Exploits & CVE's

Authored by Young Pope WBCE version 1.6.0 suffers from a remote SQL injection vulnerability. advisories | CVE-2023-39796 Change Mirror Download # Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0# Date: 15.11.2023 # Exploit...

Authored by nu11secur1ty Kruxton version 1.0 suffers from a remote shell upload vulnerability. Change Mirror Download ## Title: kruxton-1.0-FileUpload-RCE## Author: nu11secur1ty## Date: 04/15/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html## Reference: https://portswigger.net/web-security/file-upload## Description:The system setting...

Authored by nu11secur1ty Kruxton version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: kruxton-1.0-Multiple-SQLi## Author: nu11secur1ty## Date: 04/15/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The username parameter...

Authored by trancap BMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability. advisories | CVE-2023-40304 Change Mirror Download #!/usr/bin/env python3# Exploit Title: Pre-auth RCE on Compuware iStrobe Web# Date:...

Authored by Erdemstar WordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored...

Authored by V3locidad GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin. advisories | CVE-2024-31705

Authored by Christophe de la Fuente, Ryan Emmons | Site metasploit.com This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote...

Authored by Michael Werner | Site sec-consult.com The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate...

Authored by indoushka Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability. Change Mirror Download ====================================================================================================================================| # Title : SP Page Builder 5.2.7...

Authored by chebuya CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the...