CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2021/09/03 12:0 a.m.•193 views

jforum 2.7.0 Cross Site Scripting

hi, I found a vulnerability in the jforum 2.7.0. It is a storage cross site script vulnerability. The place is the user's profile - signature. The technique of the vulnerability is the same as that described in this article "STORED CROSS SITE SCRIPTING IN BBCODE"...

CNNVD•added 2021/08/25 12:0 a.m.•3 views

Sourceforge PoDoFo 缓冲区错误漏洞

PoDoFo is a free, portable and easy-to-use library for parsing, modifying and creating PDFs. version 0.9.6 of PoDoFo is vulnerable to a stack buffer overflow. An attacker can exploit this vulnerability via src/base/PdfDictionary.cpp:65 to cause a denial of service...

5.5CVSS6.1AI score0.00112EPSS

Exploits1References2

Exploit DB•added 2021/08/13 12:0 a.m.•268 views

Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS

Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS Date: 13.08.2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/...

Exploit DB•added 2021/07/19 12:0 a.m.•193 views

PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection

Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Date: 2021-07-10 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to...

9.1CVSS9.4AI score0.00699EPSS

Exploits2

0day.today•added 2021/07/19 12:0 a.m.•172 views

Dolibarr ERP/CRM 10.0.6 - Login Brute Force Exploit

Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force Exploit Author: Creamy Chicken Soup Vendor Homepage: https://www.dolibarr.org Software Link: https://sourceforge.net/projects/dolibarr/ Version: 10.0.6 Tested on: Windows 10 - 64bit CVE: CVE-2020-7995 function brute$url,$username,$passwd...

10CVSS9.6AI score0.00636EPSS

Packet Storm•added 2021/07/19 12:0 a.m.•256 views

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force Date:2020-01-18 Exploit Author: Creamy Chicken Soup Vendor Homepage: https://www.dolibarr.org Software Link: https://sourceforge.net/projects/dolibarr/ Version: 10.0.6 Tested on: Windows 10 - 64bit CVE: CVE-2020-7995 function...

10CVSS9.6AI score0.00636EPSS

Packet Storm•added 2021/06/30 12:0 a.m.•133 views

phpAbook 0.9i SQL Injection

Exploit Title: phpAbook 0.9i - SQL Injection Date: 2021-06-29 Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage...

0.3AI score

0day.today•added 2021/06/30 12:0 a.m.•51 views

phpAbook 0.9i - SQL Injection Vulnerability

Exploit Title: phpAbook 0.9i - SQL Injection Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. import requests...

0.4AI score

CNNVD•added 2021/06/13 12:0 a.m.•1 views

Sourceforge mbsync 代码问题漏洞

Sourceforge mbsync is an application from the Sourceforge community in the United States. Provides synchronization of remote IMAP mailboxes with local maildir style mailboxes A code issue vulnerability exists in Sourceforge mbsync, which arises from a boundary error when handling an unexpected...

7.8CVSS7.9AI score0.00855EPSS

Exploits0References13

0day.today•added 2021/06/03 12:0 a.m.•44 views

FUDForum 3.1.0 - (srch) Reflected XSS Vulnerability

Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...

6.1CVSS0.5AI score0.03939EPSS

0day.today•added 2021/06/01 12:0 a.m.•24 views

DupTerminator 1.4.5639.37199 - Denial of Service Exploit

Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service PoC Author: Brian Rodríguez Software Site: https://sourceforge.net/projects/dupterminator/ Version: 1.4.5639.37199 Category: DoS Windows Vulnerability DupTerminator is vulnerable to a DoS condition when a long list of characters is...

Exploit DB•added 2021/06/01 12:0 a.m.•159 views

DupTerminator 1.4.5639.37199 - Denial of Service (PoC)

Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service PoC Date: 2021-05-28 Author: Brian Rodríguez Software Site: https://sourceforge.net/projects/dupterminator/ Version: 1.4.5639.37199 Category: DoS Windows Vulnerability DupTerminator is vulnerable to a DoS condition when a long list o...

Packet Storm•added 2021/06/01 12:0 a.m.•152 views

DupTerminator 1.4.5639.37199 Denial Of Service

Exploit DB•added 2021/05/28 12:0 a.m.•176 views

Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

9CVSS8.8AI score0.84622EPSS

CNNVD•added 2021/05/26 12:0 a.m.•1 views

Sourceforge PoDoFo 安全漏洞

PoDoFo is a free, portable and easy to use PDF parsing, modification and creation library. A security vulnerability exists in the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp in PoDoFo version 0.9.7. An attacker can exploit the vulnerability to cause a stack overflow...

5.5CVSS5.7AI score0.00108EPSS

Exploits1References2

CNVD•added 2021/05/21 12:0 a.m.•7 views

Unspecified Vulnerability in SOURCEFORGE Adminer

SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. Provides database management in a single PHP file. A security vulnerability exists in Adminer versions 4.6.1 through 4.8.0, which stems from Adminer's use of the pdo extension to communicate with the database, and...

7.5CVSS6.6AI score0.29507EPSS

Exploits1References1

CNNVD•added 2021/05/19 12:0 a.m.•2 views

SOURCEFORGE Adminer 跨站脚本漏洞

7.5CVSS5.6AI score0.29507EPSS

Exploits1References5

0day.today•added 2021/05/10 12:0 a.m.•34 views

PHP Timeclock 1.04 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on: PHP 4.4.9/5.3.3...

0.1AI score

0day.today•added 2021/05/08 12:0 a.m.•60 views

PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Vulnerability

Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on: PHP...

0.2AI score