Lucene search
+L

409 matches found

Packet Storm
Packet Storm
added 2021/09/21 12:0 a.m.160 views

Budgets And Expense Tracker System 1.0 Shell Upload

Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/03 12:0 a.m.266 views

Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)

Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/05 12:0 a.m.225 views

Church Management System 1.0 Shell Upload

Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution Authenticated Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
NVD
NVD
added 2021/05/12 12:15 p.m.23 views

CVE-2020-13873

A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...

10CVSS0.04915EPSS
Exploits1References6
OSV
OSV
added 2021/05/12 12:15 p.m.7 views

CVE-2020-13873

A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...

9.8CVSS7.7AI score0.04915EPSS
Exploits1References6
Metasploit
Metasploit
added 2021/04/21 5:42 p.m.64 views

Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection

This module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. The module uploads a simple PHP shell via includes/components/nxti/index.php to...

7.2CVSS7.8AI score0.60966EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/11/06 12:0 a.m.195 views

Sentrifugo 3.2 Remote Code Execution

Exploit Title: Sentrifugo 3.2 - 'assets' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.1231 views

Online Library Management System 1.0 - Arbitrary File Upload

Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/12 12:0 a.m.407 views

MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)

!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Unauthenticated Exploit Author: bzyo Twitter: @bzyo Date: 10-10-2020 Vulnerable Software: https://www.softneta.com/products/meddream-pacs-server/ Vendor Homepage: https://www.softneta.com Version: 6.8.3.751...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2020/06/17 6:8 a.m.440 views

U.S. Dept Of Defense: Unrestricted File Upload Leads to XSS & Potential RCE

Summary: Unrestricted file upload at████████/request?openform. When the user wants to upload a file the app allows the user to upload a HTML file leading to stored XSS and creation of a simple php script. A user can upload the HTML file and trigger XSS and trigger potential RCE with php shell...

5.8AI score
Exploits0
0daydb
0daydb
added 2020/05/28 5:17 p.m.135 views

Online Discussion Forum Site 1.0 - Remote Code Execution

Online Discussion Forum Site version 1.0 suffers from a remote code execution vulnerability. Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-05-24 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage:...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/05/26 12:0 a.m.29 views

Online Discussion Forum Site 1.0 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/07 12:0 a.m.118 views

Online Clothing Store 1.0 Arbitrary File Upload

Exploit Title: Online Clothing Store 1.0 - Arbitrary File Upload Date: 2020-05-05 Exploit Author: Sushant Kamble and Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2020/03/18 3:55 p.m.107 views

Stripo Inc: Unrestricted File Upload on https://my.stripo.email and https://stripo.email

Hi Stripo Inc, I found 2 Unrestricted File Upload Vulnerabilities on your website. First Vulnerability: Step to Reproduce 1. Create an account in "https://my.stripo.email" 2. Simply Download a php shell from internet and open with text editor. ex: r57 shell 3. Then save it as JPEG file. 4. Go bac...

6.4AI score
Exploits0
exploitpack
exploitpack
added 2019/11/13 12:0 a.m.101 views

FUDForum 3.0.9 - Remote Code Execution

FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

8.5CVSS9.5AI score0.08154EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/11/13 12:0 a.m.288 views

FUDForum 3.0.9 - Remote Code Execution

Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

9CVSS9.4AI score0.08154EPSS
Exploits6
exploitpack
exploitpack
added 2019/10/07 12:0 a.m.97 views

vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution

vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution ?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability ---------------------------------------------------------------------...

6.8CVSS0.3AI score0.1178EPSS
Exploits4
ThreatPost
ThreatPost
added 2019/08/14 1:24 p.m.140 views

Norman Cryptominer Employs Sophisticated Obfuscation Tactics

A never-before-seen cryptomining variant, dubbed “Norman” after one of its executable files, has been spotted in the wild using various techniques to hide and avoid discovery. The levels of obfuscation are notable for their sheer depth, according to an analysis. Varonis uncovered an initial sampl...

0.7AI score
Exploits0References3
NVD
NVD
added 2019/06/15 6:29 p.m.28 views

CVE-2019-12831

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...

7.2CVSS6.9AI score0.01495EPSS
Exploits1References2
OSV
OSV
added 2019/06/15 6:29 p.m.5 views

CVE-2019-12831

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...

7.2CVSS7.1AI score0.01495EPSS
Exploits1References2
Rows per page
Query Builder