Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•553 views

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/06/21 12:0 a.m.•552 views

Remote Mouse GUI 3.008 - Local Privilege Escalation

Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date: 17.06.2021 Version: Remote Mouse 3.008 Tested on: Windows 10 Pro Version 21H1 Reference: https://deathflash1411.github.io/blog/cve-2021-35448 CVE: CVE-2021-35448...

7.8CVSS7.8AI score0.01045EPSS
Exploits2
Exploit DB
Exploit DB
•added 2021/04/13 12:0 a.m.•552 views

Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)

Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/05/27 12:0 a.m.•552 views

Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/06/23 12:0 a.m.•551 views

WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection

Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2022/08/01 12:0 a.m.•550 views

WordPress Plugin Duplicator 1.4.7 - Information Disclosure

Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Google Dork: N/A Date: 07.27.2022 Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552...

5.3CVSS5.3AI score0.08415EPSS
Exploits5
Exploit DB
Exploit DB
•added 2021/06/17 12:0 a.m.•550 views

Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path

Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 06-16-2021 Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/10 12:0 a.m.•549 views

Library Management System 2.0 - Auth Bypass SQL Injection

Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/08/12 12:0 a.m.•548 views

Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)

Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Date: 2021-08-10 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server...

9.1CVSS8.6AI score0.66278EPSS
Exploits4
Exploit DB
Exploit DB
•added 2018/10/12 12:0 a.m.•548 views

HaPe PKH 1.1 - Arbitrary File Upload

Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/01/06 12:0 a.m.•547 views

Gitea 1.7.5 - Remote Code Execution

Exploit Title: Gitea 1.7.5 - Remote Code Execution Date: 2020-05-11 Exploit Author: 1F98D Original Author: LoRexxar Software Link: https://gitea.io/en-us/ Version: Gitea before 1.7.6 and 1.8.x before 1.8-RC3 Tested on: Debian 9.11 x64 CVE: CVE-2019-11229 References:...

8.8CVSS8.8AI score0.55578EPSS
Exploits3
Exploit DB
Exploit DB
•added 2019/09/02 12:0 a.m.•547 views

Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...

6.1CVSS6.5AI score0.03114EPSS
Exploits5
Exploit DB
Exploit DB
•added 2021/12/09 12:0 a.m.•546 views

Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Date 07.12.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...

7.2CVSS7.2AI score0.55729EPSS
Exploits6
Exploit DB
Exploit DB
•added 2019/02/27 12:0 a.m.•546 views

PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write

&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...

8.8CVSS9AI score0.64265EPSS
Exploits7
Exploit DB
Exploit DB
•added 2018/10/16 12:0 a.m.•546 views

Vishesh Auto Index 3.1 - 'fid' SQL Injection

Exploit Title: Vishesh Auto Index 3.1 - 'fid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.vishesh.cf/ Software Link: https://sourceforge.net/projects/vishesh-wap-auto-index/files/latest/download Version: 3.1 Category: Webapps Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/23 12:0 a.m.•545 views

GNU gdbserver 9.2 - Remote Command Execution (RCE)

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/05 12:0 a.m.•545 views

ImportExportTools NG 10.0.4 - HTML Injection

Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•545 views

AlchemyCMS 4.1 - Cross-Site Scripting

Exploit Title: AlchemyCMS 4.1 - Cross-Site Scripting Date: 2018-10-14 Exploit Author: Ismail Tasdelen Vendor Homepage: https://alchemy-cms.com/ Software Link : https://github.com/AlchemyCMS/alchemycms Software : AlchemyCMS Version : 4.1-stable Vulernability Type : Cross-site Scripting Vulenrabili...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/03/16 12:0 a.m.•545 views

Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation

/ Ubuntu 16.04.4 kernel priv esc all credits to @bleidl - vnik / // Tested on: // 4.4.0-116-generic 140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x8664 // if different kernel adjust CRED offset + check kernel stack size include include include include include include include include include include...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2010/10/20 12:0 a.m.•545 views

Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)

!/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor bundled in the aspx framework Encrypt data using Rizzo-Duong...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/11/13 12:0 a.m.•544 views

Touchbase.io 1.10 - Stored Cross Site Scripting

Exploit Title: Touchbase.io 1.10 - Stored Cross Site Scripting Date: 2020-11-11 Exploit Author: Simran Sankhala Vendor Homepage: https://touchbase.ai/ Software Link: https://touchbase.ai/ Version: 1.1.0 Tested on: Windows 10 Proof Of Concept: touchbase.ai application allows stored XSS, via the 'A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/09/16 12:0 a.m.•544 views

AppXSvc - Privilege Escalation

----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested...

7.8CVSS7.1AI score0.414EPSS
Exploits21
Exploit DB
Exploit DB
•added 2025/04/08 12:0 a.m.•543 views

jQuery 3.3.1 - Prototype Pollution & XSS Exploit

Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...

6.1CVSS7.4AI score0.87218EPSS
Exploits5
Exploit DB
Exploit DB
•added 2022/06/27 12:0 a.m.•543 views

WordPress Plugin Weblizar 8.9 - Backdoor

Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/07/15 12:0 a.m.•543 views

Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation

/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...

8.3CVSS8.3AI score0.78684EPSS
Exploits21
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•543 views

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/02 12:0 a.m.•542 views

Expense Management System - 'description' Stored Cross Site Scripting

Exploit Title: Expense Management System - 'description' Stored Cross Site Scripting Date: 02/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/expense-management-system/ Tested On: Ubuntu Vunerable Parameter: "description="...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/08/28 12:0 a.m.•542 views

Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation Date: 2020-08-28 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: 3.8.0 Tested on: Windows CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/16 12:0 a.m.•542 views

Navigate CMS 2.8.5 - Arbitrary File Download

Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link: http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip Version: 2.8.5 Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/16 12:0 a.m.•542 views

Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection

Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: 2.3 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2023/05/05 12:0 a.m.•541 views

pluck v4.7.18 - Stored Cross-Site Scripting (XSS)

Exploit Title: pluck v4.7.18 - Stored Cross-Site Scripting XSS Application: pluck Version: 4.7.18 Bugs: XSS Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 01-05-2023 Author: Mirabbas AÄŸalarov Tested on: Linux 2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/23 12:0 a.m.•541 views

IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path

Title: IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-22 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.1.0.8 Tested on: Windows 10 64bitEN CVE : N/A 1. Description: Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•541 views

Snes9K 0.0.9z - Buffer Overflow (SEH)

Exploit Title: Snes9K 0.0.9z - Buffer Overflow SEH Date: 2018-10-13 Exploit Author: Abdullah Alıç Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on: Windows XP Professional sp3ENG...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/08 12:0 a.m.•540 views

zlog 1.2.15 - Buffer Overflow

Exploit Title: zlog 1.2.15 - Buffer Overflow Date: 10/23/2021 Exploit Author: LIWEI Vendor Homepage: https://github.com/HardySimpson/zlog Software Link: https://github.com/HardySimpson/zlog Version: v1.2.15 Tested on: ubuntu 18.04.2 1.- compile the zlogv1.2.15 code to a library. 2.- Use the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/06/10 12:0 a.m.•540 views

memono Notepad Version 4.2 - Denial of Service (PoC)

Exploit Title: memono Notepad Version 4.2 - Denial of Service PoC Date: 06-09-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/es/app/memono-bloc-de-notas/id906470619 Version: 4.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/16 12:0 a.m.•540 views

HotelDruid 2.2.4 - 'anno' SQL Injection

Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/12 12:0 a.m.•540 views

CAMALEON CMS 2.4 - Cross-Site Scripting

Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability Type : Cross-site Scripting...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2012/01/18 12:0 a.m.•540 views

DZCP (deV!L`z Clanportal) Gamebase Addon - SQL Injection

======================================================================================== | Title : deV!Lz Clanportal Gamebase Addon SQL Injection Vulnerability | Author Easy Laster | Download : http://www.modsbar.de/Addons/464/gamebase-addon/ | Script : deV!Lz Clanportal Gamebase Addon | Price :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/08/17 12:0 a.m.•539 views

Microsoft SharePoint Server 2019 - Remote Code Execution

Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...

7.8CVSS8AI score0.94243EPSS
Exploits10
Exploit DB
Exploit DB
•added 2021/11/12 12:0 a.m.•538 views

Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)

Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-12 Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/09/22 12:0 a.m.•538 views

Simple Attendance System 1.0 - Unauthenticated Blind SQLi

Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Date: September 21, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2022/01/05 12:0 a.m.•537 views

Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Gerapy 0.9.7 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/Gerapy/Gerapy Version: All versions of Gerapy prior to 0.9.8 CVE: CVE-2021-43857 Tested on: Gerapy 0.9.6 Vulnerability: Gerapy prior to versio...

9.8CVSS8.7AI score0.55331EPSS
Exploits7
Exploit DB
Exploit DB
•added 2021/03/30 12:0 a.m.•537 views

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...

6.1CVSS6.3AI score0.10459EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/10/12 12:0 a.m.•537 views

SugarCRM 6.5.26 - Cross-Site Scripting

Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version: 6.5.26 Tested on: Ubuntu 16.04 CVE :...

6.1CVSS6.5AI score0.04353EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/10/12 12:0 a.m.•537 views

HaPe PKH 1.1 - 'id' SQL Injection

Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2003/02/19 12:0 a.m.•537 views

cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)

source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/08 12:0 a.m.•536 views

Froxlor 0.10.29.1 - SQL Injection (Authenticated)

Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...

9.8CVSS9.6AI score0.11812EPSS
Exploits4
Exploit DB
Exploit DB
•added 2021/04/21 12:0 a.m.•536 views

Hasura GraphQL 1.3.3 - Denial of Service

Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/14 12:0 a.m.•536 views

Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)

Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery Change password Date: 2020-12-14 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 Tested on: Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/11/11 12:0 a.m.•536 views

Customer Support System 1.0 - Cross-Site Request Forgery

Exploit Title: Customer Support System 1.0 - Cross-Site Request Forgery Admin Account Takeover Date: 2020-11-11 Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Total number of security vulnerabilities5000