Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2021/04/22 12:0 a.m.799 views

OTRS 6.0.1 - Remote Command Execution (2)

Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Date: 21-04-2021 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921...

9CVSS8.7AI score0.19901EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/11/20 12:0 a.m.794 views

Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Free MP3 CD Ripper 2.6 %q This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted...

7.8CVSS7.4AI score0.07991EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.793 views

Grafana 8.3.0 - Directory Traversal and Arbitrary File Read

Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read Date: 08/12/2021 Exploit Author: s1gh Vendor Homepage: https://grafana.com/ Vulnerability Details: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p Version: V8.0.0-beta1 through V8.3.0 Description...

7.5CVSS7.8AI score0.88849EPSS
Exploits44
Exploit DB
Exploit DB
added 2020/10/06 12:0 a.m.793 views

EasyPMS 1.0.0 - Authentication Bypass

Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/21 12:0 a.m.792 views

Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting

Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting Brand Name Exploit Author: Adeeb Shah @hyd3sec Date: August 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/10/27 12:0 a.m.792 views

DZCP (deV!L`z Clanportal) 1.5.4 - Local File Inclusion

Vulnerability ID: HTB22656 Reference: http://www.htbridge.ch/advisory/lfiindzcp.html Product: DZCP Vendor: dzcp.de http://www.dzcp.de Vulnerable Version: 1.5.4 Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status: Fixed by Vendor Risk level: High Credit: High-Tech...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/24 12:0 a.m.791 views

Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)

Exploit Title: Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE Authenticated Date: 5 Aug 2020 Exploit Author: maj0rmil4d Vendor Homepage: http://www.seowonintech.co.kr/en/ Hardware Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version: 1.0.11 Possibly al...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/02 12:0 a.m.790 views

Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)

Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/07 12:0 a.m.790 views

Cockpit CMS 0.6.1 - Remote Code Execution

Cockpit CMS 0.6.1 - Remote Code Execution Product: Cockpit CMS https://getcockpit.com Version: Cockpit CMS = 0.6.1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.788 views

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The code in...

9.8CVSS9.3AI score0.97107EPSS
Exploits15
Exploit DB
Exploit DB
added 2010/08/18 12:0 a.m.788 views

Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)

$Id: usermapscript.rb 10040 2010-08-18 17:24:46Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

6CVSS6.5AI score0.49759EPSS
Exploits16
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.787 views

WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)

Exploit Title: Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research Date: 2020 - 5 - 22 Vender Homepage: https://help.10web.io/ Version: = 5.4.1 Tested on: Ubuntu 18.04 Description: SQL injection in the Form Maker by 10Web WordPres...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/14 12:0 a.m.787 views

E-Commerce System 1.0 - Unauthenticated Remote Code Execution

Exploit Title: E-Commerce System 1.0 - Unauthenticated Remote Code Execution Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-14 Vendor Homepage: https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/11 12:0 a.m.782 views

Tea LaTex 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Tea LaTex 1.0 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-09-01 Exploit Author: nepska Vendor Homepage: https://github.com/ammarfaizi2/latex.teainside.org Software Link: https://github.com/ammarfaizi2/latex.teainside.org Version: v1.0 Tested on: Kali linux /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.781 views

BIND 9.10.5 - Unquoted Service Path Privilege Escalation

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BIND9-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: =========== www.isc.org Product: =========== BIND9 v9.10.5 x86 / x64 BIND is open source software that enables you...

7.8CVSS7AI score0.01413EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/10/21 12:0 a.m.780 views

School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC

Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.778 views

WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...

6.1CVSS6.5AI score0.05721EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.778 views

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/13 12:0 a.m.778 views

Tryton 5.4 - Persistent Cross-Site Scripting

Exploit Title: Tryton 5.4 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-05-13 Vendor Homepage: https://www.tryton.org/ Version: 5.4 Software Link: https://www.tryton.org/download Document Title: =============== Tryton v5.4 - Name Persistent Cross Site Vulnerabilit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/03/14 12:0 a.m.778 views

Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure

lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit written by Kingcope import sys impor...

6.8CVSS6.3AI score0.07342EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/03/18 12:0 a.m.777 views

VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path

Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Date: 2021-2-6 Exploit Author: Mohammed Alshehri Vendor Homepage: https://vfsforgit.org/ Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe Version: 1.0.21014....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/23 12:0 a.m.776 views

Joomla! 3.4.6 - Remote Code Execution (Metasploit)

Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This modul...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/12 12:0 a.m.776 views

Apache 2.4.23 mod_http2 - Denial of Service

!/usr/bin/python """ source : http://seclists.org/bugtraq/2016/Dec/3 The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory...

7.5CVSS7.7AI score0.7907EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/07/26 12:0 a.m.775 views

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

include include / EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define MNOPENHIERARCHY 0x01E3 define MNCANCELMENUS 0x1E6 define MNBUTTONDOWN...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/19 12:0 a.m.775 views

Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)

Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation http://www.offensive-security.com Thx to Moritz Jodeit for the beautiful writeup http://www.exploit-db.com/docs/35152.pdf Target OS Windows 8.0 - 8.1 x64 Author: Matteo Memelli ryujin...

7.8CVSS8AI score0.87042EPSS
Exploits22
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.772 views

VMware vCenter Server 7.0 - Unauthenticated File Upload

Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload Date: 2021-02-27 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Version: vCenter Server 6.5 7515524. File name CVE-2021-21972.py written by tijldotdeneutathowestdotb...

10CVSS9.9AI score0.9957EPSS
Exploits47
Exploit DB
Exploit DB
added 2021/04/13 12:0 a.m.771 views

ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow

Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow Date: 09-04-2021 Exploit Author: Jai Kumar Sharma Vendor Homepage: https://www.expressvpn.com/ Software Link: https://www.expressvpn.com/vpn-software/vpn-router Version: version 1 Tested on: Windows/Ubuntu/MacOS CVE ...

7.5CVSS7.6AI score0.16354EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.770 views

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/26 12:0 a.m.770 views

PHPMailer < 5.2.18 - Remote Code Execution

!/bin/bash CVE-2016-10033 exploit by opsxcq https://github.com/opsxcq/exploit-CVE-2016-10033 echo '+ CVE-2016-10033 exploit by opsxcq' if -z "$1" then echo '- Please inform an host as parameter' exit -1 fi host=$1 echo '+ Exploiting '$host curl -sq 'http://'$host -H 'Content-Type:...

9.8CVSS10AI score0.99714EPSS
Exploits58
Exploit DB
Exploit DB
added 2020/06/23 12:0 a.m.769 views

Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)

Exploit Title: Online Student Enrollment System 1.0 - Cross-Site Request Forgery Add Student Google Dork: N/A Date: 2020-06-20 Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.768 views

Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting

Exploit Title: Nagios Log Server 2.1.7 - 'snapshotname' Persistent Cross-Site Scripting Date: 31.08.2020 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.nagios.com/ Software Link: https://www.nagios.com/products/nagios-log-server/ Version: 2.1.7 Tested on: Linux/ISO Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.767 views

Online Job Portal 1.0 - 'userid' SQL Injection

Exploit Title: Online Job Portal 1.0 - 'userid' SQL Injection Google Dork: N/A Date: 2020/10/28 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/13 12:0 a.m.766 views

Apache Tomcat 9.0.0.M1 - Open Redirect

Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect Date: 10/04/2018 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 CVE : CVE-2018-11784 Proof of Concept: Identify a subfolder within your application http://example.com/test/...

4.3CVSS5.7AI score0.94494EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.766 views

House Rental 1.0 - 'keywords' SQL Injection

Exploit Title: House Rental 1.0 - 'keywords' SQL Injection Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip Version: 1.0 Tested On: Windows 10 Pro...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/21 12:0 a.m.766 views

ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection

Exploit Title: ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection discovery Date: 2019-01-24 published : 2020-01-20 Exploit Author: AmirHadi Yazdani Vendor Homepage: https://www.manageengine.com/network-configuration-manager/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/07/08 12:0 a.m.763 views

phpMyAdmin3 (pma3) - Remote Code Execution

!/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "config" directory must created&writeable in pm...

7.5CVSS6.6AI score0.12879EPSS
Exploits16
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.762 views

mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting

Exploit Title: mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Date: 3-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://mojoportal.com Software Link: https://www.mojoportal.com/download Version: 2.7.0.0 Tested on: Windows 10/Kali Linux Attack vector: This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/05 12:0 a.m.762 views

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...

9.4CVSS0.7AI score0.05187EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/19 12:0 a.m.762 views

Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting

Exploit Title: Victor CMS 1.0 - 'commentauthor' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/10/02 12:0 a.m.762 views

Dnsmasq < 2.78 - Integer Underflow

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...

7.8CVSS8.9AI score0.66347EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/12/14 12:0 a.m.761 views

Apache Log4j 2 - Remote Code Execution (RCE)

Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...

10CVSS9.8AI score0.99999EPSS
Exploits352
Exploit DB
Exploit DB
added 2014/05/31 12:0 a.m.761 views

Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3)

/ Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c -O2 -o vnik $ uname -r...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/27 12:0 a.m.760 views

ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)

Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.759 views

Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)

Exploit Title: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage Date: 2020-16-09 Exploit Author: nag0mez Vendor Homepage: https://ultimatepro.codexcube.com/ Version: = 2.0.5 Tested on: Kali Linux 2020.2 The SQLi injection does not allow UNION payloads. However, we can guess...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/22 12:0 a.m.757 views

CSE Bookstore 1.0 - Multiple SQL Injection

Exploit Title : CSE Bookstore 1.0 - Multiple SQL Injection Date : 2020-12-21 Author : Musyoka Ian Version : CSE Bookstore 1.0 Vendor Homepage: https://projectworlds.in/ Platform : PHP Tested on : Debian CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.757 views

Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting

Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Discovery Date: 2019-09-25 Vendor Homepage: https://www.microsoft.com Software Link:...

5.4CVSS7AI score0.02993EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.756 views

Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path

Exploit Title: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 05-12-2020 Vendor Homepage: https://www.kite.com/ Software Links : https://www.kite.com/download/ Tested Version: 1.2020.1119.0 Vulnerability Type: Unquoted Service Path Tested on OS:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/11/18 12:0 a.m.756 views

Jetty Web Server - Directory Traversal

source: https://www.securityfocus.com/bid/50723/info Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Informatio...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/16 12:0 a.m.755 views

Car Rental Management System 1.0 - Remote Code Execution (Authenticated)

Exploit Title: Car Rental Management System 1.0 - Remote Code Execution Authenticated Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/08/31 12:0 a.m.755 views

Microsoft IIS 5.0/6.0 FTP Server (Windows 2000) - Remote Stack Overflow

IIS 5.0 FTPd / Remote r00t exploit Win2k SP4 targets bug found & exploited by Kingcope, kcope2googlemail.com Affects IIS6 with stack cookie protection August 2009 - KEEP THIS 0DAY PRIV8 use IO::Socket; $|=1; metasploit shellcode, adduser "winown:nwoniw" $sc =...

7AI score
Exploits0
Total number of security vulnerabilities5000