Anchor CMS 0.12.7 – Persistent Cross-Site Scripting (Authenticated)
September 25th, 2020 📆 | 2393 Views ⚑
# Exploit Title: Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated) # Date: 2020-09-24 # Exploit Author: Sinem Şahin #
Browsing the "authenticated" Tag
Tagged with: anchor • authenticated • cms • cross • CrossSite • persistent • php • scripting • webapps
SpamTitan 7.07 – Remote Code Execution (Authenticated)
September 18th, 2020 📆 | 6905 Views ⚑
# Exploit Title: SpamTitan 7.07 - Remote Code Execution (Authenticated) # Date: 2020-09-18 # Exploit Author: Felipe Molina (@felmoltor) #
Tagged with: authenticated • code • CVE-2020-11804CVE-2020-11803CVE-2020-11700CVE-2020-11699 • execution • multiple • remote • spamtitan • webapps
Joomla! paGO Commerce 2.5.9.0 – SQL Injection (Authenticated)
September 16th, 2020 📆 | 8286 Views ⚑
# Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated) # Date: 2020-08-21 # Exploit Author: Mehmet Kelepçe /
Tagged with: authenticated • commerce • injection • joomla • paGO • php • SQL • webapps
ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
September 7th, 2020 📆 | 4363 Views ⚑
*] *]#!/usr/bin/python3 # Exploit Title: ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated) # Google Dork: None # Date:
Tagged with: 14700 • applications • authenticated • code • CVE-2020-14008 • execution • Java • manageengine • manager • remote • webapps
ManageEngine Applications Manager Authenticated Remote Code Execution ≈ Packet Storm
September 4th, 2020 📆 | 5111 Views ⚑
*]#!/usr/bin/python3*]# Exploit Title: ManageEngine Applications Manager – Authenticated RCE via Java class reflection in Weblogic server test credential API# Google
Tagged with: advisory • applications • authenticated • code • CSRF • execution • exploit • manageengine • manager • overflow • packet • remote • scanner • security • storm • vulnerability • whitepaper • XSS
SiteMagic CMS 4.4.2 – Arbitrary File Upload (Authenticated)
September 3rd, 2020 📆 | 7669 Views ⚑
# Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated) # Date: 2020-09-02 # Exploit Author: v1n1v131r4 # Vendor
Tagged with: arbitrary • authenticated • cms • File • php • sitemagic • upload • webapps
Mara CMS 7.5 – Remote Code Execution (Authenticated)
September 2nd, 2020 📆 | 8099 Views ⚑
# Exploit Title: Mara CMS 7.5 - Remote Code Execution (Authenticated) # Google Dork: N/A # Date: 2020-08-31 # Exploit
Tagged with: authenticated • cms • code • execution • Mara • php • remote • webapps
moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated)
September 2nd, 2020 📆 | 6030 Views ⚑
# Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated) # Date: 2020-08-31 # Exploit Author: Abdulkadir Kaya # Vendor
Tagged with: authenticated • cross • CrossSite • mozilocms • persistent • php • scripting • webapps
WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)
August 28th, 2020 📆 | 6493 Views ⚑
# Exploit Title: WordPress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated) # Date: 2020-08-24 # Software Link: https://wordpress.org/plugins/autoptimize/ #
Tagged with: arbitrary • authenticated • autoptimize • File • php • plugin • upload • webapps • wordpress
PNPSCADA 2.200816204020 – ‘interf’ SQL Injection (Authenticated)
August 20th, 2020 📆 | 5910 Views ⚑
# Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated) # Google Dork: - # Date: 2020-08-17 # Exploit Author:
Tagged with: 200816204020 • authenticated • hardware • injection • interf • pnpscada • SQL • webapps
CMS Made Simple 2.2.14 – Authenticated Arbitrary File Upload
August 13th, 2020 📆 | 4127 Views ⚑
# Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated) # Google Dork: - # Date: 2020-07-29 #
Tagged with: arbitrary • authenticated • cms • File • php • simple • upload • webapps
Fuel CMS 1.4.7 – ‘col’ SQL Injection (Authenticated)
August 12th, 2020 📆 | 4041 Views ⚑
# Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) # Google Dork: - # Date: 2020-08-01 # Exploit
Tagged with: authenticated • cms • Col • fuel • injection • php • SQL • webapps
Pi-hole 4.3.2 – Remote Code Execution (Authenticated)
August 6th, 2020 📆 | 8446 Views ⚑
#!/usr/bin/env python2 # Exploit Title: Pi-hole 4.3.2 - Remote Code Execution (Authenticated) # Date: 2020-08-04 # Exploit Author: Luis Vacas
Tagged with: authenticated • code • CVE-2020-8816 • execution • Pihole • python • remote • webapps
LibreHealth 2.0.0 – Authenticated Remote Code Execution
August 1st, 2020 📆 | 3839 Views ⚑
# Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution # Exploit Author: Bobby Cooke # Date: 2020-07-17 # Vendor
Tagged with: authenticated • code • execution • librehealth • php • remote • webapps
GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)
July 27th, 2020 📆 | 3389 Views ⚑
# Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) # Author: Balzabu # Discovery Date: 2020-07-23 # Vendor Homepage:
Tagged with: authenticated • cross • CrossSite • goautodial • persistent • php • scripting • webapps
Koken CMS 0.22.24 – Arbitrary File Upload (Authenticated)
July 27th, 2020 📆 | 6761 Views ⚑
# Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) # Date: 2020-07-15 # Exploit Author: v1n1v131r4 # Vendor
Tagged with: arbitrary • authenticated • cms • File • koken • php • upload • webapps
Webtareas 2.1p – Arbitrary File Upload (Authenticated)
July 27th, 2020 📆 | 5965 Views ⚑
# Exploit Title: Webtareas 2.1p - Arbitrary File Upload (Authenticated) # Author: AppleBois # Date: 2020-07-10 # Exploit author :
Tagged with: 21p • arbitrary • authenticated • File • php • upload • webapps • webtareas
Wing FTP Server 6.3.8 – Remote Code Execution (Authenticated)
July 17th, 2020 📆 | 5945 Views ⚑
# Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated) # Date: 2020-06-26 # Exploit Author: v1n1v131r4 #
Tagged with: authenticated • code • execution • FTP • LUA • remote • server • webapps • Wing
BSA Radar 1.6.7234.24750 – Authenticated Privilege Escalation
July 9th, 2020 📆 | 2085 Views ⚑
# Exploit Title: BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation # Date: 2020-07-06 # Exploit Author: William Summerhill # Vendor
Tagged with: 24750 • authenticated • BSA • CVE-2020-14945 • escalation • multiple • privilege • radar • webapps
Joomla! J2 JOBS 1.3.0 – ‘sortby’ Authenticated SQL Injection
July 9th, 2020 📆 | 3532 Views ⚑
# Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection # Date: 2020-06-17 # Exploit Author: Mehmet Kelepçe
Tagged with: authenticated • injection • jobs • joomla • php • sortby • SQL • webapps
RiteCMS 2.2.1 – Authenticated Remote Code Execution
July 6th, 2020 📆 | 7236 Views ⚑
# Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution # Date: 2020-07-03 # Exploit Author: Enes Özeser # Vendor
Tagged with: authenticated • code • execution • php • remote • ritecms • webapps
Bolt CMS 3.7.0 Authenticated Remote Code Execution ≈ Packet Storm
June 29th, 2020 📆 | 7008 Views ⚑
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClientinclude Msf::Exploit::CmdStagerinclude Msf::Exploit::Remote::AutoCheck
Tagged with: advisory • authenticated • Bolt • cms • code • CSRF • execution • exploit • overflow • packet • remote • scanner • security • storm • vulnerability • whitepaper • XSS
OpenCart 3.0.3.2 – Stored Cross Site Scripting (Authenticated)
June 6th, 2020 📆 | 1803 Views ⚑
# Exploit Title: OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) # Date: 2020-06-01 # Exploit Author: Kailash Bohara #
Tagged with: authenticated • cross • CVE-2020-10596 • OpenCart • php • scripting • Site • stored • webapps
Clinic Management System 1.0 – Authenticated Arbitrary File Upload
June 6th, 2020 📆 | 8521 Views ⚑
# Exploit Title: Clinic Management System 1.0 - Authenticated Arbitrary File Upload # Google Dork: N/A # Date: 2020-06-02 #
Tagged with: arbitrary • authenticated • clinic • File • management • php • system • upload • webapps
Popular
Cabot 0.11.12 – Persistent Cross-Site Scripting September 7, 2020 # Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting #…
Ubuntu Security Notice USN-4474-1 ≈ Packet Storm August 26, 2020 ==========================================================================Ubuntu Security Notice USN-4474-1August 26, 2020firefox vulnerabilities==========================================================================A security issue affects…
CyberRisk Alliance Acquires Security Weekly September 8, 2020 NEW YORK, Sept. 08, 2020 (GLOBE NEWSWIRE) -- CyberRisk Alliance…
Dominic Cummings’ plan to build UK Google… September 10, 2020 UK Prime Minister Boris Johnson's top adviser, Dominic Cummings, is…
European ISPs report mysterious wave of DDoS attacks September 5, 2020 More than a dozen internet service providers (ISPs) across Europe…- Zerologon Proof Of Concept September 17, 2020 Proof of concept exploit for the Windows Zerologon vulnerability as…
Academics bypass PINs for Visa contactless payments August 28, 2020 Image: Clay Banks A team of academics from Switzerland has…
Members
Comments