Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
•added 2019/02/20 12:0 a.m.•536 views

Belkin Wemo UPnP - Remote Code Execution (Metasploit)

V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•536 views

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)

Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/05/22 12:0 a.m.•536 views

Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET chocoboroot Privilege Escalation', 'Description' = %q This module exploits a race condition and use-after-free in the packetsetring...

7.8CVSS8.3AI score0.11127EPSS
Exploits16
Exploit DB
Exploit DB
•added 2020/11/04 12:0 a.m.•535 views

Processwire CMS 2.4.0 - 'download' Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/05/29 12:0 a.m.•535 views

WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)

Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Google Dork: N/A Date: 2020-05-21 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://www.bdtask.com/ Software Link: https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.zip Category: Web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/03/09 12:0 a.m.•535 views

PHP-FPM - Underflow Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP-FPM Underflow RCE', 'Description' = %q This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and...

9.8CVSS7.4AI score0.9947EPSS
Exploits55
Exploit DB
Exploit DB
•added 2025/06/15 12:0 a.m.•534 views

Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Windows 11 SMB Client - Privilege Escalation & Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-13 Tested on: Windows 11 version 22H2, Windows Server 2022, Kali Linux...

8.8CVSS8.8AI score0.64987EPSS
Exploits7
Exploit DB
Exploit DB
•added 2020/10/27 12:0 a.m.•534 views

Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated)

Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Authenticated Date: 26/10/2020 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sentrifugo.com/ POC Link: https://www.exploit-db.com/exploits/47323 Version: 3.2 Tested on: Linux and Windows CVE : CVE-2019-15813 Contact...

8.8CVSS8.8AI score0.33236EPSS
Exploits7
Exploit DB
Exploit DB
•added 2013/08/22 12:0 a.m.•534 views

Ovidentia 7.9.4 - Multiple Vulnerabilities

Ovidentia 7.9.4 Multiple Remote Vulnerabilities Vendor: Cantico Product web page: http://www.ovidentia.org Affected version: 7.9.4 Summary: Ovidentia is both a content management system CMS and a collaborative environment Groupware. Desc: Input passed via several parameters is not properly...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2023/09/04 12:0 a.m.•533 views

Hyip Rio 2.1 - Arbitrary File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Version: 2.1 Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE:...

5.4CVSS5.6AI score0.01131EPSS
Exploits4
Exploit DB
Exploit DB
•added 2020/09/03 12:0 a.m.•533 views

SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)

Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/15 12:0 a.m.•533 views

Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path

Exploit Title: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path Date: 2019-11-14 Exploit Author: D.Goedecke Vendor Homepage: www.shrew.net Software Link: https://www.shrew.net/download/vpn/vpn-client-2.2.2-release.exe Version: 2.2.2 Tested on: Windows 10 64bit C:\Users\userwmic service...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•533 views

College Notes Management System 1.0 - 'user' SQL Injection

Exploit Title: College Notes Management System 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://anirbandutta.ml/ Software Link: https://sourceforge.net/projects/college-notes-management/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/10/23 12:0 a.m.•532 views

Ajenti 2.1.36 - Remote Code Execution (Authenticated)

!/usr/bin/python3 import requests import sys import warnings from bs4 import BeautifulSoup import json warnings.filterwarnings"ignore", category=UserWarning, module='bs4' if lensys.argv 6: print"Usage: ./exploit.py https://url username password listenerIP listenerPort" exit url = sys.argv1 userna...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/06/23 12:0 a.m.•532 views

Lansweeper 7.2 - Incorrect Access Control

Exploit Title: Lansweeper 7.2 - Incorrect Access Control SHODAN DORK : title:"Lansweeper - Login" Date: 2020-06-14 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.lansweeper.com/ Software Link: https://www.lansweeper.com Version: 6.0.x through 7.2.x Tested on: Windows CVE :...

9.8CVSS9.7AI score0.29467EPSS
Exploits4
Exploit DB
Exploit DB
•added 2020/05/20 12:0 a.m.•532 views

CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution

Exploit Title: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Date: 2020-05-18 Exploit Author: Wade Guest Vendor Homepage: https://craftcms.com/ Software Link: https://plugins.craftcms.com/vcard Vulnerability Details: https://gitlab.com/wguest/craftcms-vcard-exploit Version: 1.0.0 Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/02/10 12:0 a.m.•532 views

D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi', 'Description' = %q D-Link Devices Unauthenticated Remote Command Execution i...

10CVSS7.4AI score0.75105EPSS
Exploits6
Exploit DB
Exploit DB
•added 2018/10/12 12:0 a.m.•532 views

LUYA CMS 1.0.12 - Cross-Site Scripting

Exploit Title: LUYA CMS 1.0.12 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://luya.io/ Software Link : https://github.com/luyadev/luya/ Software : LUYA CMS Version : 1.0.12 Vulernability Type : Cross-site Scripting Vulenrability : Stored XSS CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2024/02/02 12:0 a.m.•531 views

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

9.8CVSS9.8AI score0.93546EPSS
Exploits25
Exploit DB
Exploit DB
•added 2020/12/09 12:0 a.m.•531 views

Task Management System 1.0 - 'id' SQL Injection

Exploit Title: Task Management System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/16 12:0 a.m.•531 views

Whatsapp 2.19.216 - Remote Code Execution

Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinf...

8.8CVSS8.9AI score0.44255EPSS
Exploits16
Exploit DB
Exploit DB
•added 2000/10/07 12:0 a.m.•531 views

Hassan Consulting Shopping Cart 1.18 - Directory Traversal

source: https://www.securityfocus.com/bid/1777/info The $page variable in Hassan Consulting Shopping Cart does not properly check for insecure relative paths such as the double dot "..". Therefore, requesting the following URL will display the specified file:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/04/05 12:0 a.m.•530 views

Mini Mouse 9.2.0 - Path Traversal

Exploit Title: Mini Mouse 9.2.0 - Path Traversal Author: gosh Date: 02-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi Version: 9.2.0 Tested on: Windows 10 Pro build 19042.662 POC GET /file=C:%5CWindows%5Cwin.ini HTTP/1.1 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/15 12:0 a.m.•530 views

Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)

Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...

7.5CVSS7.8AI score0.99992EPSS
Exploits24
Exploit DB
Exploit DB
•added 2010/06/08 12:0 a.m.•530 views

Joomla! 'com_easygb' Component - 'Itemid' Parameter Cross-Site Scripting Vulnerability

Joomla! 'comeasygb' Component 'Itemid' Parameter Cross Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40860/info The 'comeasygb' component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitiz...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2022/07/21 12:0 a.m.•529 views

CodoForum v5.1 - Remote Code Execution (RCE)

Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Date: 06/07/2022 Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04...

7.2CVSS7AI score0.32233EPSS
Exploits4
Exploit DB
Exploit DB
•added 2021/02/25 12:0 a.m.•529 views

Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)

Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Date: 2021-02-25 Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/02 12:0 a.m.•529 views

WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu...

9.8CVSS9.7AI score0.45221EPSS
Exploits2
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•529 views

Academic Timetable Final Build 7.0 - Information Disclosure

\n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin 2 = ADMIN 3 = 4AC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/05/18 12:0 a.m.•528 views

Microsoft Exchange 2019 - Unauthenticated Email Download

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Date: 03-11-2021 Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and...

9.8CVSS10AI score0.99999EPSS
Exploits63
Exploit DB
Exploit DB
•added 2019/10/08 12:0 a.m.•528 views

Zabbix 4.4 - Authentication Bypass

Exploit Title: Zabbix 4.4 - Authentication Bypass Date: 2019-10-06 Exploit Author: Todor Donev Software Link: https://www.zabbix.com/download Version: Zabbix 4.4 Tested on: Linux Apache/2 PHP/7.2 Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/07 12:0 a.m.•528 views

Zabbix 4.2 - Authentication Bypass

Exploit Title: Zabbix 4.2 - Authentication Bypass Date: 2019-10-06 Exploit Author: Milad Khoshdel Software Link: https://www.zabbix.com/download Version: Zabbix 2.x , 3.x , 4.x Tested on latest version Zabbix 4.2 Tested on: Linux Apache/2 PHP/7.2 Google Dork: inurl:zabbix/zabbix.php =========...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/16 12:0 a.m.•528 views

MV Video Sharing Software 1.2 - 'searchname' SQL Injection

Exploit Title: MV Video Sharing Software 1.2 - 'searchname' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: https://melerovideo.com/software/ Software Link: https://sourceforge.net/projects/mvvideosharingsoftware/ Version: 1.2 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/15 12:0 a.m.•528 views

KORA 2.7.0 - 'cid' SQL Injection

Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/10/12 12:0 a.m.•528 views

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2025/10/31 12:0 a.m.•527 views

Flowise 3.0.4 - Remote Code Execution (RCE)

Exploit Title: Flowise 3.0.4 - Remote Code Execution RCE Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-59528 from requests import post, session from argpars...

10CVSS7AI score0.90183EPSS
Exploits21
Exploit DB
Exploit DB
•added 2021/06/21 12:0 a.m.•527 views

Websvn 2.6.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...

10CVSS9.8AI score0.86716EPSS
Exploits9
Exploit DB
Exploit DB
•added 2021/06/11 12:0 a.m.•527 views

Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)

Exploit Title: Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting XSS Exploit Author: Abdulazeez Alaseeri Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Tested on: JBoss server/windows Type: Web App Date: 06/07/2021 CVE: CVE-2021-33904...

6.1CVSS6.3AI score0.10053EPSS
Exploits5
Exploit DB
Exploit DB
•added 2019/10/10 12:0 a.m.•527 views

TP-Link TL-WR1043ND 2 - Authentication Bypass

Exploit Title: TP-Link TL-WR1043ND 2 - Authentication Bypass Date: 2019-06-20 Exploit Author: Uriel Kosayev Vendor Homepage: https://www.tp-link.com Version: TL-WR1043ND V2 Tested on: TL-WR1043ND V2 CVE : CVE-2019-6971 CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-6971 import requests ascii...

10CVSS9.8AI score0.13711EPSS
Exploits5
Exploit DB
Exploit DB
•added 2019/06/21 12:0 a.m.•527 views

EA Origin < 10.5.38 - Remote Code Execution

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

8.8CVSS8.2AI score0.13274EPSS
Exploits5
Exploit DB
Exploit DB
•added 2005/05/05 12:0 a.m.•526 views

MidiCart PHP - 'Item_List.php?MainGroup' SQL Injection

source: https://www.securityfocus.com/bid/13513/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/08/31 12:0 a.m.•525 views

WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)

Exploit Title: WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation Unauthenticated Date: 23-08-2021 Exploit Author: Numan Rajkotiya Vendor Homepage: https://profilepress.net/ Software Link: https://downloads.wordpress.org/plugin/wp-user-avatar.3.0.zip Version: 1 ProfilePress Formerly WP Us...

9.8CVSS9.5AI score0.68862EPSS
Exploits8
Exploit DB
Exploit DB
•added 2021/07/02 12:0 a.m.•525 views

Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...

7.2CVSS7.4AI score0.88158EPSS
Exploits9
Exploit DB
Exploit DB
•added 2021/03/25 12:0 a.m.•525 views

Ovidentia 6 - 'id' SQL injection (Authenticated)

Exploit Title: Ovidentia 6 - 'id' SQL injection Authenticated Exploit Author: Felipe Prates Donato m4ud Vendor Homepage: http://www.ovidentia.org Version: 6 DORK : "Powered by Ovidentia" http://Site/ovidentia/index.php?tg=delegat&idx=mem&id=1 UNION Select select...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/06/08 12:0 a.m.•525 views

Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection

Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Date: 2020-06-07 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable parameter -------------------...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/02/10 12:0 a.m.•525 views

OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution', 'Description' = %q This module exploits a command injection in the MAIL FROM field during SMTP...

10CVSS7.4AI score0.98946EPSS
Exploits27
Exploit DB
Exploit DB
•added 2018/10/16 12:0 a.m.•525 views

GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection

Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://tradesouthwest.com Software Link: https://sourceforge.net/projects/giugalleryimageupload/ Version: 0.3.1 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2013/10/08 12:0 a.m.•525 views

davfs2 1.4.6/1.4.7 - Local Privilege Escalation

davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723034. Basically the program "mount.davfs"...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/05/25 12:0 a.m.•524 views

Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting

Exploit Title: Victor CMS 1.0 - 'adduser' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-23 Exploit Author: Nitya Nand Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Linux C...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/08/26 12:0 a.m.•524 views

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce" Vendor: WebToffee...

7.3CVSS7.4AI score0.05141EPSS
Exploits5
Total number of security vulnerabilities5000