Lucene search
K

2177 matches found

Packet Storm
Packet Storm
added 2025/04/10 12:0 a.m.244 views

📄 PandoraFMS 7.0NG.772 SQL Injection

PandoraFMS version 7.0NG.772 proof of concept authenticated remote SQL injection exploit. Exploit Title: PandoraFMS console v7.0NG.772 - SQL Injection Authenticated Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link:...

8.8CVSS9AI score0.0073EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/03/28 12:0 a.m.228 views

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Exploit Title: Progress Telerik Report Server 2024 Q1 10.0.24.305 - Authentication Bypass Fofa Dork: title="Telerik Report Server" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4358 Vendor Homepage: https://www.telerik.com/report-server Software...

9.8CVSS9.7AI score0.97482EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/12/02 12:0 a.m.304 views

Simple Chat System 1.0 Cross Site Scripting

Exploit Title:Simple Chat System 1.0 Reflected XSS Date:05/12/2024 Exploit Author:Merve Hatice Arslan Vendor Homepage:https://code-projects.org/simple-chat-system/ Sofware Link:https://download.code-projects.org/details/ec6340ea-ef68-48d9-b9b2-da397f52b2dc Version:1.0 Tested on:Linux / XAMPP...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2024/11/19 11:54 p.m.581 views

Exploit for CVE-2024-42640

CVE-2024-42640 Unauthenticated Remote Code Execution via Angul...

9.8CVSS8.5AI score0.43683EPSS
Exploits16
0day.today
0day.today
added 2024/11/06 12:0 a.m.304 views

SmartAgent 1.1.0 SQL Injection Vulnerability

Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request to the vulnerable...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/11/04 12:0 a.m.315 views

Sysax Multi Server 6.99 Cross Site Scripting

Exploit Title: Sysax Multi Server 6.99 - Reflected XSS Date: 2024-11-03 Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Version: MultiServer 6.99 Tested on: Windows 10 x64 Reflected XSS - Affected...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/17 12:0 a.m.404 views

SofaWiki 3.9.2 Shell Upload

Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote co...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/10/15 12:0 a.m.358 views

Peel Shopping 2.x Cross Site Scripting / SQL Injection Exploit

Peel Shopping versions 2.x and below 3.1 suffer from cross site scripting and remote SQL injection vulnerabilities. This was already noted discovery in 2012 by Cyber-Crystal but this data provides more details. Exploit Title: Peel Shopping "catid=" SQL injection Google Dork:...

7.8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/26 12:0 a.m.261 views

Helpdeskz 2.0.2 Cross Site Scripting

Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/16 12:0 a.m.319 views

WordPress Shield Security 20.0.5 Cross Site Scripting

Exploit Title: CVE-2024-7313 - Reflected XSS to Unauthorised Administrator Account Creation Google Dork: inurl:"/wp-content/plugins/wp-simple-firewall/" Cannot find version numbers from this DORK Date: 16/08/2024 Exploit Author: Tim Lepp Vendor Homepage: https://getshieldsecurity.com/ Software...

7.4AI score0.01444EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/07/15 12:0 a.m.153 views

WordPress PZ Frontend Manager 1.0.5 Cross Site Request Forgery

Exploit Title: pz-frontend-manager = 1.0.5 - CSRF change user profile picture Date: 2024-07-01 Exploit Author: Vuln Seeker Cybersecurity Team Vendor Homepage: https://wordpress.org/plugins/pz-frontend-manager/ Version: = 1.0.5 Tested on: Firefox Contact me: [email protected] The plugin does no...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/01 12:0 a.m.331 views

Xhibiter NFT Marketplace 1.10.2 SQL Injection

Exploit Title: xhibiter nft marketplace SQLI Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs" Date: 29/06/204 Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/26 12:0 a.m.278 views

Poultry Farm Management System 1.0 Shell Upload

Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.335 views

Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.417 views

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...

8.1CVSS8.2AI score0.00581EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.442 views

Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...

9.8CVSS7.4AI score0.99284EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/06/14 12:0 a.m.322 views

AEGON LIFE 1.0 Remote Code Execution

Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...

7.2AI score0.00581EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.359 views

AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

Exploit Title: Life Insurance Management Stored System- cross-site scripting XSS Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEG...

6.1CVSS6.6AI score0.00299EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.260 views

Dotclear 2.29 - Remote Code Execution (RCE)

Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.337 views

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

7.4AI score0.01673EPSS
Exploits4
Rows per page
Query Builder