CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2022/02/03 12:0 a.m.•456 views

Feberr 12.7 Shell Upload Vulnerability

Exploit Title: Feberr - Multivendor Digital Products Marketplace arbitrary file upload Version 12.7 Google Dork: N/A Exploit Author: Sohel Yousef - email protected Software Link: https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace Software link 2...

OpenVAS•added 2022/01/28 12:0 a.m.•31 views

Mageia: Security Advisory (MGASA-2017-0117)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.9AI score0.1684EPSS

Exploits0References4

Packet Storm•added 2022/01/18 12:0 a.m.•249 views

Landa Driving School Management System 2.0.1 Arbitrary File Upload

Exploit Title: Landa Driving School Management System Arbitrary File Upload Version 2.0.1 Google Dork: N/A Date: 17/01/2022 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Software link 2...

Exploit DB•added 2022/01/10 12:0 a.m.•341 views

Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting XSS Authenticated Date: 01/11/2021 Exploit Author: Dominic Clark parzival Vendor Homepage: https://opmantek.com/ Software Link: https://www.open-audit.org/downloads.php Category: WebApps Version: = 4.2.0 Tested on: Windows 10 CVE:...

6.1CVSS6.3AI score0.03709EPSS

0day.today•added 2022/01/10 12:0 a.m.•265 views

Open-AudIT Community 4.2.0 - Cross-Site Scripting Vulnerability

Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting XSS Authenticated Exploit Author: Dominic Clark parzival Vendor Homepage: https://opmantek.com/ Software Link: https://www.open-audit.org/downloads.php Category: WebApps Version: = 4.2.0 Tested on: Windows 10 CVE: CVE-2021-44916 1...

6.1CVSS0.1AI score0.03709EPSS

Packet Storm•added 2022/01/10 12:0 a.m.•277 views

Open-AudIT Community 4.2.0 Cross Site Scripting

6.1CVSS6.4AI score0.03709EPSS

Packet Storm•added 2021/12/20 12:0 a.m.•245 views

Bazaar Web PHP Social Listings Shell Upload

-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Google Dork: N/A Date: 19/12/2021 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo...

0day.today•added 2021/12/20 12:0 a.m.•380 views

Signup PHP Portal 2.1 Shell Upload Vulnerability

-- Exploit Title: Signup Php Portal Arbitrary File Upload Exploit Author: Sohel Yousef - email protected Software Link: https://codecanyon.net/item/signup-php-portal/23066564 Software Demo :https://ocsolutions.co.in/signupcustomscript/customerregister.php Category: webapps Version: 2.1 1...

RedHat Linux•added 2021/12/14 9:31 p.m.•6 views

jetty: Symlink directory exposes webapp directory contents

If the $jetty.base directory or the $jetty.base/webapps directory is a symlink the contents of the $jetty.base/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality...

4CVSS7.3AI score0.0418EPSS

Exploits1References5

RedHat Linux•added 2021/11/23 10:34 a.m.•6 views

jetty: Symlink directory exposes webapp directory contents

4CVSS7.3AI score0.0418EPSS

Exploits1References5

Exploit DB•added 2021/10/06 12:0 a.m.•260 views

Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection

Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Date: 05.10.2021 Exploit Author: Emel Basayar Vendor: Odine Solutions - odinesolutions.com Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/ Version: 1.0 Category: Webapps Tested on: Ubunt...

Packet Storm•added 2021/10/06 12:0 a.m.•271 views

Odine Solutions GateKeeper 1.0 SQL Injection

0.4AI score

Tenable Nessus•added 2021/10/04 12:0 a.m.•597 views

Jetty < 9.4.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

7.8CVSS6.6AI score0.82371EPSS

Exploits9References6

Tenable Nessus•added 2021/10/04 12:0 a.m.•110 views

Jetty 10.0.x < 10.0.2 Multiple Vulnerabilities

7.8CVSS6.6AI score0.82371EPSS

Exploits9References6

Tenable Nessus•added 2021/10/04 12:0 a.m.•117 views

Jetty 11.0.x < 11.0.2 Multiple Vulnerabilities

7.8CVSS6.6AI score0.82371EPSS

Exploits9References6

Exploit DB•added 2021/10/01 12:0 a.m.•317 views

CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimpleXH 1.7.4 - Remote Code Execution RCE Authenticated Date: 01-10-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.cmsimple-xh.org/ Software Link: https://www.cmsimple-xh.org/?Downloads Version: 1.7.4 Category: Webapps Tested on: Linux/Windows CMSimpleX...

RedHat Linux•added 2021/09/30 9:57 a.m.•0 views

jetty: Symlink directory exposes webapp directory contents

4CVSS7.3AI score0.0418EPSS

Exploits1References5

0day.today•added 2021/09/22 12:0 a.m.•141 views

E-Negosyo System 1.0 SQL Injection Vulnerability

Exploit Title: E-Negosyo System 1.0 - Time-Based Blind SQLi - admin/login.php Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category:...