403 matches found
PT-2023-2874 · D Link · D-Link D-View
Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw...
CVE-2021-24176
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24176.yaml...
CVE-2023-23163
creationtimestamp| type| source ---|---|--- 2023-04-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51216...
Hashicorp Consul v1.0 - Remote Command Execution Exploit
Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...
CVE-2022-26521
creationtimestamp| type| source ---|---|--- 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51058...
Exploit for Code Injection in Phpunit_Project Phpunit
MASS CVE-2017-9841 Usage sh apt install python...
CVE-2023-24977
creationtimestamp| type| source ---|---|--- 2023-02-01 12:14:09+00:00| published-proof-of-concept| https://t.me/cibsecurity/57266...
Active eCommerce CMS 6.5.0 Cross Site Scripting
Exploit Title: Active eCommerce CMS 6.5.0 - 'svg' Stored Cross-Site Scripting XSS Date: 19/01/2023 Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on:...
PT-2022-27166 · Unknown · Avs Audio Converter
Name of the Vulnerable Software and Affected Versions: AVS Audio Converter version 10.3 Description: The issue is related to a Buffer Overflow. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...
CVE-2022-31125
creationtimestamp| type| source ---|---|--- 2022-07-06 22:14:32+00:00| seen| https://t.me/cibsecurity/45693 2023-04-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51226...
Exploit for Cross-site Scripting in Angtech Haraj
CVE-2022-31301 Haraj Script 3.7 - Post Ads Authenticated Store...
CVE-2022-1817 Badminton Center Management System Userlist Module cross site scripting
A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input 1 leads to an authenticated cross site scripting. Exploit details have...
PT-2022-19147 · Apport +2 · Apport +2
Name of the Vulnerable Software and Affected Versions: Apport affected versions not specified Description: The issue is related to Apport not disabling the python crash handler before entering chroot. This could potentially lead to unintended consequences, although specific details about the impa...
Manipulating PreCT Mint Logic with Direct Base Token Transfer
Lines of code Vulnerability details Impact A bad actor can steal funds from future depositors by sending the base token directly to the Strategy or StrategyController contracts. This exploit is more effective the less shares that have already been distributed, perhaps early into the launch of the...
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password gets disclosed jus...
Exploit for CVE-2021-42278
About Exploiting CVE-2021-42278 and CVE-2021-42287 to impers...
Croogo 3.0.2 Remote Code Execution
Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...
ROS-2-1913
2.1913 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
e107 CMS 2.3.0 Cross Site Request Forgery
Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...
PayloadsAllTheThings
It is an offensive tool for general-purpose payloads. The repository lpker123/PayloadsAllTheThings contains various payloads for different purposes, but no specific exploit or vulnerability is mentioned. The provided code snippet is a funding.yml file, which lists supported funding platforms for...