Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.686 views

xuucms 3 - 'keywords' SQL Injection

Exploit Title: xuucms 3 - 'keywords' SQL Injection Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.cxuu.top/ Software Link: https://github.com/cbkhwx/cxuucmsv3 Version: cxuucms - v3 CVE : CVE-2020-28091 SQL injection exists in search.php. For details, please refer to:...

7.5CVSS7.7AI score0.03751EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.685 views

Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path

Exploit Title: Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.dupscout.com Software Links: https://www.dupscout.com/setupsx64/dupscoutsrvsetupv13.5.28x64.exe...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/01 12:0 a.m.685 views

phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)

Exploit Title: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution Authenticated Date: 29/03/2021 Exploit Author: Valerio Severini Vendor Homepage: Software Link: https://github.com/phppgadmin/phppgadmin/releases/tag/REL7-13-0 Version: 7.13.0 or lower Tested on: Debian 10 and Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/30 12:0 a.m.685 views

Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting

Exploit Title: Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting Date: 3/30/2021 Exploit Author: cmOs Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.9 Tested on Ubuntu 20.04 Step 1: Log in to the dashboard using th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/23 12:0 a.m.685 views

Online Learning Management System 1.0 - 'id' SQL Injection

Exploit Title: Online Learning Management System 1.0 - 'id' SQL Injection Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.685 views

Ecommerce Systempay 1.0 - Production KEY Brute Force

Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force Author: live3 Date: 2020-02-05 Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ Tested on: MacOs Version: ALL ?php / INFORMATION Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/15 12:0 a.m.685 views

Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution

''' Simple PoC for Joomla Object Injection. Gary @ Sec-1 ltd http://www.sec-1.com/ ''' import requests easyinstall requests def geturlurl, useragent: headers = 'User-Agent': useragent cookies = requests.geturl,headers=headers.cookies for in range3: response = requests.geturl,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/16 12:0 a.m.685 views

Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)

$Id: ms06067keyframe.rb 9842 2010-07-16 02:33:25Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

7.6CVSS7AI score0.78755EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/01/13 12:0 a.m.684 views

SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)

Exploit Title: SpotDialup 1.6.7 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotdialupsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/28 12:0 a.m.684 views

LibreNMS 1.46 - 'addhost' Remote Code Execution

!/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP 7.2.10 ''' import requests from urllib import...

10CVSS9.8AI score0.71487EPSS
Exploits9
Exploit DB
Exploit DB
added 2015/04/13 12:0 a.m.684 views

ProFTPd 1.3.5 - File Copy

Description TJ Saunders 2015-04-07 16:35:03 UTC Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients: --------------------------------- Trying...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/10 12:0 a.m.683 views

Tiandy IPC and NVR 9.12.7 - Credential Disclosure

Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.682 views

GoAhead 2.5.0 - Host Header Injection

Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Discovered Date: 05/07/2019 Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.681 views

AdminLTE PiHole 5.18 - Broken Access Control

Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...

5.3CVSS5.5AI score0.40162EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/09 12:0 a.m.680 views

Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting

Exploit Title: Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting Exploit Author: Ataberk YAVUZER CVE: CVE-2019-19493 Type: Webapps Vendor Homepage: https://www.kentico.com/ Version: 9.0-12.0.49 Date: 29-11-2019 CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2019-19493 Details Persisten...

5.4CVSS5.5AI score0.02023EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.679 views

rpc.py 0.6.0 - Remote Code Execution (RCE)

Exploit Title: rpc.py 0.6.0 - Remote Code Execution RCE Google Dork: N/A Date: 2022-07-12 Exploit Author: Elias Hohl Vendor Homepage: https://github.com/abersheeran Software Link: https://github.com/abersheeran/rpc.py Version: v0.4.2 - v0.6.0 Tested on: Debian 11, Ubuntu 20.04 CVE : CVE-2022-3541...

9.8CVSS9.6AI score0.45862EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/06/02 12:0 a.m.679 views

Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

9.8CVSS9.3AI score0.9967EPSS
Exploits10
Exploit DB
Exploit DB
added 2021/11/26 12:0 a.m.678 views

Bagisto 1.3.3 - Client-Side Template Injection

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Date: 11-25-2021 Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an accoun...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/23 12:0 a.m.678 views

Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)

Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2020-11-22 Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe Tested Version: 2.3.0 Vulnerability Type: Local Buffer Overflo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.678 views

PESCMS TEAM 2.3.2 - Multiple Reflected XSS

Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.pescms.com/ Software Link: https://github.com/lazyphp/PESCMS-TEAM Version: PESCMS Team 2.3.2 CVE: CVE-2020-28092 PESCMS Team 2.3.2 has multiple reflected XSS via the id...

6.1CVSS6.3AI score0.02197EPSS
Exploits3
Exploit DB
Exploit DB
added 2015/07/28 12:0 a.m.678 views

Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation

Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation Date: 07-23-2015 Exploit Author: Daniel Svartman Version: Sudo ALL=root NOPASSWD: sudoedit /home///test.txt Then, logged as that user, create a subdirectory within its home folder e.g. /home//newdir and later create a...

7.2CVSS7.5AI score0.01458EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/04/26 12:0 a.m.677 views

Gitlab 14.9 - Authentication Bypass

Exploit Title: Gitlab 14.9 - Authentication Bypass Date: 12/04/2022 Exploit Authors: Greenwolf Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 Tested on:...

9.8CVSS9.8AI score0.76177EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/04/08 12:0 a.m.677 views

Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution

Exploit Title: Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution Date: 06/04/2020 Exploit Author: Google Security Research Andy Nguyen Tested on: 5.4.0-48-generic 52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x8664 x8664 x8664 GNU/Linux CVE : CVE-2020-12351, CVE-2020-1235...

8.8CVSS7.6AI score0.07693EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.677 views

EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path

Exploit Title: EPSON Status Monitor 3 'EPSONPMRPCV406' - Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-27-11 Vendor : SEIKO EPSON Corp Version : EPSONPMRPCV406 8.0 Vendor Homepage : https://epson.com Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.677 views

Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path

Exploit Title: Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/ProgramAccessController.exe Version: 1.2.0.0 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.677 views

Gym Management System 1.0 - Authentication Bypass

Exploit Title: Gym Management System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/30 12:0 a.m.675 views

Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Exploit Title: Intelbras Router RF 301K 1.1.2 - Authentication Bypass Date: 27/11/2020 Exploit Author: Kaio Amaral Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://backend.intelbras.com/sites/default/files/2020-10/RF301Kv1.1.2.zip Version: firmware version 1.1.2 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/15 12:0 a.m.675 views

SOS JobScheduler 1.13.3 - Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

7.5CVSS7.4AI score0.07842EPSS
Exploits6
Exploit DB
Exploit DB
added 2011/09/05 12:0 a.m.675 views

Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation

/ half-nelson.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848 Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local...

6.9CVSS7.1AI score0.01542EPSS
Exploits13
Exploit DB
Exploit DB
added 2011/06/17 12:0 a.m.675 views

WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)

Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql fully featured auction script. Perfec...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/03 12:0 a.m.674 views

Multi Restaurant Table Reservation System 1.0 - 'table_id' Unauthenticated SQL Injection

Title: Multi Restaurant Table Reservation System 1.0 - 'tableid' Unauthenticated SQL Injection Exploit Author: yunaranyancat Date: 02-11-2020 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/06/22 12:0 a.m.674 views

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-0189 To run 1. Download support/.dll or compile .cpp for yourself and exploit/.html...

7.6CVSS7.9AI score0.93165EPSS
Exploits10
Exploit DB
Exploit DB
added 2011/02/24 12:0 a.m.674 views

Logwatch Log File - Special Characters Privilege Escalation

source: https://www.securityfocus.com/bid/46554/info Logwatch is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers. Failed...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/13 12:0 a.m.673 views

DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path

Exploit Title: DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path Discovery by: Teresa Q Discovery Date: 2020-11-11 Vendor:DigitalPersona U. are U. One Touch Version: 5.1.0.656 Vulnerability Type: Unquoted Service Path Vendor Homepage : https://www.hidglobal.com/crossmatch Tested on OS:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.673 views

Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/14 12:0 a.m.673 views

Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution

Exploit Title: Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution Google Dork: Not applicable Date: 2020-05-13 Exploit Author: Seecko Das Vendor Homepage: https://www.crtindia.com/ Version: V3.3.0-190627 Tested on: Windows 10/Linux Kali CVE: N/A Exploit : curl -L -d...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/08 12:0 a.m.673 views

Android Janus - APK Signature Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...

7.8CVSS7.8AI score0.20089EPSS
Exploits9
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.672 views

Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting

Exploit Title: Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: = 2.251 and = LTS 2.235.3 Tested on: any CVE : CVE-2020-2229 References:...

5.4CVSS5.8AI score0.06765EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/07/01 12:0 a.m.670 views

Wordpress Plugin XCloner 4.2.12 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin XCloner 4.2.12 - Remote Code Execution Authenticated Date 30.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.xcloner.com/ Software Link: https://downloads.wordpress.org/plugin/xcloner-backup-and-restore.4.2.12.zip Version: 4.2.1 - 4.2.12...

9.9CVSS9AI score0.24937EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/09/03 12:0 a.m.670 views

Daily Tracker System 1.0 - Authentication Bypass

Exploit Title: Daily Tracker System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku CVE ID: CVE-2020-24193 Date: September 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

9.8CVSS9.7AI score0.02612EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/09/03 12:0 a.m.669 views

BarracudaDrive v6.5 - Insecure Folder Permissions

Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec CVE ID: N/A Date: 2020-09-01 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/22 12:0 a.m.669 views

WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection

Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Date: 2020-06-17 Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Software Link:...

9.8CVSS7.9AI score0.05901EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/01/12 12:0 a.m.668 views

Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Gila CMS 2.0.0 - Remote Code Execution Unauthenticated Date: 1.12.2021 Exploit Author: Enesdex Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/releases/tag/2.0.0 Version: x " requests.geturl, headers=headers, cookies=cookies time.sleep5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/06 12:0 a.m.668 views

Karel IP Phone IP1211 Web Management Panel - Directory Traversal

Exploit Title: Karel IP Phone IP1211 Web Management Panel - Directory Traversal Exploit Author: Berat Gokberk ISLER Date: 2020-09-01 CVE: N/A Type: Webapps Vendor Homepage: https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon Version: IP1211 Details Directory traversal vulnerability on the Karel...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.666 views

Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection

Exploit Title: Courier Management System 1.0 - 'MULTIPART street ' SQL Injection Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/15 12:0 a.m.665 views

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (1)

...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.664 views

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

Exploit Title: Fortinet FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...

9.8CVSS9.9AI score0.99999EPSS
Exploits22
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.662 views

CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting

Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/24 12:0 a.m.661 views

VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution RCE Unauthenticated Date: 06/21/2021 Exploit Author: CHackA0101 Vendor Homepage: https://kb.vmware.com/s/article/82374 Software Link: https://www.vmware.com/products/vcenter-server.html Version: This affects VMware...

10CVSS9.8AI score0.9957EPSS
Exploits47
Exploit DB
Exploit DB
added 2020/07/29 12:0 a.m.661 views

Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion

Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.htmlmodels Version: Cisco...

9.1CVSS7.9AI score0.96595EPSS
Exploits4
Total number of security vulnerabilities5000