection (Authenticated) admin March 3, 2021 # Exploit Title: Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL...Read More
[webapps] Zen Cart 1.5.7b – Remote Code Execution (Authenticated) 1 min read Exploit/Advisories Vulnerabilties [webapps] Zen Cart 1.5.7b – Remote Code Execution (Authenticated) admin March 2, 2021 Zen Cart 1.5.7b – Remote Code Execution (Authenticated) Source linkRead More
Batflat CMS 1.3.6 – Remote Code Execution (Authenticated) 2 min read Exploit/Advisories Vulnerabilties Batflat CMS 1.3.6 – Remote Code Execution (Authenticated) admin February 18, 2021 # Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) # Date: 2020-12-27 # Exploit Author:...Read More
Gitea 1.12.5 – Remote Code Execution (Authenticated) 5 min read Exploit/Advisories Vulnerabilties Gitea 1.12.5 – Remote Code Execution (Authenticated) admin February 18, 2021 # Exploit Title: Gitea 1.12.5 - Remote Code Execution (Authenticated) # Date: 17 Feb 2020 # Exploit...Read More
TestLink 1.9.20 – Unrestricted File Upload (Authenticated) 4 min read Exploit/Advisories Vulnerabilties TestLink 1.9.20 – Unrestricted File Upload (Authenticated) admin February 15, 2021 [*] [*]# Exploit Title: TestLink 1.9.20 - Unrestricted File Upload (Authenticated) # Date: 14th February 2021 #...Read More