Hacking

# Exploit Title: Simple File List WordPress Plugin 4.2.2 – File Upload to RCE # Google Dork: inurl:/wp-content/plugins/simple-file-list/ # Date: 2025-07-15 # Exploit Author: Md Amanat Ullah (xSwads) # Vendor Homepage: https://wordpress.org/plugins/simple-file-list/ # Software Link: https://downloads.wordpress.org/plugin/simple-file-list.4.2.2.zip # Version: <= 4.2.2 # Tested on: Ubuntu 22.04 # CVE: CVE-2020-36847 #!/usr/bin/env python3 import requests import sys,…

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Personal Canned Messages # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5, Firefox #…

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5,…

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Operator Surname # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5, Firefox # CVE…

#!/usr/bin/env ruby # Title : Discourse 3.1.1 – Unauthenticated Chat Message Access # CVE-2023-45131 # CVSS: 7.5 (High) # Affected: Discourse < 3.1.1 stable, < 3.2.0.beta2 # Author ibrahimsql @ https://twitter.com/ibrahmsql # Date: 2023-12-14 require ‘net/http’ require ‘uri’ require ‘json’ require ‘openssl’ require ‘base64’ class CVE202345131 def initialize(target_url) @target_url = target_url.chomp(‘/’) @results =…

# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via Telegram Bot Username # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5, Firefox #…

# Exploit Title: Joomla JS Jobs plugin 1.4.2 – SQL injection # Google Dork: n/a # Date: 07/07/2025 # Exploit Author: Adam Wallwork # Vendor Homepage: https://joomsky.com/ # Demo: https://demo.joomsky.com/js-jobs/jm/free/ # Software Link: https://extensions.joomla.org/extension/js-jobs/ # Version: v1.4.2 # Tested on: v1.4.2 An SQL injection vulnerability exists in the JS Jobs extension (v1.4.2) via…

/* * Title : Tenda FH451 1.0.0.9 Router – Stack-based Buffer Overflow * Author : Byte Reaper * Telegram : @ByteReaper0 * CVE : CVE-2025-7795 * Vulnerability : Buffer Overflow * Description : * A buffer overflow vulnerability affecting certain Tenda routers, * exploitable via an unauthenticated POST request to an unprotected endpoint, leading to…

# Titles: Microsoft Edge Windows 10 Version 1511 – Cross Site Scripting (XSS) # Author: nu11secur1ty # Date: 2025-07-18 # Vendor: Microsoft # Software: Microsoft Edge Browser # Reference: https://www.cve.org/CVERecord?id=CVE-2015-6176 #!/usr/bin/python # nu11secur1ty CVE-2015-6176 import http.server import socketserver import socket import threading from urllib import parse import requests import datetime PORT =…

Wireshark release 4.4.8 fixes 9 bugs. Source link