Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/09/08 12:0 a.m.498 views

ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path

Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path Discovery Date: 2020-09-08 Discovery by: Alan Lacerda alacerda Vendor Homepage: https://www.sharemouse.com/ Software Link: https://www.sharemouse.com/ShareMouseSetup.exe Version: 5.0.43 Tested on OS: Microsoft Windows 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/21 12:0 a.m.498 views

TestLink 1.9.19 - Persistent Cross-Site Scripting

Exploit Title: TestLink 1.9.19 - Persistent Cross-Site Scripting Date: 2019-11-20 Exploit Author: Milad Khoshdel Software Link: http://testlink.org/ Version: TestLink 1.9.19 Tested on: Linux Apache/2 PHP/7.3.11 ========= Vulnerable Pages: ========= Persistent --...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/10 12:0 a.m.498 views

Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: May, 9 2017 - 13:00PM Found this and more exploits on my open source security project: http://www.exploitpack.com MS17-010 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.497 views

OpenEMR 5.0.2.1 - Remote Code Execution

Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution Exploit Author: Hato0, BvThTrd Date: 2020-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Version: 5.0.2.1 without patches...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.497 views

PackageKit < 1.1.13 - File Existence Disclosure

Exploit Title: File Existence Disclosure in PackageKit " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.freedesktop.PackageKit", "/org/freedesktop/PackageKit" aptdbusinterface = dbus.Interfaceaptdbusobject, "org.freedesktop.PackageKit" trans = aptdbusinte...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/03 12:0 a.m.497 views

BloodX CMS 1.0 - Authentication Bypass

Exploit Title: BloodX CMS 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-09-02 Exploit Author: BKpatron Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A my website:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.497 views

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview 4 CVE:...

5.5CVSS5.4AI score0.23373EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/12/01 12:0 a.m.496 views

Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting

Exploit Title: Online Enrollment Management System in PHP and PayPal 1.0 - 'UNAME' Stored Cross-Site Scripting Date: 2021-08-31 Exploit Author: Tushar Jadhav Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

5.4CVSS5.6AI score0.01635EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/11/11 12:0 a.m.496 views

Customer Support System 1.0 - 'username' Authentication Bypass

Title: Customer Support System 1.0 - 'username' Authentication Bypass Date: 2020-11-11 Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/16 12:0 a.m.496 views

Apache Solr - Remote Code Execution via Velocity Template (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Apache Solr Remote Code Execution via Velocity Template', 'Description' = %q This module exploits a...

7.5CVSS7.4AI score0.98567EPSS
Exploits12
Exploit DB
Exploit DB
added 2019/10/30 12:0 a.m.496 views

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation

The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter = whatever: 42; function v2v5 const v10 = Object; if v5 const v1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.495 views

WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'menu' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux Contact: https://www.linkedin.com/in/hemantsolo/ CVE: CVE-2020-29469 Attac...

5.4CVSS5.6AI score0.01371EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/05/22 12:0 a.m.495 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link:...

7.8CVSS8AI score0.08607EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.494 views

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege

!/usr/bin/env python3 Exploit Title: Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Windows 11 Version 24H2 for x64-based Systems...

7.3CVSS7.9AI score0.03035EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.494 views

XCMS v1.83 - Remote Command Execution (RCE)

Exploit Title: XCMS v1.83 - Remote Command Execution RCE Author: Onurcan Email: [email protected] Site: ihteam.net Script Download : http://www.xcms.it Date: 26/12/2022 The xcms's footerthat is in "/dati/generali/footer.dtb" is included in each page of the xcms. Taking "home.php" for example...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/08/01 12:0 a.m.494 views

Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)

Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...

5CVSS6.5AI score0.74696EPSS
Exploits9
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.494 views

Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path

Exploit Title: Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/21 12:0 a.m.494 views

AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Discovered Date: 2020-05-21 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/17 12:0 a.m.494 views

Trend Micro Maximum Security 2019 - Arbitrary Code Execution

Exploit Title: Trend Micro Maximum Security 2019 - Arbitrary Code Execution Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15 Internet Security 2019 v15, Antivirus + Security 2019...

7.2CVSS6.6AI score0.00818EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/19 12:0 a.m.494 views

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution

Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description ============== BlogEngine.NET is vulnerable to an Directory Traversal on...

8.8CVSS8.7AI score0.07595EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/04/04 12:0 a.m.494 views

FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)

Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Date: 2019-04-03 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps Tested on: LAMPP for Linux Software Description :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/03/20 12:0 a.m.495 views

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)

Linux/x86 - execve/bin/sh Shellcode 18 bytes. Shellcode exploit for Linuxx86 platform / Linux/x86 - execve /bin/sh shellcode 18 bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 18 Disassembly of section .text: 08048060 : 8048060: 6a 0b push 0xb 8048062: 58 pop eax...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/26 12:0 a.m.493 views

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/IBMIACCESSCLIENTREMOTECREDENTIALTHEFTCVE-2024-22318.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.ibm.com Product IBM i Access Client Solutions Versions All...

5.5CVSS5.5AI score0.00573EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.493 views

Wondershare Dr.Fone 12.0.7 - Remote Code Execution (RCE)

Exploit Title: Wondershare Dr.Fone 12.0.7 - Remote Code Execution RCE Date: 4/27/2022 Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Windows 10 CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.493 views

SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow

Exploit Title: SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow Date: 03/27/2021 Author: Filipe Oliveira - filipecenturiaoathotmail.com Rafael Machado - nnszsatprotonmail.com Vendor: https://www.syncbreeze.com/ Software Link:...

7.8CVSS7.7AI score0.05507EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/12 12:0 a.m.493 views

Online Students Management System 1.0 - 'username' SQL Injections

Title: Online Students Management System 1.0 - 'username' SQL Injections Exploit Author: George Tsimpidas Date: 2020-10-09 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord0.zip Version : 1.0 Tested on: Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/10 12:0 a.m.493 views

10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)

Exploit Title: 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: 2020-07-07 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/12 12:0 a.m.493 views

FusionPBX 4.4.3 - Remote Command Execution

Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...

8.8CVSS6.6AI score0.8748EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/12/17 12:0 a.m.492 views

Customer Support System 1.0 - 'id' SQL Injection

Exploit Title: Customer Support System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.492 views

aSc TimeTables 2021.6.2 - Denial of Service (PoC)

Exploit Title: aSc TimeTables 2021.6.2 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2021.6.2 Tested on: Windows 10 Home x64 STEPS Open the program aS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/21 12:0 a.m.492 views

OpenEDX platform Ironwood 2.5 - Remote Code Execution

Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...

8.8CVSS9AI score0.10963EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/11/05 12:0 a.m.492 views

WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive

VULNERABILITY DETAILS bool JSObject::putInlineSlowExecState exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot ASSERT!isThisValueAlteredslot, this; VM& vm = exec-vm; auto scope = DECLARETHROWSCOPEvm; JSObject obj = this; for ;; unsigned attributes; PropertyOffset offset =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.492 views

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

9.8CVSS9.8AI score0.07079EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/05/02 12:0 a.m.491 views

MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control

Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Date: 2023-04-28 Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...

7.8CVSS7.9AI score0.02094EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/14 12:0 a.m.491 views

TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.491 views

OpenEMR 5.0.1.3 - Authentication Bypass

Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Date 15.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1...

9.1CVSS9.4AI score0.25935EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/07 12:0 a.m.491 views

Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path

Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Servic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.491 views

Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot

Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot Date: 10/28/2020 Exploit Author: Mohammed Farhan Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Author Contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/24 12:0 a.m.491 views

Real Web Pentesting Tutorial Step by Step - [Persian]

1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/12 12:0 a.m.491 views

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow

Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More Details:...

9.8CVSS9.8AI score0.7525EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/15 12:0 a.m.491 views

Linux/x86_64 - execve("/bin/sh") Shellcode (24 bytes)

Linux/x8664 - execve"/bin/sh" Shellcode 24 bytes. Shellcode exploit for Linx86-64 platform / ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 14/06/2017 ;Architecture: Linux x8664 ;Tested on : 1 SMP Debian 4.9.18-1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.490 views

Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Date: 28/04/2023 Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introducti...

9.1CVSS9.1AI score0.07048EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/02/13 12:0 a.m.490 views

snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)

!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.489 views

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)

Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation ElevationService Date: 4/27/2022 Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/16 12:0 a.m.489 views

ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.impresscms.org/ Software Link: https://www.impresscms.org/modules/downloads/ Version: 1.4.2 Category: Webapps Tested on: Linux/Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/14 12:0 a.m.489 views

NodeBB Forum 1.12.2-1.14.2 - Account Takeover

Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...

9.9CVSS9.7AI score0.02434EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/11/01 12:0 a.m.489 views

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-31 Vendor Homepage: https://openvpn.net/ Software Link: https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe Version : PrivateTunnel v2.8.4 Tested on: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/09/15 12:0 a.m.489 views

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows Server...

10CVSS9.5AI score0.99323EPSS
Exploits23
Exploit DB
Exploit DB
added 2006/01/09 12:0 a.m.489 views

Sudo 1.6.x - Environment Variable Handling Security Bypass (2)

source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the ability to run Python scripts can...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/03 12:0 a.m.489 views

Gandia Integra Total 4.4.2236.1 - SQL Injection

/ Author : Byte Reaper CVE : CVE-2025-41373 Vulnerability : SQL Affected Path : /encuestas/integrawebv4/integra/html/view/hislistadoacciones.php?idestudio= Affected Versions : 2.1.2217.3 to v4.4.2236.1 Description: This endpoint concatenates the idestudio parameter directly into an SQL query...

8.8CVSS6.4AI score0.0107EPSS
Exploits2
Total number of security vulnerabilities5000