CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4149 matches found

Exploit DB•added 2024/05/31 12:0 a.m.•246 views

ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Date: 2024-5-24 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1...

7.4AI score

Exploits0

0day.today•added 2024/05/28 12:0 a.m.•316 views

ElkArte Forum 1.1.9 Remote Code Execution Vulnerability

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1 After login go t...

7.4AI score

Exploits0

Packet Storm•added 2024/05/27 12:0 a.m.•280 views

ElkArte Forum 1.1.9 Remote Code Execution

7.4AI score

Exploits0

GithubExploit•added 2024/05/15 6:35 a.m.•438 views

Exploit for Authentication Bypass by Spoofing in Booster Booster_For_Woocommerce

CVE-2021-34646 PoC for CVE-2021-34646 Exploit Title: W...

9.8CVSS9.9AI score0.50869EPSS

Exploits8

0day.today•added 2024/05/13 12:0 a.m.•170 views

PyroCMS v3.0.1 - Stored XSS Vulnerability

Exploit Title: PyroCMS v3.0.1 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS ----------------------------------------------------------------------------------------------------...

7.4AI score

Exploits0

0day.today•added 2024/05/13 12:0 a.m.•164 views

CE Phoenix Version 1.0.8.20 - Stored XSS Vulnerability

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

7.4AI score

Exploits0

Exploit DB•added 2024/05/13 12:0 a.m.•251 views

PyroCMS v3.0.1 - Stored XSS

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

7AI score

Exploits0

Kitploit•added 2024/05/04 12:30 p.m.•31 views

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

5.9AI score

Exploits0References2

0day.today•added 2024/04/21 12:0 a.m.•273 views

Wordpress Background Image Cropper v1.2 Plugin - Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...

7.4AI score

Exploits0

Exploit DB•added 2024/04/21 12:0 a.m.•365 views

Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution

Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Date: 2024-04-16 Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...

7.4AI score

Exploits0

0day.today•added 2024/04/08 12:0 a.m.•282 views

Wordpress Travelscape v1.0.3 Theme - Arbitrary File Upload Exploit

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from multiprocessing.dummy impor...

7.4AI score

Exploits0

Exploit DB•added 2024/04/02 12:0 a.m.•340 views

CE Phoenix v1.0.8.20 - Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

7.4AI score

Exploits0

Exploit DB•added 2024/04/02 12:0 a.m.•333 views

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: LeptonCMS 7.0.0 - Remote Code Execution RCE Authenticated Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 Go to Languages place...

7.4AI score

Exploits0

Packet Storm•added 2024/04/01 12:0 a.m.•290 views

WordPress Gutenberg 18.0.0 Cross Site Scripting

Exploit Title: Wordpress Gutenberg Plugin Version 18.0.0 Stored XSS Date: 2024-3-29 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://wordpress.org/plugins/gutenberg/ Version 18.0.0 1 Go to Gutenberg Plugin edit page :...

7.4AI score

Exploits0

Exploit DB•added 2024/03/28 12:0 a.m.•310 views

liveSite Version 2019.1 - Remote Code Execution

Exploit Title: liveSite Version : 2019.1 Campaigns Remote Code Execution Date: 2024-1-9 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Campaigns Create Campaig...

7.4AI score

Exploits0

0day.today•added 2024/03/27 12:0 a.m.•277 views

MobileShop master v1.0 - SQL Injection Vulnerability

Exploit Title: MobileShop master v1.0 - SQL Injection Vuln. + Exploit Author: "HAZIM ARBAŞ" from EMA Security LTD - Siber Güvenlik ve Bilişim Hizmetleri https://emasecurity.com + Vendor Homepage: https://code-projects.org/mobile-shop-in-php-css-javascript-and-mysql-free-download/ + Software Link:...

7.4AI score

Exploits0

Exploit DB•added 2024/03/25 12:0 a.m.•310 views

MobileShop master v1.0 - SQL Injection Vuln.

Exploit Title: MobileShop master v1.0 - SQL Injection Vuln. + Date: 2024-13-03 + Exploit Author: "HAZIM ARBAŞ" from EMA Security LTD - Siber Güvenlik ve Bilişim Hizmetleri https://emasecurity.com + Vendor Homepage:...

7.4AI score

Exploits0

Vulnrichment•added 2024/03/05 4:44 a.m.•12 views

CVE-2024-20837

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction...

5.3CVSS6.7AI score0.00148EPSS

Exploits0References1

CVE•added 2024/03/05 4:44 a.m.•51 views

CVE-2024-20837

Samsung Internet prior to version 24.0.0.41 contains an issue in how it grants permissions for Trusted Web Activities (TWAs). The vulnerability arises from improper handling of permission grants, enabling local attackers to grant permissions to their own TWA WebApps without user interaction. Affe...

5.3CVSS5.2AI score0.00148EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/03/05 4:44 a.m.•14 views

CVE-2024-20837

5.3CVSS5.5AI score0.00148EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by