CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

248 matches found

Cvelist•added 2024/09/19 4:35 p.m.•15 views

CVE-2024-8652 Netcat CMS: reflected cross-site scripting in openstat module

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

5.9CVSS0.00166EPSS

Exploits0References1

Packet Storm•added 2024/08/29 12:0 a.m.•221 views

News Portal 4.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : News Portal v4.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendo...

Packet Storm•added 2024/06/19 12:0 a.m.•337 views

Bagisto 2.1.2 Client-Side Template Injection

Exploit Title: Bagisto 2.1.2 Client-Side Template InjectionCSTI VueJS Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://forums.bagisto.com/ Version: 2.1.2 Tested on: https://demo.bagisto.com/ https://demo.bagisto.com/bagisto-common/search?query=77 49...

Exploit DB•added 2024/04/13 12:0 a.m.•317 views

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...

Packet Storm•added 2024/02/22 12:0 a.m.•319 views

CMS Made Simple 2.2.19 Cross Site Scripting

Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory...

Packet Storm•added 2024/02/22 12:0 a.m.•292 views

Dotclear 2.29 Cross Site Scripting

Exploit Title: Dotclear Version : 2.29 - Reflected XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://dotclear.org/ Version : 2.29 Tested on: https://softaculous.com/demos/dotclear 1 Enter admin panel after write search button this payload : " 2...

0day.today•added 2024/02/05 12:0 a.m.•176 views

TP-LINK TL-WR740N - Multiple HTML Injection Vulnerability

Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities Exploit Author: Shujaat Amin ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: Windows 10 ---------------------------POC----------------------------- 1 G...

Packet Storm•added 2024/01/19 12:0 a.m.•323 views

Lepton CMS 7.0.0 Remote Code Execution

Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred...

Packet Storm•added 2023/11/27 12:0 a.m.•327 views

PopojiCMS 2.0.1 Remote Command Execution

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Date: 27/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

Packet Storm•added 2023/09/12 12:0 a.m.•266 views

Kylin CMS 1.3.0 SQL Injection

==================================================================================================================================== | Title : KylinCMS V1.3.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

Packet Storm•added 2023/08/01 12:0 a.m.•241 views

COMpose-IT CMS 2.0 Insecure Settings

==================================================================================================================================== | Title : COMpose-IT CMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bi...

Packet Storm•added 2023/07/11 12:0 a.m.•221 views

Rukovoditel Project Management CRM 2.4.1 Local File Inclusion

==================================================================================================================================== | Title : Rukovoditel Project Management CRM 2.4.1 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

GithubExploit•added 2023/06/29 3:23 p.m.•511 views

Exploit for OS Command Injection in Easynas

CVE-2023-0830: EasyNAS 1.1.0 Authenticated OS Command Injectio...

8.8CVSS7.5AI score0.38532EPSS

0day.today•added 2023/05/23 12:0 a.m.•243 views

WordPress Backup Migration 1.2.8 Plugin - Unauthenticated Database Backup Vulnerability

Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...

0day.today•added 2023/04/28 12:0 a.m.•306 views

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution Vulnerability

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

Packet Storm•added 2023/04/06 12:0 a.m.•208 views

BulletProof FTP Server 2019.0.0.51 Denial Of Service

Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service Discovery by: Yehia Elghaly - Mrvar0x Discovery Date: 2023-03-31 Vendor Homepage: https://barcodemagic.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.51 Tested on:...

Exploit DB•added 2023/04/01 12:0 a.m.•158 views

Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Executio= n RCE Authenticated Date: 19/10/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64...

8.8CVSS8.9AI score0.82155EPSS

Exploit DB•added 2023/03/25 12:0 a.m.•126 views

Human Resources Management System v1.0 - Multiple SQLi

Exploit Title: Human Resources Management System v1.0 - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.ht...

Packet Storm•added 2023/02/10 12:0 a.m.•287 views

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

0day.today•added 2022/12/24 12:0 a.m.•252 views

Senayan Library Management System 9.2.2 SQL Injection Vulnerability

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 Multiple SQLi-Not sanitizing correctly cookie session. Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by