EUVD-2025-50800

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: High...

Pydio Cells 4.1.2 Privilege Escalation

Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assignin...

Carel pCOWeb HVAC Modbus Interface Authentication Bypass

Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details ======= Product: HVAC units usin...

PhpSpreadsheet 1.5.0 - XML External Entity (XXE)

PhpSpreadsheet 1.5.0 - XML External Entity XXE Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability...

PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability was identified within the PhpSpreadsheet...

Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...

Grav CMS 1.2.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications CVE-2018-5233 Grav CMS admin plugin Reflected Cross Site Scripting XSS vulnerability Description Grav CMS is a flat-file CMS using Markdown files for content management Official Website. It has been elected "Best Open Source CMS of 2016" by CM...

Grav CMS 1.2.4 Cross Site Scripting

CVE-2018-5233 Grav CMS admin plugin Reflected Cross Site Scripting XSS vulnerability Description Grav CMS is a flat-file CMS using Markdown files for content management Official Website. It has been elected "Best Open Source CMS of 2016" by CMS critic. The application does not always filter user...

Relay Ajax Directory Manager relayb01-071706 / 1.5.1 / 1.5.3 - Unauthenticated Arbitrary File Upload

Exploit for php platform in category web applications Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution A vulnerability within the Relay Ajax Directory Manager web application allows unauthenticated attackers to upload arbitrary files to the web serv...

IBM Endpoint Manager For Mobile Devices Code Execution

Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...

Mybb Ajaxfs Plugin Sql Injection vulnerability

a Sql Injection vulnerability In Mybb Ajaxfs Plugin Version 2.0 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...

MyBB Ajaxfs 2 Plugin - SQL Injection

MyBB Ajaxfs 2 Plugin - SQL Injection Mybb Ajaxfs Plugin Sql Injection vulnerability @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@...

WordPress NextGen Smooth Gallery Cross Site Scripting

Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress nextgen-smooth-gallery Plugin Xss vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected] Home : http://iedb.ir - http://iedb.ir/acc Software Link :...

Sharetronix 3.0.1 Cross Site Scripting

Exploit Title : xss signup sharetronix Designed By : amir.av727 Author : Ashiyane Digital Security Team Home : http://ashiyane.org Software Link : http://sharetronix.com Security Risk : High - xss Version : sharetronix 3.0.1 Exploit : 1-site.com/signup 2 . Copy "alert/Hacked By amir.av727/ In the...

HTTP File Server - v2.x XSS And File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Firstlink CMS Cross Site Scripting

Exploit Title : firstlink Cms Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.firstlink.com/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork : intext:"Website by...

WordPress Chenpress Shell Upload

Exploit Title : Wordpress chenpress Plugin Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server - win7 Dork :...

Concrete CMS 5.5 Shell Upload / Denial Of Service

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Results Unlimited CMS SQL Injection

Exploit Title : results-unlimited Cms Sql Injection Vulnerabilities Author : IrIsT Security Team - Security7 Security Team Discovered By : Am!r Home : http://IrIsT.Ir - http://Security7.Ir Software Link : http://www.results-unlimited.com/ Security Risk : High Version : All Version Tested on :...

HUAWEI SmartAX MT880 CSRF Vulnerability (ADSL Router)

Exploit for hardware platform in category web applications ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title:...