Lucene search
K

1376 matches found

exploitdb
exploitdb
added 2024/04/21 12:0 a.m.381 views

Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution

Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Date: 2024-04-16 Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/04/19 12:0 a.m.190 views

FlatPress 1.3 Shell Upload

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

7.4AI score
Exploits0
zdt
zdt
added 2024/04/15 12:0 a.m.257 views

Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2024/04/13 12:0 a.m.321 views

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2024/04/12 12:0 a.m.298 views

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/04/05 12:0 a.m.402 views

Seo Panel 4.7.0 Cross Site Scripting

Exploit Title: Seo Panel 4.7.0 Reflected XSS Exploit Author: Arzu DEMÝREZ Date: 05.03-2024 Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.7.0 Version: Seo Panel 4.7.0 -Description: A cross-site scripting XSS issue in the SEO admin...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/04/02 12:0 a.m.492 views

Computer Laboratory Management System 1.0 Insecure Direct Object Reference

Vulnerability Details: Application Name: Computer Laboratory Management System Software Link: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Vendor Homepage: https://www.sourcecodester.com/users/tips23 BuG: Insecure Direct Object References...

5.5CVSS7.2AI score0.00487EPSS
Exploits2
exploitdb
exploitdb
added 2024/04/02 12:0 a.m.421 views

Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution RCE Date: 02/04/2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version:...

6.8AI score
Exploits0
packetstorm
packetstorm
added 2024/03/28 12:0 a.m.293 views

Event Management 1.0 SQL Injection

Exploit Title: Event Management - SQL Injection Application: Event Management Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://github.com/PuneethReddyHC Software Link: https://github.com/PuneethReddyHC/event-management Version:1.0 Attack Type: Remote Tested on...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/03/28 12:0 a.m.267 views

Workout Journal App 1.0 Cross Site Scripting

Exploit Title: Workout Journal App 1.0 - Stored XSS Date: 12.01.2024 Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows /...

7.4AI score0.00443EPSS
Exploits4
zdt
zdt
added 2024/03/20 12:0 a.m.406 views

Employee Management System 1.0 - (admin_id) SQL injection Vulnerability

Exploit Title: Employee Management System 1.0 - 'adminid' SQLi Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1.0 Tested on: Windows, Linux...

9.8CVSS7.4AI score0.01229EPSS
Exploits4
packetstorm
packetstorm
added 2024/03/19 12:0 a.m.305 views

Quick.CMS 6.7 SQL Injection

Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Google Dork: N/A Date: 02-03-2024 Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/03/19 12:0 a.m.293 views

Gibbon LMS 26.0.00 PHP Deserialization / Code Execution

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...

7.4AI score0.5132EPSS
Exploits7
exploitdb
exploitdb
added 2024/03/18 12:0 a.m.385 views

Atlassian Confluence < 8.5.3 - Remote Code Execution

Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Date: 25/1/2024 Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Teste...

10CVSS9.8AI score0.99984EPSS
Exploits32
exploitdb
exploitdb
added 2024/03/14 12:0 a.m.332 views

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

7.8CVSS7.7AI score0.01777EPSS
Exploits3
zdt
zdt
added 2024/03/06 12:0 a.m.368 views

Customer Support System 1.0 - Multiple SQL injection Vulnerability

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

8.8CVSS8.9AI score0.13754EPSS
Exploits6
packetstorm
packetstorm
added 2024/03/06 12:0 a.m.460 views

Customer Support System 1.0 SQL Injection

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

8.8CVSS7.4AI score0.13754EPSS
Exploits6
exploitdb
exploitdb
added 2024/03/06 12:0 a.m.443 views

elFinder Web file manager Version - 2.1.53 Remote Command Execution

Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zi...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2024/03/03 12:0 a.m.413 views

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

7.5CVSS7.6AI score0.46966EPSS
Exploits4
exploitdb
exploitdb
added 2024/03/03 12:0 a.m.307 views

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder