Exploits

Exploiting XXE Via File Uploads
FlatCore CMS 2.0.7 Remote Code Execution 603 316 Artificial Hacker

FlatCore CMS 2.0.7 Remote Code Execution

FlatCore CMS version 2.0.7 authenticated remote code execution exploit.MD5 | e06c9340c593f5ab077c881d44707427 # Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)# Date: 04/10/2021# Exploit Author: Mason Soroka-Gill @sgizoid#…

read more
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
WordPress TablePress 1.14 CSV Injection 765 401 Artificial Hacker

WordPress TablePress 1.14 CSV Injection

WordPress TablePress plugin version 1.14 suffers from a csv injection vulnerability.MD5 | 9dace92f496f8d0627979edd65671809 # Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection # Date: 07/09/2021# Exploit Author: Nikhil Kapoor#…

read more
ERPNext 12.18.0 / 13.0.0 SQL Injection
Rencode Denial Of Service 529 278 Artificial Hacker

Rencode Denial Of Service

The Rencode python module for object serialization suffers from a 3-byte denial of service vulnerability.MD5 | 68fe69c1f12b00f7861dfcf881e40d0c 1) About RencodeRencode is a "Python module for fast (basic) object serializationsimilar to…

read more
Apache Superset 1.1.0 Account Enumeration
Ionic Identity Vault 4.7 Android Biometric Authentication Bypass 665 350 Artificial Hacker

Ionic Identity Vault 4.7 Android Biometric Authentication Bypass

[*]############################################################### COMPASS SECURITY ADVISORY# https://www.compass-security.com/research/advisories/################################################################ Product: Identity Vault# Vendor: Ionic# CSNC ID: CSNC-2021-001# CVE ID: CVE-2021-3145# Subject: Biometric Authentication Bypass on Android# Severity: Medium# Effect: Authentication Bypass# Author: Emanuel Duss…

read more
SAP Solution Manager 7.2 Remote Command Execution
Online Learning System 2 SQL Injection 591 310 Artificial Hacker

Online Learning System 2 SQL Injection

### Exploit Title0: eLearning V2(by: oretnom23) is vulnerable from remoteSQL-Injection-Bypass-Authentication in three accounts.### Author: nu11secur1ty### Testing and Debugging: nu11secur1ty### Date: 09.06.2021### Vendor: https://www.sourcecodester.com/user/257130/activity### Link:https://www.sourcecodester.com/php/14929/online-learning-system-v2-using-php-free-source-code.html### CVE: CVE-nu11-07[+] Exploit Source:#!/usr/bin/python3# Author: @nu11secur1ty#…

read more
Advantech iView Unauthenticated Remote Code Execution
Antminer Monitor 0.5.0 Authentication Bypass 639 335 Artificial Hacker

Antminer Monitor 0.5.0 Authentication Bypass

Antminer Monitor version 0.5.0 suffers from an authentication bypass vulnerability.MD5 | 74be20968268ba63e45481ef88d8c917 # Exploit Title: Antminer Monitor 0.5.0 - Authentication Bypass# Date: 09/06/2021# Dork:https://www.zoomeye.org/searchResult?q=%22antminer%20monitor%22# Exploit Author: CQR.company / Vulnz.# Vendor…

read more
Trojan-Dropper.Win32.Demp.rft Insecure Permissions
Backdoor.Win32.Nyara.aq Insecure Permissions 752 395 Artificial Hacker

Backdoor.Win32.Nyara.aq Insecure Permissions

Backdoor.Win32.Nyara.aq malware suffers from an insecure permissions vulnerability.MD5 | 678d59bb59a8d2822a572166c1f1c934 Discovery / credits: Malvuln - malvuln.com (c) 2021Original source: https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txtContact: [email protected]Media: twitter.com/malvulnThreat: Backdoor.Win32.Nyara.aqVulnerability: Insecure PermissionsDescription: The malware creates a dir…

read more
Backdoor.Win32.Agent.ggw Authentication Bypass
Bus Pass Management System 1.0 Insecure Direct Object Reference 616 324 Artificial Hacker

Bus Pass Management System 1.0 Insecure Direct Object Reference

Bus Pass Management System version 1.0 suffers from an insecure direct object reference vulnerability.MD5 | e267ca8087f792dc662cac3d05dcc33e # Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references…

read more
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure
Patient Appointment Scheduler System 1.0 Cross Site Scripting 594 311 Artificial Hacker

Patient Appointment Scheduler System 1.0 Cross Site Scripting

Patient Appointment Scheduler System version 1.0 suffers from a persistent cross site scripting vulnerability.MD5 | 007d9f3640e579315da75a159734c82a # Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS# Date: 03/09/2021# Exploit…

read more
Dell DBUtil_2_3.sys IOCTL Memory Read / Write
Patient Appointment Scheduler System 1.0 Shell Upload 495 260 Artificial Hacker

Patient Appointment Scheduler System 1.0 Shell Upload

Patient Appointment Scheduler System version 1.0 suffers from a remote shell upload vulnerability.MD5 | 4c0c21239894f3ed1286f3d420aefb9d # Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code…

read more