Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.583 views

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution

Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...

8.1CVSS8.4AI score0.99461EPSS
Exploits23
Exploit DB
Exploit DB
added 2024/02/27 12:0 a.m.582 views

SuperStoreFinder - Multiple Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/15 12:0 a.m.582 views

i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)

Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...

6.1CVSS6.3AI score0.09912EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.582 views

Courier Management System 1.0 - 'First Name' Stored XSS

Exploit Title: Courier Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/24 12:0 a.m.581 views

GitLab 11.4.7 - RCE (Authenticated) (2)

Exploit Title: GitLab 11.4.7 RCE POC Date: 24th December 2020 Exploit Author: Norbert Hofmann Exploit Modifications: Sam Redmond, Tam Lai Yin Original Author: Mohin Paramasivam Software Link: https://gitlab.com/ Environment: GitLab 11.4.7, community edition CVE: CVE-2018-19571 + CVE-2018-19585...

7.7CVSS7.5AI score0.2819EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.581 views

Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure

Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure Date: 20.09.2020 Exploit Author: LiquidWorm Vendor Homepage: https://pro-bravia.sony.net Version: 1.7.8 Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure Vendor: Sony Electronics Inc. Product we...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/10 12:0 a.m.580 views

Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)

Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Date: 10.11.2021 Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/19 12:0 a.m.581 views

WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)

Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login wi...

8.8CVSS8.8AI score0.49231EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.580 views

Bludit 3.9.2 - Auth Bruteforce Bypass

!/usr/bin/python3 Exploit Title: Bludit = 3.9.2 - Bruteforce Mitigation Bypass Author: ColdFusionX Mayank Deshmukh Author website: https://coldfusionx.github.io Date: 2020-10-19 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: ...

9.8CVSS6.8AI score0.39598EPSS
Exploits9
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.579 views

Rukovoditel 2.6.1 - RCE (1)

Exploit Title: Rukovoditel 2.6.1 - RCE Date: 2020-06-11 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c1010 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 CVE: CVE-2020-11819 set -e function usage echo...

9.8CVSS9.7AI score0.26778EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.579 views

Client Management System 1.0 - 'searchdata' SQL injection

Exploit Title: Client Management System 1.0 - 'searchdata' SQL injection Date: 26/10/2020 Exploit Author: Serkan Sancar Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841 Version: 1.0 Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.579 views

Gym Management System 1.0 - 'id' SQL Injection

Exploit Title: Gym Management System 1.0 - 'id' SQL Injection Date: 22/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/01/11 12:0 a.m.579 views

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/08 12:0 a.m.578 views

Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)

/ Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...

7.8CVSS8AI score0.80968EPSS
Exploits24
Exploit DB
Exploit DB
added 2021/10/07 12:0 a.m.577 views

Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.577 views

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/14 12:0 a.m.576 views

Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...

8.8CVSS8.9AI score0.1349EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/01 12:0 a.m.576 views

ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)

Exploit Title: ScadaBR 1.0 - Arbitrary File Upload Authenticated 2 Date: 04/21 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Debian9,10Ubuntu16.04 !/usr/bin/python import requests,sys,time if...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.576 views

WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting XSS Date: 14/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://ghozylab.com/plugins/ Software Link: https://demo.ghozylab.com/plugins/easy-contact-form-plugin/ Version: 1.1.7 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/21 12:0 a.m.576 views

Spiceworks 7.5 - HTTP Header Injection

Exploit Title: Spiceworks 7.5 - HTTP Header Injection Google Dork: inurl:/prousers/login Discovered Date: 15/09/2020 Exploit Author: Ramikan Vendor Homepage: https://www.spiceworks.com Affected Version: 7.5.7.0 may be others. Tested On Version: 7.5.7.0 CVE : CVE-2020-25901 Vulnerability: Host...

6.1CVSS6.4AI score0.0508EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.576 views

Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in

Exploit Title: Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in Date: 8th October 2020 Exploit Author: dmw0ng Vendor Homepage: https://www.jenkins.io Software Link: http://archives.jenkins-ci.org/windows/jenkins-2.63.zip Version: Jenkins 2.63 Tested on: Ubuntu 18.04 / 20.04 CVE :...

9.9CVSS9.6AI score0.75594EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.576 views

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3, Hardware: Flir Systems...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/08/01 12:0 a.m.575 views

Wavlink WN530HG4 - Password Disclosure

Exploit Title: Wavlink WN530HG4 - Password Disclosure Date: 2022-06-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: M30HG4.V5030.191116 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34047 Tested on: Windows Exploit...

7.5CVSS7.6AI score0.17444EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.575 views

Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)

Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/19 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/22 12:0 a.m.574 views

NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)

Exploit Title: NetPCLinker 1.0.0.0 - Buffer Overflow SEH Egghunter Date: 2019-06-28 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/netpclinker/ Software Link: https://sourceforge.net/projects/netpclinker/files/ Version: 1.0.0.0 Tested on: Windows Vista SP1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/01 12:0 a.m.574 views

VirtualTablet Server 3.0.2 - Denial of Service (PoC)

Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Date: 2020-04-29 Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol impo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/31 12:0 a.m.574 views

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning

Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...

8.1CVSS8.1AI score0.10274EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/02/09 12:0 a.m.573 views

Elasticsearch - StackOverflow DoS

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

7.5CVSS7AI score0.60679EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/16 12:0 a.m.573 views

CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/01 12:0 a.m.573 views

Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)

Exploit Title: Apache OFBiz 17.12.03 - Cross-Site Request Forgery Account Takeover Exploit Author: Faiz Ahmed Zaidi Vendor Homepage: https://ofbiz.apache.org/security.html Software Link: https://ofbiz.apache.org/download.htmlsecurity Version: Before 17.12.03 Tested on: Linux and Windows CVE :...

8.8CVSS8.7AI score0.32747EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/06/13 12:0 a.m.572 views

Roundcube 1.6.10 - Remote Code Execution (RCE)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization', 'Description' = %q Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allo...

9.9CVSS9.7AI score0.94741EPSS
Exploits29
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.572 views

WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)

Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution Authenticated Google Dork: inurl:/wp-content/plugins/wp-super-cache/ Date: 2021-03-13 Exploit Author: m0ze Version: Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.572 views

WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation

Exploit Title: Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Date: 2020-05-29 Exploit Author: Raphael Karger Software Link: https://codex.bbpress.org/releases/ Version: BBPress 2.5 CVE: CVE-2020-13693 import argparse import requests import bs4 import urllib3...

9.8CVSS7AI score0.43879EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/04/06 12:0 a.m.571 views

Mini Mouse 9.3.0 - Local File inclusion

Exploit Title: Mini Mouse 9.3.0 - Local File inclusion / Path Traversal Author: gosh Date: 05-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948 Version: 9.3.0 Tested on: iPhone; iOS 14.4.2 GET /op=getdeviceinfo HTTP/1.1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/16 12:0 a.m.571 views

Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)

Exploit Title: Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution File Upload + SQL injection Date: 15-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/21 12:0 a.m.571 views

Seowon SlC 130 Router - Remote Code Execution

Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkind=B05&middlekind=B0529 CVE:...

9.8CVSS9.6AI score0.71691EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/12/22 12:0 a.m.569 views

WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...

7.5CVSS7.6AI score0.19396EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/09/29 12:0 a.m.569 views

BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)

Title: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in PoC Date: 2020-09-29 Author: Christian Vierschilling Vendor Homepage: http://www.bearshareofficial.com/ Software Link: http://www.oldversion.com.de/windows/bearshare-lite-5-2-5 Versions: 5.1.0 - 5.2.5 Tested on: Windows 10 x64 EN/D...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/29 12:0 a.m.569 views

Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Date: 2020-06-22 Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson Varghese Behanan @JinsonCyberSec Author...

5.4CVSS5.5AI score0.03757EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/11/07 12:0 a.m.569 views

Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path

Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Date: 2019-11-06 Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/ Software Link: https://webcompanion.com/en/ Version: Adaware Web Companion version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/16 12:0 a.m.568 views

ServiceNow - Username Enumeration

Exploit Title: ServiceNow - Username Enumeration Google Dork: NA Date: 12 February 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...

5.3CVSS5.7AI score0.14316EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/26 12:0 a.m.568 views

Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Date: 24.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 '''...

7.2CVSS7.2AI score0.17984EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.568 views

GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)

Exploit Title: Gitlab 11.4.7 - Remote Code Execution Date: 14-12-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net, foxlox Vendor Homepage: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested On: Debian 10 +...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/09 12:0 a.m.568 views

VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation

Exploit Title: VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation Date: 2020-11-26 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - LoginAs Token...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.568 views

Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path

Exploit Title: Rumble Mail Server 0.51.3135 - 'rumblewin32.exe' Unquoted Service Path Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.567 views

TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)

Exploit Title: TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting Unauthenticated Date: 24-07-2020 Exploit Author: Smriti Gaba, Kaustubh Padwad Vendor Homepage: https://www.tp-link.com Version: Multiple ============================================================== Unauthenticated...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.567 views

Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

Exploit Title: Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/11 12:0 a.m.567 views

b2evolution 6.11.6 - 'redirect_to' Open Redirect

Exploit Title: b2evolution 6.11.6 - 'redirectto' Open Redirect Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...

6.1CVSS6.3AI score0.13817EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/06/22 12:0 a.m.567 views

Frigate 2.02 - Denial Of Service (PoC)

Exploit Title: Frigate 2.02 - Denial Of Service PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/Frigate2.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-22 Vulnerable Software: Frigate Version: 2.02 Vulnerability Type: Denial of...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.566 views

SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

9.8CVSS7.4AI score0.46021EPSS
Exploits5
Total number of security vulnerabilities5000