Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.473 views

PyScript - Read Remote Python Source Code

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...

7.5CVSS7AI score0.13268EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/05 12:0 a.m.473 views

Basic Shopping Cart 1.0 - Authentication Bypass

Exploit Title: Basic Shopping Cart 1.0 - Authentication Bypass Date: 2021-04-03 Exploit Author: Viren Saroha illusion Vendor Homepage: https://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.473 views

Company Visitor Management System (CVMS) 1.0 - Authentication Bypass

Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Date: 16/10/2020 Exploit Author: Oğuz Türkgenç Vendor Homepage: https://phpgurukul.com/company-visitor-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=96...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/04 12:0 a.m.473 views

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...

9.8CVSS9.8AI score0.60328EPSS
Exploits16
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.472 views

Boelter Blue System Management 1.3 - SQL Injection

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...

9.1CVSS9.2AI score0.02241EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.472 views

Hasura GraphQL 1.3.3 - Local File Read

Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/14 12:0 a.m.472 views

Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)

Exploit Title: Nagios XI 5.7.X - Remote Code Execution RCE Authenticated Date: 19/12/2020 Exploit Author: Haboob Team https://haboob.sa Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios XI 5.7.x Tested on: Ubuntu 18.04 / PHP 7.2.24 & Vendor's custom VM CVE: CVE-2020-3557...

9CVSS7AI score0.81915EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.472 views

Social Networking Site - Authentication Bypass (SQli)

Exploit Title: Social Networking Site - Authentication Bypass SQli Date: 2020-11-17 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/14 12:0 a.m.472 views

Xfilesharing 2.5.1 - Arbitrary File Upload

Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local File Inclusion...

9.8CVSS8.9AI score0.45361EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.472 views

Memu Play 6.0.7 - Privilege Escalation

Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.472 views

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

Exploit Title: E-Registrasi Pencak Silat 18.10 - 'idpartai' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-11 Vendor Homepage: https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/14 12:0 a.m.471 views

Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)

Exploit Title: Honeywell PM43 ' if htmlstartindex != -1: return responsetext:htmlstartindex else: return responsetext except requests.exceptions.RequestException as e: return f"Error: e" def main: parser = argparse.ArgumentParserdescription='Command Injection PoC for Honeywell PM43 Printers'...

9.9CVSS9.6AI score0.33094EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/03/12 12:0 a.m.471 views

VMware Cloud Director 10.5 - Bypass identity verification

Exploit Title: VMware Cloud Director | Bypass identity verification Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 10.5 CVE : CVE-2023-34060 import requests import paramiko import subprocess import socket import argparse import threading Define a function to check i...

9.8CVSS10AI score0.01345EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/11 12:0 a.m.471 views

FormaLMS 2.4.4 - Authentication Bypass

Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Date: 2021-11-10 Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136...

9.8CVSS9.7AI score0.15725EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/29 12:0 a.m.471 views

Mini-XML 3.2 - Heap Overflow

Exploit Title: Mini-XML 3.2 - Heap Overflow Google Dork: mxml Mini-xml Mini-XML Date: 2020.10.19 Exploit Author: LIWEI Vendor Homepage: https://www.msweet.org/mxml/ Software Link: https://github.com/michaelrsweet/mxml Version: v3.2 Tested on: ubuntu 18.04.2 1.- compile the Mini-XML code to a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.471 views

ECOA Building Automation System - Path Traversal Arbitrary File Upload

Exploit Title: ECOA Building Automation System - Path Traversal Arbitrary File Upload Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Path Traversal Arbitrary File Upload Vendor: ECOA Technologies Corp. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/06 12:0 a.m.471 views

Phone Shop Sales Managements System 1.0 - Authentication Bypass (SQLi)

Exploit Title: Phone Shop Sales Managements System 1.0 - Authentication Bypass SQLi Date: 2021-07-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.471 views

DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path

Exploit Title: DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.diskpulse.com Software Links: https://www.diskpulse.com/setupsx64/diskpulseentsetupv13.6.14x64.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.471 views

Polkit 0.105-26 0.117-2 - Local Privilege Escalation

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...

7.8CVSS6.9AI score0.22193EPSS
Exploits37
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.471 views

Zoo Management System 1.0 - 'anid' SQL Injection

Exploit Title: Zoo Management System 1.0 - 'anid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: V1 Tested on: Windows Identify the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/22 12:0 a.m.471 views

Student Enrollment 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Date: 2020-06-22 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Version: 1.0 Tested on: Windows 10 /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/10 12:0 a.m.471 views

Ektron CMS 9.20 SP2 - Improper Access Restrictions

Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...

9.8CVSS9.7AI score0.22379EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.470 views

Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage: https://www.grandstream.com/ Software Link: download link if available Version: Grandstream GSD3710 -...

9.8CVSS9.2AI score0.04418EPSS
Exploits2
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.470 views

Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path

Exploit Title: Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path Date: 07/14/2022 Exploit Author: Angelo Pio Amirante Version: 1.0.0.4 Tested on: Windows 10 Patched version: 1.0.5.0 CVE: CVE-2022-35899 Step to discover the unquoted service path: wmic service get...

7.8CVSS8.1AI score0.00857EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/07/13 12:0 a.m.470 views

Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload

Exploit Title: Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload Date: 05-07-2021 Exploit Author: Luca Bernardi - bernardiluca.job at protonmail.com | luca.bernardi at dedagroup.it Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/27 12:0 a.m.470 views

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/14 12:0 a.m.470 views

CentOS 7.6 - 'ptrace_scope' Privilege Escalation

!/usr/bin/env bash 'ptracescope' misconfiguration Local Privilege Escalation Affected operating systems TESTED: Parrot Home/Workstation 4.6 Latest Version Parrot Security 4.6 Latest Version CentOS / RedHat 7.6 Latest Version Kali Linux 2018.4 Latest Version Authors: Marcelo Vazquez s4vitar Victor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/11 12:0 a.m.470 views

Wikidforum 2.20 - Cross-Site Scripting

Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/06 12:0 a.m.469 views

RiteCMS 2.2.1 - Authenticated Remote Code Execution

Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux CVE: CVE-2020-23934 1- Go to following url. http://HOST/cms/ 2- Default username and password is admin:admin. We mus...

9CVSS8.9AI score0.15962EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.469 views

UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.uvnc.com/ Software Link : https://www.uvnc.com/component/jdownloads/send/0-/394-ultravnc-1240-x86-setup.html?Itemid=0 Tested Version: 1.2.4.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/08 12:0 a.m.469 views

rConfig - install Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig install Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in rConfig version...

9.5AI score
Exploits0
Exploit DB
Exploit DB
added 2011/08/26 12:0 a.m.469 views

Jcow Social Networking Script 4.2 < 5.2 - Arbitrary Code Execution (Metasploit)

Exploit Title: Jcow CMS 4.x:4.2 Software Link: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download Version: 4.x:4.2 5.6.7.8:34441 at Sat Jun 04 00:00:44 +0000 2011 require 'msf/core' class Metasploit3 'JCow CMS Remote Command Execution', 'Description' = %q This module exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.468 views

Rumble Mail Server 0.51.3135 - 'username' Stored XSS

Exploit Title: Rumble Mail Server 0.51.3135 - 'username' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.468 views

Student Result Management System 1.0 - Authentication Bypass SQL Injection

Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/11 12:0 a.m.468 views

Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection Authenticated Google Dork: - Date: 2020-08-01 Exploit Author: Roel van Beurden Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.7.zip Version: 1.4.7 Tested on: Linux Ubuntu 18.04...

9.8CVSS9.6AI score0.90044EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/11/27 12:0 a.m.468 views

SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)

Exploit Title: SpotAuditor 5.3.2 - 'Base64' Denial Of Service PoC Exploit Author : ZwX Exploit Date: 2019-11-26 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 ''' Proof of Concept PoC:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/17 12:0 a.m.467 views

SonicWall NetExtender 10.2.0.300 - Unquoted Service Path

Exploit Title: SonicWall NetExtender 10.2.0.300 - Unquoted Service Path Exploit Author: shinnai Software Link: https://www.sonicwall.com/products/remote-access/vpn-clients/ Version: 10.2.0.300 Tested On: Windows CVE: CVE-2020-5147...

5.3CVSS5.8AI score0.01658EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.467 views

Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code

Exploit Title: Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code Date: 20/05/2021 Exploit Authors: Carlo Di Dato and Michael Caruso from BestEffort Team https://besteffortteam.it Vendor Homepage: https://www.mozilla.org Version: = 88.0.1 Tested on: Windows XP Professional SP3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/17 12:0 a.m.467 views

VestaCP 0.9.8 - File Upload CSRF

Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Date: 16-03-2021 Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch...

8.8CVSS8.9AI score0.06033EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/09 12:0 a.m.467 views

Task Management System 1.0 - 'First Name and Last Name' Stored XSS

Exploit Title: Task Management System 1.0 - 'First Name and Last Name' Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.467 views

School Faculty Scheduling System 1.0 - 'id' SQL Injection

Exploit Title: School Faculty Scheduling System 1.0 - 'id' SQL Injection Date: 22/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.467 views

ifwatchd - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ifwatchd Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the...

7.2CVSS7.4AI score0.02906EPSS
Exploits5
Exploit DB
Exploit DB
added 2016/10/27 12:0 a.m.467 views

Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation

Source: https://github.com/XiphosResearch/exploits/tree/master/Joomraa While analysing the recent Joomla exploit in comusers:user.register we came across a problem with the upload whitelisting. They don't allow files containing SetHandler application/x-httpd-php Usage Choose the username, passwor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/29 12:0 a.m.467 views

Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass

Written By Michael Brooks Special thanks to str0ke! Pligg - XSRF Protection Bypass and Captcha Bypass affects 9.9.5 XSRF Protection Bypass ' width="0%" height="0%" var pliggstorytovotefor="/story.php?title=pliggxss"; function r var Z=false; ifwindow.XMLHttpRequest try Z=new XMLHttpRequest...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/03 12:0 a.m.466 views

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

!/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an unauthenticated attacker can escalate privileges to admin by abusing unsanitized input in...

9.8CVSS9.7AI score0.72306EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.466 views

Automic Agent 24.3.0 HF4 - Privilege Escalation

Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora Schäfer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version: /tmp/sh.so 2. Run the ucxjlx6 executable as follows $ ./ucxjlx6 ini=echo -e...

8.5CVSS7.1AI score0.00516EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/02/09 12:0 a.m.466 views

Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquoted Service Path

Exploit Title: Epson USB Display 1.6.0.0 - 'EMPUDSA' Unquoted Service Path Discovery by: Hector Gerbacio Discovery Date: 2021-02-05 Vendor Homepage: https://epson.com.mx/ Tested Version: 1.6.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/09 12:0 a.m.466 views

Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH)

Exploit Title: Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow SEH Date: 2020-12-08 Exploit Author: Andrés Roldán Vendor Homepage: http://www.dupscout.com Software Link: http://www.dupscout.com/downloads.html Version: 10.0.18 Tested on: Windows 10 Pro x64 !/usr/bin/env python3 import...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.466 views

PDW File Browser 1.3 - 'new_filename' Cross-Site Scripting (XSS)

Exploit Title: PDW File Browser . The payload gets executed when any authenticated user navigates to the PDW File browser page. POST /ckeditor/plugins/pdwfilebrowser/actions.php HTTP/1.1 Host: … action=rename&newfilename=&oldfilename=script%253EFILE.txt&folder=%252Fmedia%252F&typ e=file Reflected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/05 12:0 a.m.466 views

AwindInc SNMP Service - Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AwindInc SNMP Service Command Injection", 'Description' = %q This module exploits a vulnerability found in AwindInc and OEM'ed products where...

7.2CVSS7.4AI score0.71963EPSS
Exploits5
Total number of security vulnerabilities5000