CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

seebug.org•added 2018/01/22 12:0 a.m.•59 views

D-Link DNS-343 ShareCenter < 1.05 - Command Injection

Introduction The purpose of this article is to detail the research that I have recently completed regarding the D-Link DNS 343 ShareCenter. Background The D-Link ShareCenter 4-Bay Network Storage Enclosure DNS-343 connects to your network instead of to a computer so everyone on your network can...

8.2AI score

0day.today•added 2018/01/07 12:0 a.m.•29 views

Western Digital WDMyCloud mydlinkBRionyg Backdoor Exploit

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation. This module...

7.5AI score

Packet Storm•added 2018/01/05 12:0 a.m.•64 views

D-Link DNS-320L 'mydlinkBRionyg' Backdoor

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "D-Link DNS-320L 'mydlinkBRionyg' Backdoor", 'Description' = %q This module exploits two issues. The first issue is that there is a hard coded...

7.1AI score

exploitpack•added 2018/01/03 12:0 a.m.•27 views

D-Link DNS-320 ShareCenter 1.06 - Backdoor Access

D-Link DNS-320 ShareCenter 1.06 - Backdoor Access DNS-320L ShareCenter Backdoor Vendor: D-Link Product: DNS-320L ShareCenter Version: = 1.06 -- Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 -...

0.6AI score

Exploit DB•added 2016/08/28 12:0 a.m.•34 views

CubeCart < 3.0.12 - Multiple Vulnerabilities

CubeCart Multiple Vulnerabilities Vendor: Devellion Limited Product: CubeCart Version: = 3.0.12 Website: http://www.cubecart.com BID: 19782 CVE: CVE-2006-4525 OSVDB: 28279 28280 28281 SECUNIA: 21659 Description: CubeCart is a very popular web application written in php that allows for an individu...

4.3CVSS6.7AI score0.03397EPSS

exploitpack•added 2016/08/14 12:0 a.m.•37 views

Claroline 1.7.7 - Arbitrary File Inclusion

Claroline 1.7.7 - Arbitrary File Inclusion Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; e...

5.1CVSS0.9AI score0.04324EPSS

Exploits4

Exploit DB•added 2016/08/14 12:0 a.m.•37 views

Claroline < 1.7.7 - Arbitrary File Inclusion

Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; else...

5.1CVSS6.9AI score0.04324EPSS

Exploits4

exploitpack•added 2016/03/05 12:0 a.m.•31 views

PHPLib 7.4 - SQL Injection

PHPLib 7.4 - SQL Injection PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...

7.5CVSS0.3AI score0.09221EPSS

Exploit DB•added 2016/03/05 12:0 a.m.•42 views

PHPLib < 7.4 - SQL Injection

PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...

7.5CVSS6.9AI score0.09221EPSS

exploitpack•added 2016/02/26 12:0 a.m.•32 views

phpRPC 0.7 - Remote Code Execution

phpRPC 0.7 - Remote Code Execution phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use...

7.5CVSS7.2AI score0.16267EPSS

Exploits6

Exploit DB•added 2016/02/26 12:0 a.m.•36 views

phpRPC < 0.7 - Remote Code Execution

phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: = 0.7 Website: http://sourceforge.net/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use xmlrpc library. phpRPC is greatly...

7.5CVSS6.5AI score0.16267EPSS

Exploits6

Exploit DB•added 2016/02/21 12:0 a.m.•34 views

PEAR LiveUser < 0.16.8 - Arbitrary File Access

PEAR LiveUser Arbitrary File Access Vendor: Markus Wolff Product: PEAR LiveUser Version: options'cookie''name'; if strlen$cookieData deleteRememberCookie; $this-stack-pushLIVEUSERERRORCOOKIE, 'error', array, 'Wrong data in cookie store in LiveUser::readRememberMeCookie'; return false; $storeid =...

6.4CVSS6.7AI score0.14177EPSS

Exploit DB•added 2016/02/18 12:0 a.m.•48 views

ADOdb < 4.71 - Cross Site Scripting

ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this variable is used when drawing the lin...

4.3CVSS6.4AI score0.12629EPSS

exploitpack•added 2016/02/18 12:0 a.m.•34 views

ADOdb 4.71 - Cross Site Scripting

ADOdb 4.71 - Cross Site Scripting ADOdb Cross Site Scripting Vendor: John Lim Product: ADOdb Version: currpage = $SESSION$currpage; The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this-currpage variable to unsanitized user supplied input. Later on this...

4.3CVSS0.12629EPSS

Exploit DB•added 2015/07/14 12:0 a.m.•40 views

SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite

SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description: SquirrelMail is a standards-based webmail package written i...

4.3CVSS9.5AI score0.1115EPSS

exploitpack•added 2015/07/14 12:0 a.m.•30 views

SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite

SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description:...

4.3CVSS0.9AI score0.1115EPSS

Exploit DB•added 2015/07/02 12:0 a.m.•85 views

PHPXMLRPC < 1.1 - Remote Code Execution

PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-R...

7.5CVSS6.5AI score0.86153EPSS

Exploits5

exploitpack•added 2015/07/01 12:0 a.m.•16 views

PEAR XML_RPC 1.3.0 - Remote Code Execution

PEAR XMLRPC 1.3.0 - Remote Code Execution PEAR XMLRPC Remote Code Execution Vendor: The PEAR Group Product: PEAR XMLRPC Version: = 1.3.0 Website: http://pear.php.net/package/XMLRPC/ CVE: 17793 PACKETSTORM: 38393 Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and...

0.2AI score

exploitpack•added 2015/05/16 12:0 a.m.•32 views

Burning Board 2.3.1 - SQL Injection

Burning Board 2.3.1 - SQL Injection Burning Board SQL Injection Vendor: Woltlab GmbH Product: Burning Board Version: = 2.3.1 Website: http://www.woltlab.de/ BID: 13643 CVE: CVE-2005-1642 OSVDB: 16575 SECUNIA: 15395 PACKETSTORM: 39262 Description: Burning Board is a popular, multi purpose forum /...

7.5CVSS0.1AI score0.0051EPSS