exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files

Dolibarr 7.0.0 SQL Injection
Posted May 27, 2018
Authored by Issam Rabhi, Kevin Locati

Dolibarr version 7.00 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-10094
SHA-256 | 8e0d56eb49340ce22784ec902db0841605a953ae0a81a7f285daa3efed1da4bb

Related Files

Dolibarr ERP/CRM Login Utility
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module attempts to authenticate to a Dolibarr ERP/CRMs admin web interface, and should only work against version 3.1.1 or older, because these versions do not have any default protections against brute forcing.

tags | exploit, web
SHA-256 | d41bf234f652b296f874c2bf38bd949fde590e4df8c3dfc9b189088e55d21615
Dolibarr 16 Pre-auth Contact Database Dump
Posted Sep 1, 2024
Authored by Vladimir TOUTAIN | Site metasploit.com

Dolibarr version 16 < 16.0.5 is vulnerable to a pre-authentication contact database dump. An unauthenticated attacker may retrieve a company’s entire customer file, prospects, suppliers, and potentially employee information if a contact file exists. Both public and private notes are also included in the dump.

tags | exploit
SHA-256 | 95f873cff9c0a7c426150fa238097ed844f4008287fc135b08ecfe388a5fdbdc
Dolibarr Gather Credentials via SQL Injection
Posted Aug 31, 2024
Authored by Issam Rabhi, Kevin Locati, Shelby Pace | Site metasploit.com

This Metasploit module enables an authenticated user to collect the usernames and encrypted passwords of other users in the Dolibarr ERP/CRM via SQL injection.

tags | exploit, sql injection
advisories | CVE-2018-10094
SHA-256 | bf3ca1e9d4350740c01f5818654eeda12704172d96dbfb16f499f0d5e56d58aa
DoliWamp jqueryFileTree.php Traversal Gather Credentials
Posted Aug 31, 2024
Authored by Brendan Coles | Site metasploit.com

This Metasploit module will extract user credentials from DoliWamp - a WAMP packaged installer distribution for Dolibarr ERP on Windows - versions 3.3.0 to 3.4.2 by hijacking a users session. DoliWamp stores session tokens in filenames in the tmp directory. A directory traversal vulnerability in jqueryFileTree.php allows unauthenticated users to retrieve session tokens by listing the contents of this directory. Note: All tokens expire after 30 minutes of inactivity by default.

tags | exploit, php
systems | windows
SHA-256 | 343f39a5e75827ba9aafe33c696a34ec5f95c6a3bec54cae7cab8ff77208bdb4
Dolibarr 17.0.1 Cross Site Scripting
Posted Aug 22, 2023
Authored by Furkan Karaarslan

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 03d90d763595e2fde18d9c8342024adf0cffb037d0c3aa3256b6204747312b19
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-33816
SHA-256 | 0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-33618
SHA-256 | 6afececee15157d0a85c82e9913e53a3fb7f9193f24e64dca4bef906cb032beb
Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation
Posted Oct 19, 2021
Authored by Oscar Gutierrez

Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation.

tags | exploit, xss
SHA-256 | 166a8c6b493d8615a3ec9dbdabaa45c38426bcb863b2a64ad1c9311702ee137a
Dolibarr ERP/CRM 14.0.1 Privilege Escalation
Posted Sep 2, 2021
Authored by Vishwaraj101

Dolibarr ERP/CRM versions 14.0.1 and below suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 0ab1a2b5906577cdab22ccf7d0109094744dc339b81d05909ad21448c8ca34be
Dolibarr ERP/CRM 10.0.6 Login Brute Forcer
Posted Jul 19, 2021
Authored by Creamy Chicken Soup

Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit.

tags | exploit, cracker
advisories | CVE-2020-7995
SHA-256 | 63a36f93b7d48318d5fd0616171ef949e346e86520318ffb5ac3b55db0707dba
Dolibarr ERP/CRM 11.0.4 Bypass / Code Execution
Posted Mar 25, 2021
Authored by Andrea Gonzalez

Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.

tags | exploit, remote, code execution, bypass, file upload
advisories | CVE-2020-14209
SHA-256 | f58dbb30223078b60e2c591a9796c22c1a7783555278cad42361cd544f71b096
Dolibarr ERP-CRM 12.0.3 Remote Code Execution
Posted Dec 17, 2020
Authored by Yilmaz Degirmenci

Dolibarr ERP-CRM version 12.0.3 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | a827bbc34db246193bb324317730bae0de4bdce71909665ae77fd9290b6a4169
Dolibarr 12.0.3 SQL Injection / Remote Code Execution
Posted Dec 11, 2020
Authored by coiffeur

Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.

tags | exploit, remote, code execution, sql injection
SHA-256 | 752f6eae60abdb96ea2bf446f22afe9d2446db44df565231549fcd6896d20f74
Dolibarr 11.0.3 Cross Site Scripting
Posted May 18, 2020
Authored by Mehmet Kelepce

Dolibarr version 11.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-13094
SHA-256 | 211ed7fe05f4f8e207f45b266bb828638c6e20b43074aa9139888a3ab65eeba3
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
Posted Sep 13, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-16197
SHA-256 | 0187de9002d59f341d170b546ca8984e4ebf01432ab6172e13141bf0b1e44251
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bab53fc3d093813545a41360b16744c1c7a3723c574c2a429a2b935572a6e1be
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Dolibarr ERP-CRM 8.0.4 SQL Injection
Posted Jan 8, 2019
Authored by Mehmet Onder Key

Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0cd579c529c4cdfc92e87078188a90d8b1deb7799e498826ff25224d10f7d825
Dolibarr ERP / CRM 8.0.3 Cross Site Scripting
Posted Dec 5, 2018
Authored by Ozkan Mustafa Akkus

Dolibarr ERP / CRM version 8.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19799
SHA-256 | 93a597392584cf3b5e1ab2271d1890060f352e5b06b9fab46d705c70d7f46e0d
Dolibarr ERP CRM 7.0.3 Code Injection
Posted Jul 2, 2018
Authored by om3rcitak

Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | fc5142ae39b8819bd3b4adc9a7e85a1e61e619336e7858b6ec007649132d9999
Dolibarr 7.0.0 Cross Site Scripting
Posted May 27, 2018
Authored by Issam Rabhi, Kevin Locati

Dolibarr version 7.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10095
SHA-256 | 235ac208c4e6ce47b7f8c9319764455ad8078d7f3cba65644beb49a223621546
Dolibarr 7.0.0 Admin Panel Remote Code Execution
Posted May 27, 2018
Authored by Kevin Locati

Dolibarr version 7.0.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-10092
SHA-256 | 82e31902b3f4b570ff96cbd6dd7c8550c22738e7abee5cb266781e15aa234753
Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
Posted May 10, 2017
Authored by Tim Herres, Stefan Pietsch | Site foxmole.com

Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2017-7886, CVE-2017-7887, CVE-2017-7888, CVE-2017-8879
SHA-256 | 67e466b14aa97ac21950629117eb4c52ee558b2a3430fa6644da1913cbe9299e
Dolibarr CRM Command Injection
Posted Jun 23, 2016
Authored by David Silveiro

Dolibarr CRM versions prior to 3.9.1 suffer from a command injection vulnerability.

tags | exploit
SHA-256 | 72598740c36ce33bbbb05e4e0c1eab2ccda56772b3cadd684a9b6e1a93d60723
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close