CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3100 matches found

0day.today•added 2019/03/25 12:0 a.m.•72 views

Zeeways Jobsite CMS - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Zeeways Jobsite CMS - 'id' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.zeeways.com/jobsite-cms/1/productdetail Demo Site: http://www.zeewayscms.com/jobsite/ Version: Lastest Tested on: Kali Linux...

0.2AI score

Exploits0

exploitpack•added 2019/03/25 12:0 a.m.•15 views

Zeeways Jobsite CMS - id SQL Injection

Zeeways Jobsite CMS - id SQL Injection Exploit Title: Zeeways Jobsite CMS - 'id' SQL Injection Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.zeeways.com/jobsite-cms/1/productdetail Demo Site: http://www.zeewayscms.com/jobsite/ Version: Lastest Tested on: Kali Linu...

8.7AI score

Exploits0

Vulnrichment•added 2019/03/24 2:47 p.m.•10 views

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro...

5.8AI score0.88126EPSS

Exploits18References10

Packet Storm•added 2019/03/24 12:0 a.m.•55 views

Jettweb PHP Hazir Haber Sitesi Scripti 1 SQL Injection

Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V1 - Multiple Vulnerabilities Date: 23.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-5-php-hazir-haber-sitesi-scripti-v1.html Demo Site: http://haberv1.proemlaksitesi.net Version: V1 Tested on: Kali Linux CVE...

0.3AI score

Exploits0

Exploit DB•added 2019/03/21 12:0 a.m.•66 views

Rails 5.2.1 - Arbitrary File Content Disclosure

''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2,...

7.5CVSS8AI score0.94318EPSS

Exploits18

exploitpack•added 2019/03/20 12:0 a.m.•16 views

Netartmedia PHP Business Directory 4.2 - SQL Injection

Netartmedia PHP Business Directory 4.2 - SQL Injection Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on...

1AI score

Exploits0

exploitpack•added 2019/03/20 12:0 a.m.•32 views

Netartmedia PHP Car Dealer - SQL Injection

Netartmedia PHP Car Dealer - SQL Injection Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali...

1.1AI score

Exploits0

Exploit DB•added 2019/03/11 12:0 a.m.•1718 views

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution

!/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Author: https://github.com/M4LV0 [email protected]...

9CVSS6.9AI score0.87952EPSS

Exploits12

exploitpack•added 2019/03/11 12:0 a.m.•147 views

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution !/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e...

9CVSS0.5AI score0.87952EPSS

Exploits12

Hacker One•added 2019/03/08 6:45 a.m.•66 views

Starbucks: Webshell via File Upload on ecjobs.starbucks.com.cn

Summary: OS Command Injection which can let the attacker who get more important information of the server,such as disclosures internal source code of the webapp,database data and invade the internal network. Description: I found that users can upload asp/aspx and other dynamic files via the avata...

7.6AI score

Exploits0

Exploit DB•added 2019/03/04 12:0 a.m.•91 views

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

/ Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 / / author @0x4142 = Fahad Aid Alharbi cve-2019-0539 Getting Read ...

7.6CVSS7.7AI score0.9095EPSS

Exploits8

Packet Storm•added 2019/02/18 12:0 a.m.•38 views

MISP 2.4.97 SQL Injection / Command Injection

--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...

9CVSS8.8AI score0.33706EPSS

Exploits5

Circl•added 2019/02/14 12:0 a.m.•22 views

CVE-2018-19915

creationtimestamp| type| source ---|---|--- 2019-02-14 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46376...

4.8CVSS6.8AI score0.00284EPSS

Exploits5References1

OSV•added 2019/02/05 8:29 p.m.•23 views

CVE-2018-8796

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function processbitmapupdates that results in a Denial of Service segfault...

7.5CVSS6.5AI score

Exploits0References7

exploitpack•added 2019/01/21 12:0 a.m.•13 views

Linux Kernel 4.13 - compat_get_timex() Leak Kernel Pointer

Linux Kernel 4.13 - compatgettimex Leak Kernel Pointer define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct time...

0.7AI score

Exploits0

exploitpack•added 2019/01/21 12:0 a.m.•15 views

PHP Dashboards NEW 5.8 - dashID SQL Injection

PHP Dashboards NEW 5.8 - dashID SQL Injection Exploit Title: PHP Dashboards NEW 5.8 - SQL Injection Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104...

Exploits0

Exploit DB•added 2019/01/21 12:0 a.m.•77 views

Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer

define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct timex time; int mainint argc, char argv int r; unsigned lon...

7.4AI score

Exploits0

exploitpack•added 2019/01/16 12:0 a.m.•20 views

GL-AR300M-Lite 2.27 - (Authenticated) Command Injection Arbitrary File Download Directory Traversal

GL-AR300M-Lite 2.27 - Authenticated Command Injection Arbitrary File Download Directory Traversal Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage:...

6.5CVSS0.07156EPSS

Exploits7

Packet Storm•added 2019/01/15 12:0 a.m.•145 views

Hucart CMS 5.7.4 Cross Site Request Forgery

function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; fields += ""; fields += ""; fields += ""; fields += ""; fields += ""; fields ...

0.9AI score0.00412EPSS

Exploits5

exploitpack•added 2019/01/14 12:0 a.m.•28 views

Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)

Hucart CMS 5.7.4 - Cross-Site Request Forgery Add Administrator Account function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; field...

6.8CVSS0.6AI score0.00412EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by