Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
•added 2021/12/03 12:0 a.m.•523 views

WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)

Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read Unauthenticated Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/ Date: 2/12/2021 Exploit Author: Uriel Yochpaz Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Software Link: Version: 1.10, 1.20, 1.30...

7.5CVSS7.7AI score0.66543EPSS
Exploits5
Exploit DB
Exploit DB
•added 2021/10/28 12:0 a.m.•523 views

WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting XSS Date: 10/27/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://supsystic.com/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.18...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/01 12:0 a.m.•523 views

Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/08/26 12:0 a.m.•523 views

Ericom Access Server x64 9.2.0 - Server-Side Request Forgery

Exploit Title: Ericom Access Server x64 9.2.0 - Server-Side Request Forgery Date: 2020-08-22 Exploit Author: hyp3rlinx Vendor Homepage: www.ericom.com Version: Ericom Access Server x64 for AccessNow & Ericom Blaze v9.2.0 CVE: CVE-2020-24548 + Credits: John Page aka hyp3rlinx + Website:...

5.3CVSS5.4AI score0.01689EPSS
Exploits4
Exploit DB
Exploit DB
•added 2019/06/26 12:0 a.m.•523 views

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Nagios XI Magpiedebug.php Root Remote Code Execution", 'Description' = %q This module exploits two vulnerabilities in Nagios XI 5.5.6:...

9.8CVSS9.8AI score0.89362EPSS
Exploits9
Exploit DB
Exploit DB
•added 2021/08/26 12:0 a.m.•522 views

ProcessMaker 3.5.4 - Local File inclusion

Exploit Title: ProcessMaker 3.5.4 - Local File inclusion Exploit Author: Ai Ho @j3ssiejjj Date: 16-04-2021 Vendor Homepage: https://www.processmaker.com/ Version: ProcessMaker = 3.5.4 References: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/process-maker-lfi.yaml PoC: Wi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/01/04 12:0 a.m.•522 views

Advanced Comment System 1.0 - 'ACS_path' Path Traversal

Exploit Title: Advanced Comment System 1.0 - 'ACSpath' Path Traversal Date: Fri, 11 Dec 2020 Exploit Author: Francisco Javier Santiago Vázquez aka "n0ipr0cs" Vendor Homepage: Advanced Comment System - ACS Version: v1.0 CVE: CVE-2020-35598...

7.5CVSS7.6AI score0.21EPSS
Exploits2
Exploit DB
Exploit DB
•added 2020/12/01 12:0 a.m.•522 views

LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting

Exploit Title: LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting Date: 19-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://lepton-cms.org/ Software Link: https://lepton-cms.org/english/download/archive.php Version: 4.7.0 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29240 Stor...

4.8CVSS5.2AI score0.01673EPSS
Exploits2
Exploit DB
Exploit DB
•added 2020/09/09 12:0 a.m.•522 views

Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)

Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery change admin password Google Dork: inurl:scopia+index.jsp Date: 2020-09-09 Exploit Author: v1n1v131r4 Vendor Homepage: https://avaya.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/06/12 12:0 a.m.•521 views

SmarterMail 16 - Arbitrary File Upload

Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Date: 2020-06-10 Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows CVE : N/A !/usr/bin/python3 import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/12/10 12:0 a.m.•520 views

OpenCATS 0.9.4 - Remote Code Execution (RCE)

Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Date: 21/09/2021 Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/29 12:0 a.m.•520 views

orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/07/07 12:0 a.m.•520 views

Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection Date: 2021-07-07 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/05/25 12:0 a.m.•520 views

Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule \d+&minor=?\d+&build=?\d+ &junior=\d+&unique=synology\w+?^&+/x.freeze def initializeinfo = super updateinfo info, 'Name' = 'Synology DiskStation...

8.8CVSS7.4AI score0.72453EPSS
Exploits5
Exploit DB
Exploit DB
•added 2023/10/09 12:0 a.m.•519 views

Splunk 9.0.5 - admin account take over

!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...

8.8CVSS7AI score0.73537EPSS
Exploits7
Exploit DB
Exploit DB
•added 2021/04/06 12:0 a.m.•519 views

Google Chrome 81.0.4044 V8 - Remote Code Execution

Exploit Title: Google Chrome 81.0.4044 V8 - Remote Code Execution Exploit Author: r4j0x00 Version: 83.0.4103.106 Description: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE:...

8.8CVSS9.4AI score0.19419EPSS
Exploits6
Exploit DB
Exploit DB
•added 2019/07/26 12:0 a.m.•519 views

Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)

Exploit Title: Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution Authenticated Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81150/cbs-win.exe Version: 7.x 8.1.1.50 Tested on: Windows / Linux CVE :...

9CVSS9AI score0.75171EPSS
Exploits10
Exploit DB
Exploit DB
•added 2022/06/10 12:0 a.m.•519 views

Confluence Data Center 7.18.0 - Remote Code Execution (RCE)

Exploit Title: Confluence Data Center 7.18.0 - Remote Code Execution RCE Google Dork: N/A Date: 06/006/2022 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.4.17 versions before 7.18.1...

9.8CVSS10AI score0.99999EPSS
Exploits76
Exploit DB
Exploit DB
•added 2021/04/26 12:0 a.m.•517 views

OpenPLC 3 - Remote Code Execution (Authenticated)

Exploit Title: OpenPLC 3 - Remote Code Execution Authenticated Date: 25/04/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/03/02 12:0 a.m.•517 views

Zen Cart 1.5.7b - Remote Code Execution (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...

9CVSS7.4AI score0.16782EPSS
Exploits4
Exploit DB
Exploit DB
•added 2019/07/02 12:0 a.m.•517 views

Centreon 19.04 - Remote Code Execution

!/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link: https://download.centreon.com Version: v19.04 Tested on: CentOS 7.6 / PHP...

9CVSS9AI score0.32156EPSS
Exploits6
Exploit DB
Exploit DB
•added 2021/09/22 12:0 a.m.•516 views

TotalAV 5.15.69 - Unquoted Service Path

Exploit Title: TotalAV 5.15.69 - Unquoted Service Path Date: 22/09/2021 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.totalav.com Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe Version: 5.15.69...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/07/15 12:0 a.m.•516 views

Zyxel Armor X1 WAP6806 - Directory Traversal

Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal Date: 2020-06-19 Exploit Author: Rajivarnan R Vendor Homepage: https://www.zyxel.com/ Software http://www.zyxelguard.com/WAP6806.asp Version: V1.00ABAL.6C0 CVE: 2020-14461 Tested on: Linux Mint / Windows 10 Vulnerabilities Discovered Dat...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2025/05/09 12:0 a.m.•515 views

VirtualBox 7.0.16 - Privilege Escalation

Exploit Title: VirtualBox 7.0.16 - Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-21111 include include include include include include include inclu...

7.8CVSS7AI score0.0178EPSS
Exploits3
Exploit DB
Exploit DB
•added 2021/11/23 12:0 a.m.•515 views

Bus Pass Management System 1.0 - 'Search' SQL injection

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Date: 23-11-2021 Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/22 12:0 a.m.•515 views

Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)

Exploit Title: Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection Authenticated Date: 12-21-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/d08e60f13a858fbd22ce6b83fa8ca391c608ec5c Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/01 12:0 a.m.•515 views

Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path

Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.0.0.3 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Ho...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2017/12/26 12:0 a.m.•515 views

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "", ""+"".joinhtmlescapetable.getc, c for c in commandin+"" payload1 = " \...

7.5CVSS7.9AI score0.99993EPSS
Exploits45
Exploit DB
Exploit DB
•added 2008/10/15 12:0 a.m.•515 views

Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection

source: https://www.securityfocus.com/bid/31765/info Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks. OWA 6.5 SP 2 is vulnerable; other versions may also ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2016/05/04 12:0 a.m.•514 views

OpenSSL - Padding Oracle in AES-NI CBC MAC Check

Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39768.zip You can use TLS-Attacker to build a proof of concept and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/07 12:0 a.m.•513 views

vBulletin 5.6.3 - 'group' Cross Site Scripting

Exploit Title: vBulletin 5.6.3 - 'group' Cross Site Scripting Date: 05.09.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox & Opera Google Dorks: "Powered by vBulletin® Version 5.6.3" Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/11/03 12:0 a.m.•513 views

Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/10/23 12:0 a.m.•513 views

TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)

!/usr/bin/python3 Exploit Title: TextPattern = 4.8.3 - Authenticated Remote Code Execution via Unrestricted File Upload Google Dork: N/A Date: 16/10/2020 Exploit Author: Michele '0blio' Cisternino Vendor Homepage: https://textpattern.com/ Software Link: https://github.com/textpattern/textpattern...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/07/15 12:0 a.m.•513 views

SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)

Exploit Title: SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Date: 2020-07-15 Vendor Homepage: https://www.supermicro.com/ Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 CVE: CVE-2020-15046 Source:...

9.3CVSS8.8AI score0.02296EPSS
Exploits6
Exploit DB
Exploit DB
•added 2021/11/11 12:0 a.m.•512 views

AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerabilit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/09/21 12:0 a.m.•512 views

WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WebsiteBaker 2.13.0 - Remote Code Execution RCE Authenticated Date: 18-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://websitebaker.org/ Software Link: http://wiki.websitebaker.org/doku.php/en/downloads Version: 2.13.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/01/04 12:0 a.m.•512 views

Knockpy 4.1.1 - CSV Injection

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/02 12:0 a.m.•512 views

WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass

Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass Date: 18-11-2020 Exploit Author: Aakash Madaan Vendor Homepage: https://webdamn.com/ Software Link : https://webdamn.com/user-management-system-with-php-mysql/ Version: N/A Default Tested on: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2014/10/02 12:0 a.m.•512 views

Pure-FTPd - External Authentication Bash Environment Variable Code Injection (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Pure-FTPd External Authentication Bash Environment Variable Code Injection', 'Description' = %q This module exploits the code injecti...

10CVSS7.4AI score0.99999EPSS
Exploits132
Exploit DB
Exploit DB
•added 2021/03/19 12:0 a.m.•511 views

BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path

Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/03/04 12:0 a.m.•511 views

e107 CMS 2.3.0 - CSRF

Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...

8.8CVSS8.8AI score0.03207EPSS
Exploits3
Exploit DB
Exploit DB
•added 2020/12/24 12:0 a.m.•511 views

WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting

Exploit Title: WordPress Plugin WP-PostRatings 1.86 - 'postratingsimage' Cross-Site Scripting Date: 20-12-2018 Software Link: https://wordpress.org/plugins/wp-postratings/ Exploit Author: Park Won Seok Version: wp-postratings.1.86 Tested on: Windows 10 x64 description: A Stored Cross-site scripti...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/23 12:0 a.m.•510 views

FLEX 1085 Web 1.6.0 - HTML Injection

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Date: 2021-11-21 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2021/11/02 12:0 a.m.•510 views

Ericsson Network Location MPS GMPC21 - Remote Code Execution (RCE) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Restrictions Bypass RCE Meow Variant', 'Description' = %q This module exploits an arbitrary command execution...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2020/12/02 12:0 a.m.•510 views

PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS

Exploit Title: PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS Date: 2/12/2020 Exploit Author: Amin Rawah Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/prtg Version: 20.4.63.1412 x64 Tested on: Windows CVE : CVE-2020-14073 Description: Since there is...

5.4CVSS5.6AI score0.02857EPSS
Exploits3
Exploit DB
Exploit DB
•added 2020/07/16 12:0 a.m.•510 views

Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated)

Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/09/30 12:0 a.m.•510 views

vBulletin 5.x - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE exploit. This should work on all versions from 5.0.0...

9.8CVSS9.8AI score0.99728EPSS
Exploits27
Exploit DB
Exploit DB
•added 2019/04/05 12:0 a.m.•510 views

WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2015/02/08 12:0 a.m.•510 views

Achat 0.150 beta7 - Remote Buffer Overflow

!/usr/bin/python Author KAhara MAnhara Achat 0.150 beta7 - Buffer Overflow Tested on Windows 7 32bit import socket import sys, time msfvenom -a x86 --platform Windows -p windows/exec CMD=calc.exe -e x86/unicodemixed -b...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2024/06/01 12:0 a.m.•509 views

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse...

7.5CVSS7.1AI score0.02412EPSS
Exploits5
Total number of security vulnerabilities5000