CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2024/05/20 12:0 a.m.•296 views

Apache OFBiz 18.12.12 Directory Traversal

Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...

0day.today•added 2024/05/19 12:0 a.m.•303 views

Wordpress Theme XStore 9.3.8 - SQL injection Vulnerability

Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi Google Dork: N/A Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Version: 5.3.5 Tested on: Windows10 CVE: CVE-2024-33559 Poc POST /?s=%27%3B+SELECT++FROM+wpposts%3B+-- HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT...

9.3CVSS7.1AI score0.03553EPSS

Exploits3

Exploit DB•added 2024/05/19 12:0 a.m.•423 views

Wordpress Theme XStore 9.3.8 - SQLi

Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Version: 5.3.5 Tested on: Windows10 CVE: CVE-2024-33559 Poc POST /?s=%27%3B+SELECT++FROM+wpposts%3B+-- HTTP/1.1 Host: example.com User-Agent:...

9.3CVSS9.2AI score0.03553EPSS

Exploits3

Packet Storm•added 2024/05/14 12:0 a.m.•329 views

CrushFTP Directory Traversal

Exploit Title: CrushFTP Directory Traversal Google Dork: N/A Date: 2024-04-30 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://www.crushftp.com/ Software Link: https://www.crushftp.com/download/ Version: below 10.7.1 and 11.1.0 as well as legacy 9.x Tested...

0day.today•added 2024/05/13 12:0 a.m.•219 views

CrushFTP < 11.1.0 - Directory Traversal Exploit

Exploit Title: CrushFTP Directory Traversal Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://www.crushftp.com/ Software Link: https://www.crushftp.com/download/ Version: below 10.7.1 and 11.1.0 as well as legacy 9.x Tested on: Windows10 import requests...

Exploit DB•added 2024/05/13 12:0 a.m.•292 views

CrushFTP < 11.1.0 - Directory Traversal

Exploit DB•added 2023/07/03 12:0 a.m.•180 views

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Date: 29/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...

Packet Storm•added 2023/04/06 12:0 a.m.•254 views

BTCPay Server 1.7.4 HTML Injection

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...

8.8CVSS8.8AI score0.07896EPSS

0day.today•added 2023/04/05 12:0 a.m.•261 views

BTCPay Server v1.7.4 - HTML Injection Vulnerability

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete API key, the html...

8.8CVSS8.7AI score0.07896EPSS

Exploit DB•added 2023/04/05 12:0 a.m.•154 views

BTCPay Server v1.7.4 - HTML Injection

8.8CVSS7AI score0.07896EPSS

Packet Storm•added 2022/06/03 12:0 a.m.•230 views

Microweber CMS 1.2.15 Account Takeover

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...

8.8CVSS7.7AI score0.08772EPSS

0day.today•added 2022/06/03 12:0 a.m.•258 views

Microweber CMS 1.2.15 - Account Takeover Vulnerability

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631 Description:...

8.8CVSS0.1AI score0.08772EPSS

OSV•added 2022/05/17 12:11 a.m.•34 views

GHSA-735F-MX7H-46W8 ChakraCore vulnerable to remote code execution due to insufficient InlineCache check

ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". An insufficient...

7.5CVSS8AI score0.08643EPSS

Exploits0References7

CNNVD•added 2022/04/12 12:0 a.m.•3 views

Microsoft Hyper-V安全漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A security vulnerability exists in Microsoft Hyper-V. The following products and versions are affected: Windows 10 Version 21H1 for x64-based...

7.8CVSS7.7AI score0.00539EPSS

Exploits0References5

GithubExploit•added 2021/03/05 2:11 a.m.•228 views

Exploit for Out-of-bounds Write in Microsoft

CVE-2021-1732-Exploit CVE-2021...

7.8CVSS8.4AI score0.78376EPSS

Exploits21

Pen Test Partners Blog•added 2021/02/23 6:32 a.m.•86 views

Feature and Permission Policies. Security issues

Introduction In order to help enhance the user experience of their site, companies may ask to use features of your browser, such as geolocation or notifications to produce a more tailored experience. Web site developers may configure the site or allow third-party content, loaded in frames, to use...

6AI score

Exploit DB•added 2020/10/29 12:0 a.m.•489 views

Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot

Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot Date: 10/28/2020 Exploit Author: Mohammed Farhan Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Author Contact:...

Hacker One•added 2020/01/30 10:14 a.m.•153 views

Mail.ru: [windows10.hi-tech.mail.ru] Blind SQL Injection

Доброе утро! Сегодня удалось найти у вас слепую скулю, правда она снова вне скопа походу URL: https://windows10.hi-tech.mail.ru/api/tweets?cityid=select0fromselectsleep25v Request: GET /api/tweets?cityid=select0fromselectsleep25v HTTP/1.1 Host: windows10.hi-tech.mail.ru User-Agent: Mozilla/5.0 X1...

0.3AI score