Exploitdb - Page 26 of Exploitdb Most Viewed Vulnerabilities List | Vulners.com

ExploitdbMost viewed

Recent Most viewed

47884 matches found

Exploit DB•added 2021/04/21 12:0 a.m.•470 views

Hasura GraphQL 1.3.3 - Local File Read

Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...

Exploit DB•added 2020/05/22 12:0 a.m.•470 views

Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)

Exploit Title: Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service PoC Date: 2020-05-16 Found by: Alvaro J. Gene Socket0x03 Software Link: https://konica-minolta-ftp-utility.software.informer.com/download/ Vulnerable Application: Konica Minolta FTP Utility Version: 1.0 Server: FTP Server...

Exploit DB•added 2025/08/11 12:0 a.m.•469 views

Microsoft Windows - Storage QoS Filter Driver Checker

Titles: Microsoft Windows - Storage QoS Filter Driver Checker Author: nu11secur1ty Date: 08/04/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 Description This PowerShell...

7.8CVSS7.4AI score0.03514EPSS

Exploit DB•added 2023/04/20 12:0 a.m.•469 views

Franklin Fueling Systems TS-550 - Default Password

Exploit Title: Franklin Fueling Systems TS-550 - Default Password Date: 4/16/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to...

Exploit DB•added 2022/01/13 12:0 a.m.•469 views

Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

Exploit DB•added 2021/10/14 12:0 a.m.•469 views

TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...

Exploit DB•added 2021/06/07 12:0 a.m.•469 views

Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Date: 2021-06-06 Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...

10CVSS9.5AI score0.94221EPSS

Exploit DB•added 2020/12/09 12:0 a.m.•469 views

Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution

Exploit Title: Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Lin...

Exploit DB•added 2020/10/23 12:0 a.m.•469 views

School Faculty Scheduling System 1.0 - 'username' SQL Injection

Exploit Title: School Faculty Scheduling System 1.0 - 'username' SQL Injection Date: 22/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

Exploit DB•added 2020/02/12 12:0 a.m.•469 views

HP System Event Utility - Local Privilege Escalation

Exploit Title: HP System Event Utility - Local Privilege Escalation Author: hyp3rlinx Date: 2020-02-11 Vendor: www.hp.com Link: https://hp-system-event-utility.en.lo4d.com/download CVE: CVE-2019-18915 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.8CVSS7.7AI score0.00427EPSS

Exploit DB•added 2018/10/11 12:0 a.m.•469 views

Wikidforum 2.20 - Cross-Site Scripting

Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download Version:...

Exploit DB•added 2018/10/10 12:0 a.m.•469 views

Ektron CMS 9.20 SP2 - Improper Access Restrictions

Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...

9.8CVSS9.7AI score0.4077EPSS

Exploit DB•added 2023/06/26 12:0 a.m.•468 views

Xenforo Version 2.2.13 - Authenticated Stored XSS

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Date: 2023-06-24 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

Exploit DB•added 2022/05/11 12:0 a.m.•468 views

PyScript - Read Remote Python Source Code

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...

7.5CVSS7AI score0.30797EPSS

Exploit DB•added 2021/03/01 12:0 a.m.•468 views

Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Online Catering Reservation System 1.0 - Unauthenticated Remote Code Execution Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Version:...

Exploit DB•added 2021/02/15 12:0 a.m.•468 views

Teachers Record Management System 1.0 - 'searchteacher' SQL Injection

Exploit Title: Teachers Record Management System 1.0 - 'searchteacher' SQL Injection Date: 13/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14399/teacher-record-system-phpmysql.html Version:1.0...

Exploit DB•added 2020/12/01 12:0 a.m.•468 views

Social Networking Site - Authentication Bypass (SQli)

Exploit Title: Social Networking Site - Authentication Bypass SQli Date: 2020-11-17 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

Exploit DB•added 2020/06/22 12:0 a.m.•468 views

Student Enrollment 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Date: 2020-06-22 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Version: 1.0 Tested on: Windows 10 /...

Exploit DB•added 2020/06/04 12:0 a.m.•468 views

VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution

Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.4123EPSS

Exploit DB•added 2024/02/13 12:0 a.m.•467 views

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...

9.8CVSS9.7AI score0.00123EPSS

Exploit DB•added 2022/08/01 12:0 a.m.•467 views

mPDF 7.0 - Local File Inclusion

Exploit Title: mPDF 7.0 - Local File Inclusion Google Dork: N/A Date: 2022-07-23 Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse impor...

Exploit DB•added 2021/12/14 12:0 a.m.•467 views

Online Thesis Archiving System 1.0 - SQLi Authentication Bypass

Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Version: Onli...

Exploit DB•added 2021/02/08 12:0 a.m.•467 views

Millewin 13.39.146.1 - Local Privilege Escalation

Exploit Title: Millewin 13.39.146.1 - Local Privilege Escalation Date: 2021-02-07 Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link:...

8.8CVSS8.9AI score0.0086EPSS

Exploit DB•added 2021/01/14 12:0 a.m.•467 views

Online Movie Streaming 1.0 - Admin Authentication Bypass

Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

Exploit DB•added 2019/06/14 12:0 a.m.•467 views

CentOS 7.6 - 'ptrace_scope' Privilege Escalation

!/usr/bin/env bash 'ptracescope' misconfiguration Local Privilege Escalation Affected operating systems TESTED: Parrot Home/Workstation 4.6 Latest Version Parrot Security 4.6 Latest Version CentOS / RedHat 7.6 Latest Version Kali Linux 2018.4 Latest Version Authors: Marcelo Vazquez s4vitar Victor...

Exploit DB•added 2011/08/26 12:0 a.m.•467 views

Jcow Social Networking Script 4.2 < 5.2 - Arbitrary Code Execution (Metasploit)

Exploit Title: Jcow CMS 4.x:4.2 Software Link: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download Version: 4.x:4.2 5.6.7.8:34441 at Sat Jun 04 00:00:44 +0000 2011 require 'msf/core' class Metasploit3 'JCow CMS Remote Command Execution', 'Description' = %q This module exploit...

Exploit DB•added 2024/02/05 12:0 a.m.•466 views

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...

6.1CVSS6.3AI score0.00258EPSS

Exploit DB•added 2023/04/25 12:0 a.m.•466 views

Wondershare Filmora 12.2.9.2233 - Unquoted Service Path

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Date: 2023/04/23 Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto...

Exploit DB•added 2021/12/06 12:0 a.m.•466 views

Auerswald COMpact 8.0B - Privilege Escalation

Exploit Title: Auerswald COMpact 8.0B - Privilege Escalation Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Privilege Escalation RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allow...

8.8CVSS8.9AI score0.01393EPSS

Exploit DB•added 2021/02/23 12:0 a.m.•466 views

Monica 2.19.1 - 'last_name' Stored XSS

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...

5.4CVSS5.5AI score0.00297EPSS

Exploit DB•added 2020/01/24 12:0 a.m.•466 views

Webtareas 2.0 - 'id' SQL Injection

Exploit Title: Webtareas 2.0 - 'id' SQL Injection Date: 2020-01-23 Exploit Author: Greg.Priest Vendor Homepage: http://webtareas.sourceforge.net/general/home.php Software Link: http://webtareas.sourceforge.net/general/home.php Version: Webtareas v2.0 Tested on: Windows CVE : N/A Webtareas v2.0...

Exploit DB•added 2019/11/08 12:0 a.m.•466 views

rConfig - install Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig install Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in rConfig version...

Exploit DB•added 2022/04/07 12:0 a.m.•465 views

Kramer VIAware - Remote Code Execution (RCE) (Root)

Exploit Title: Remote Code Execution as Root on KRAMER VIAware Date: 31/03/2022 Exploit Author: sharkmoos Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: Tested on: ViaWare Go Linux CVE : CVE-2021-35064, CVE-2021-36356 import sys,...

10CVSS9.6AI score0.93004EPSS

Exploit DB•added 2021/12/09 12:0 a.m.•465 views

TestLink 1.19 - Arbitrary File Download (Unauthenticated)

Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Date: 07/12/2021 Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS:...

Exploit DB•added 2021/02/01 12:0 a.m.•465 views

Zoo Management System 1.0 - 'anid' SQL Injection

Exploit Title: Zoo Management System 1.0 - 'anid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: V1 Tested on: Windows Identify the...

Exploit DB•added 2021/01/15 12:0 a.m.•465 views

Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)

Exploit Title: Online Hotel Reservation System 1.0 - Cross-site request forgery CSRF Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

Exploit DB•added 2020/12/02 12:0 a.m.•465 views

Student Result Management System 1.0 - Authentication Bypass SQL Injection

Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/ Software Link:...

Exploit DB•added 2019/11/04 12:0 a.m.•465 views

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...

9.8CVSS9.8AI score0.81586EPSS

Exploit DB•added 2016/10/27 12:0 a.m.•465 views

Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation

Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandler application/x-httpd-php Usage Choose the username, passwor...

Exploit DB•added 2009/01/29 12:0 a.m.•465 views

Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass

Written By Michael Brooks Special thanks to str0ke! Pligg - XSRF Protection Bypass and Captcha Bypass affects 9.9.5 XSRF Protection Bypass ' width="0%" height="0%" var pliggstorytovotefor="/story.php?title=pliggxss"; function r var Z=false; ifwindow.XMLHttpRequest try Z=new XMLHttpRequest...

Exploit DB•added 2024/03/12 12:0 a.m.•464 views

VMware Cloud Director 10.5 - Bypass identity verification

Exploit Title: VMware Cloud Director | Bypass identity verification Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 10.5 CVE : CVE-2023-34060 import requests import paramiko import subprocess import socket import argparse import threading Define a function to check i...

9.8CVSS10AI score0.00087EPSS

Exploit DB•added 2021/12/06 12:0 a.m.•464 views

Croogo 3.0.2 - Remote Code Execution (Authenticated)

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Exploit DB•added 2021/01/14 12:0 a.m.•464 views

Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)

Exploit Title: Nagios XI 5.7.X - Remote Code Execution RCE Authenticated Date: 19/12/2020 Exploit Author: Haboob Team https://haboob.sa Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios XI 5.7.x Tested on: Ubuntu 18.04 / PHP 7.2.24 & Vendor's custom VM CVE: CVE-2020-3557...

9CVSS7AI score0.85202EPSS

Exploit DB•added 2020/10/16 12:0 a.m.•464 views

Company Visitor Management System (CVMS) 1.0 - Authentication Bypass

Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Date: 16/10/2020 Exploit Author: Oğuz Türkgenç Vendor Homepage: https://phpgurukul.com/company-visitor-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=96...

Exploit DB•added 2020/06/05 12:0 a.m.•464 views

Online Course Registration 1.0 - Authentication Bypass

Exploit Title: Online Course Registration 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...

Exploit DB•added 2005/06/03 12:0 a.m.•464 views

MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/13849/info MWChat is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affect...

Exploit DB•added 2025/06/09 12:0 a.m.•463 views

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege

!/usr/bin/env python3 Exploit Title: Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Windows 11 Version 24H2 for x64-based Systems...

7.3CVSS7.9AI score0.03957EPSS

Exploit DB•added 2023/08/04 12:0 a.m.•463 views

Academy LMS 6.0 - Reflected XSS

Exploit Title: Academy LMS 6.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Version: 6.0 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

6.1CVSS6.4AI score0.02607EPSS

Exploit DB•added 2020/12/14 12:0 a.m.•463 views

Rumble Mail Server 0.51.3135 - 'username' Stored XSS

Exploit Title: Rumble Mail Server 0.51.3135 - 'username' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Tested o...

Exploit DB•added 2020/12/09 12:0 a.m.•463 views

Task Management System 1.0 - 'First Name and Last Name' Stored XSS

Exploit Title: Task Management System 1.0 - 'First Name and Last Name' Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

Total number of security vulnerabilities5000