Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2005/06/03 12:0 a.m.466 views

MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/13849/info MWChat is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affect...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/03/22 12:0 a.m.465 views

TeamPass 3.0.0.21 - SQL Injection

Exploit Title: TeamPass SQL Injection Google Dork: intitle:"Teampass" + inurl:index.php?page=items Date: 02/23/2025 Exploit Author: Max Meyer - Rivendell Vendor Homepage: http://www.teampass.net Software Link: https://github.com/nilsteampassnet/TeamPass Version: 2.1.24 and prior Tested on:...

7.5CVSS7AI score0.08354EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.465 views

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact:...

6.1CVSS7AI score0.05177EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.465 views

Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

7.8CVSS7.8AI score0.02719EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.465 views

Zenario CMS 8.8.53370 - 'id' Blind SQL Injection

Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Date: 05/02/2021 Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 CVE:...

9.1CVSS9.6AI score0.04572EPSS
Exploits1
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.465 views

Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)

Exploit Title: lot reservation management system 1.0 - Stored Cross Site Scripting Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/01 12:0 a.m.465 views

SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/15 12:0 a.m.465 views

Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection

Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Date: 2020-06-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Change Log Update :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/26 12:0 a.m.465 views

KiteService 1.2020.618.0 - Unquoted Service Path

Exploit Title: KiteService 1.2020.618.0 - Unquoted Service Path Discovery by: PoisonSk Discovery Date: 2020-06-23 Vendor Homepage: https://www.kite.com/ Software Link : https://www.kite.com/download/ Tested Version: 1.2020.618.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/02 12:0 a.m.465 views

Microsoft Excel 2016 1901 - XML External Entity Injection

Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/22 12:0 a.m.465 views

Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback

There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/06 12:0 a.m.465 views

Microsoft Windows - '.LNK' Shortcut File Code Execution

!/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER: | | | | | | | | | | | | | | | | | | | | | | | | | | |...

9.3CVSS6.7AI score0.90026EPSS
Exploits20
Exploit DB
Exploit DB
added 2004/04/11 12:0 a.m.465 views

TikiWiki < 1.8.1 - Multiple Vulnerabilities

TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: = 1.8.1 Website: http://www.tikiwiki.org/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 51...

7.5CVSS6.4AI score0.07466EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.464 views

NEWS-BUZZ News Management System 1.0 - SQL Injection

Exploit Title: NEWS-BUZZ News Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: egsec Date: 2024-11-03 Vendor Homepage: https://code-projects.org Software Link: https://code-projects.org/content-management-system-in-php-with-source-code-2/ Version: 1.0 Tested on: Windows 11 P...

9.8CVSS9.7AI score0.01354EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.464 views

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/13 12:0 a.m.464 views

Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)

Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/04 12:0 a.m.464 views

Mantis Bug Tracker 2.24.3 - 'access' SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

6.5CVSS6AI score0.04725EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.464 views

Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile

Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE Authenticated via Edit Profile Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects https://code-projects.org Software Link:...

9CVSS8.9AI score0.11894EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/01/28 12:0 a.m.464 views

Sricam gSOAP 2.8 - Denial of Service

!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...

7.5CVSS7.6AI score0.13776EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/20 12:0 a.m.463 views

ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path

Exploit Title: ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path Date: 2020-05-19 Exploit Author: Alejandra Sánchez Vendor Homepage: www.asus.com Version: 1.0.94.0 Tested on: Windows 10 Pro x64 es Description: ATK Hotkey 1.0.94.0 suffers from an unquoted search path issue...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.463 views

Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)

Exploit Title: Simple College Website 1.0 - 'name' Sql Injection Authentication Bypass Exploit Author: Marco Catalano @stunn4 Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.463 views

Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass Date: 21/11/2020 Exploit Author: Aditya Wakhlu Vendor Homepage: https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html Software Link:...

9.8CVSS9.7AI score0.25273EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/08/31 12:0 a.m.463 views

CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)

!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/18 12:0 a.m.463 views

Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation

Windows: RPCSS Activation Kernel Security Callback EoP Platform: Windows 10 1903/1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The RPCSS Activation Kernel RPC server’s security callback can be bypassed resulti...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.462 views

Scriptcase 9.7 - Remote Code Execution (RCE)

Exploit Title: Scriptcasr 9.7 arbitrary file upload getshell Date: 2022-04-08 Exploit Author: luckyt0mat0 Vendor Homepage: https://www.scriptcase.net/ Software Link: https://www.scriptcase.net/download/ Version: 9.7 Tested on: Windows Server 2019 Proof of Concept: POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/17 12:0 a.m.462 views

Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)

Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Date: 21/04/2021 Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/28 12:0 a.m.462 views

Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting XSS Date: 06/05/2021 Exploit Author: CAPTAINHOOK Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ versi...

6.1CVSS6.5AI score0.04049EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.462 views

CKEditor 3 - Server-Side Request Forgery (SSRF)

Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Date: 12-6-2021 Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/15 12:0 a.m.462 views

Barco WePresent - file_transfer.cgi Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Barco WePresent filetransfer.cgi Command Injection", 'Description' = %q This module exploits an unauthenticated remote command injection...

10CVSS7AI score0.98952EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/11/11 12:0 a.m.462 views

Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path

Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Date: 2019-11-07 Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/18 12:0 a.m.462 views

GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution

!/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43360.zip EDB Note: Source https://www.elttam.com.au/blog/goahead/ EDB Note: Source...

8.1CVSS8.1AI score0.96327EPSS
Exploits15
Exploit DB
Exploit DB
added 2014/02/03 12:0 a.m.462 views

Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Remote Reboot (Denial of Service)

source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/29 12:0 a.m.461 views

Oracle Fatwire 6.3 - Multiple Vulnerabilities

Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Date: 29/07/2021 Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.460 views

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting XSS on User Login Page Date: 26 September 2023 Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://moosocial.com Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 11 CVE : CVE-2023-43325 Description: A Cro...

6.1CVSS6.4AI score0.01857EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/11 12:0 a.m.460 views

MiniTool Partition Wizard - Unquoted Service Path

Exploit Title: MiniTool Partition Wizard - Unquoted Service Path Date: 07/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.0 Tested: Windows 10 Pro x64 es PoC : C:\Users\saudhsc qc MTSchedulerServi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.460 views

ImpressCMS 1.4.2 - Remote Code Execution (RCE)

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Exploit Author: Egidio Romano aka EgiX Date: 30/03/2022 Version: = 1.4.2 Venor: https://www.impresscms.org CVE: CVE-2021-26599 ?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote...

9.8CVSS6.4AI score0.21509EPSS
Exploits9
Exploit DB
Exploit DB
added 2022/03/21 12:0 a.m.460 views

Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)

Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...

4.9CVSS5.1AI score0.03315EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/06/18 12:0 a.m.460 views

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.460 views

Comtrend AR-5387un router - Persistent XSS (Authenticated)

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...

5.4CVSS5.6AI score0.00954EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/09/29 12:0 a.m.460 views

CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR)

Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: 2020-09-29 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x64 - 10.0.19041 Build...

9.8CVSS9AI score0.93597EPSS
Exploits29
Exploit DB
Exploit DB
added 2020/06/10 12:0 a.m.460 views

Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection

Exploit Title: Joomla J2 Store 3.3.11 - 'filterorderDir' SQL Injection Authenticated Date: 2020-04-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://www.j2store.org/ Software Link: https://www.j2store.org/download.html Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/07 12:0 a.m.460 views

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13n;...

9.8AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/01 12:0 a.m.460 views

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass

Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...

9.3CVSS7.8AI score0.09465EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/22 12:0 a.m.459 views

Clinic Management System 1.0 - SQL injection to Remote Code Execution

Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/03 12:0 a.m.459 views

OpenSIS 8.0 'modname' - Directory Traversal

Exploit Title: OpenSIS 8.0 'modname' - Directory/Path Traversal Date: 09-02-2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux CVE: CVE-2021-40651 The 'modname' parameter in the 'Modules.php' ...

6.5CVSS6.6AI score0.18415EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/05/20 12:0 a.m.459 views

Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path

Exploit Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.2.3500.0 Vulnerability Type: Unquoted Service Path Tested on OS: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/14 12:0 a.m.459 views

Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)

Exploit Title: Cisco RV110W 1.2.1.7 - 'vpnaccount' Denial of Service PoC Date: 2021-01 Exploit Author: Shizhi He Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7 Version: V1.2.1.7 Tested on: RV110W V1.2.1.7 CV...

9CVSS0.3AI score0.05628EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.459 views

PDW File Browser 1.3 - Remote Code Execution

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/08/17 12:0 a.m.459 views

Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution

I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...

5CVSS6.5AI score0.25082EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.458 views

BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)

Exploit Title: BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting XSS Unauthenticated Google Dork: intext:"BeyondTrust" "Redistribution Prohibited" Date: 30/12/2021 Exploit Author: Malcrove Vendor Homepage: https://www.beyondtrust.com/ Version: v6.0 and earlier versions Summary:...

7.4AI score
Exploits0
Total number of security vulnerabilities5000