Exploit for CVE-2018-9995

This is an exploit module for a DVR Digital Video Recorder vulnerability, specifically CVE-2018-9995. The exploit is designed to obtain exposed credentials from the DVR. The module is written in Python and uses the requests library to send HTTP requests to the DVR. The exploit targets a...

Sierra Wireless AirLink ES450 Privilege Permission and Access Control Issues Vulnerability

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. A security vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi function in the Sierra Wireless AirLink ES450 using firmware version 4.9.3. An attacker can exploit the vulnerability by sendi...

ThinkPHP 5.x Remote Code Execution

Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Date: 2018-12-11 Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...

CVE-2018-3257

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

JTBC(PHP) Arbitrary Code Execution Vulnerability

JTBC PHP is an open source CMS Content Management System. An arbitrary code execution vulnerability exists in JTBCPHP version 3.0.1.6, which can be exploited by a remote attacker to execute arbitrary PHP code on an affected system by sending a specially crafted HTTP request...

CVE-2018-3049

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker wi...

CVE-2018-2982

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Difficult to exploit...

CVE-2012-10028

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/netwinsurgeftpexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2012-10044

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mobilecartlyuploadexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload

Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. OST...

International Islamic University Chittagong: Directory Listing

https://ieeeiiucsb.org/assets/reg/assets/ It was observed that the above URLs are vulnerable to Directory Traversal Attack. Properly controlling access to web content is crucial for running a secure web server. Directory Traversal is an HTTP exploit which allows attackers to access restricted...

CVE-2017-10295

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker...

CVE-2017-3519

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Security. Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2017-7258

HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or even more seriously execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading...

CVE-2017-7258

HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or even more seriously execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading...

CVE-2017-7258

The CVE affects AuroMeera’s eMLi Suite: eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. It is a Directory Path Traversal vulnerability caused by inadequate input validation in the eMLi Portal, enabling a remote attacker to view restricted inform...

CVE-2017-3427

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...

Oracle FLEXCUBE Private Banking Security Bypass Vulnerability (CNVD-2017-00788)

Oracle FLEXCUBE Private Banking is a product of Oracle Corporation USA. It plans, records, tracks and manages client wealth across a range of asset classes and tools to increase financial advisor productivity and improve client relationships. A remote security bypass vulnerability exists in Oracl...

ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution Exploit

ActualAnalyzer remote command execution exploit that leverages an eval. ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/20...

Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar...