Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2021/09/20 12:0 a.m.458 views

WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)

Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...

7.1CVSS6.7AI score0.85719EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.458 views

HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path

Exploit Title: HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.portrait.com/ Software Link: https://www.portrait.com/dtune/hwp/enu/ Software Version: 3.20 File Version: 1.0.0.1 Tested on: Windows 10 P...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/12 12:0 a.m.458 views

ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path

Exploit Title: ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-11 Vendor Homepage: https://www.asus.com/ Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/13 12:0 a.m.458 views

Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.457 views

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Exploit Title: Employee Management System 1.0 - txtusername and txtpassword SQL Injection Admin Login Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version:...

9.6AI score
Exploits3
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.457 views

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...

4.3CVSS5.6AI score0.42326EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.457 views

OXID eShop 6.3.4 - 'sorting' SQL Injection

Exploit Title: OXID eShop 6.3.4 - 'sorting' SQL Injection Date: 2019-07-29 Exploit Author: VulnSpy Vendor Homepage: https://www.oxid-esales.com/ Software Link: https://github.com/OXID-eSales/oxideshopce Version: Versions 6.x prior to 6.3.4 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/06/11 12:0 a.m.457 views

WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload

Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://topquark.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/12/11 12:0 a.m.457 views

Exim 4.63 - Remote Command Execution

Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; $ARGC=@ARGV; if $ARGC!=2 print "Usage: $0 Host Port \n\n"; die "Ex: $0...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/14 12:0 a.m.457 views

Shutter 0.1.1 - Multiple SQL Injections

|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | MULTIPLE SQL...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.456 views

Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.456 views

Metasploit Framework 6.0.11 - msfvenom APK template command injection

Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...

9.3CVSS7.7AI score0.30562EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/07/06 12:0 a.m.456 views

Grafana 7.0.1 - Denial of Service (PoC)

Exploit Title: Grafana 7.0.1 - Denial of Service PoC Date: 2020-05-23 Exploit Author: mostwanted002 Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 3.0.1 - 7.0.1 Tested on: Linux CVE : CVE-2020-13379 !/bin/bash if $1 != "" ; then curl -I...

8.2CVSS8.3AI score0.99856EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/09 12:0 a.m.456 views

Dolibarr ERP-CRM 10.0.1 - SQL Injection

Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux Software Description : Dolibarr ERP & CR...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/03/18 12:0 a.m.456 views

ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection

Advisory Name: SQL injection in Manage Engine Service Desk Plus 7.6 Vulnerability Class: SQL injection Release Date: 03-18-2010 Affected Applications: Confirmed in version 7.6. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/20 12:0 a.m.455 views

Simple Task List 1.0 - 'status' SQLi

Exploit Title: Simple Task List 1.0 - 'status' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0...

6.5CVSS6.6AI score0.00583EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.455 views

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

7.8CVSS7.8AI score0.02532EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/02/11 12:0 a.m.455 views

Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)

Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.455 views

Webrun 3.6.0.42 - 'P_0' SQL Injection

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 CVE: CVE-2021-43650 =-=-=-= Description =-=-=-= Webrun version 3.6.0....

9.8CVSS9.7AI score0.06158EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.455 views

Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)

Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Date: 14/04/2021 Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: 2021-31152 Exploit Code: document.forms0.submit;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.455 views

Savsoft Quiz 5 - 'Skype ID' Stored XSS

Exploit Title: Savsoft Quiz 5 - 'Skype ID' Stored XSS Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://savsoftquiz.com Software Link: https://github.com/savsofts/savsoftquizv5 Version: 5 Tested on Windows 10 Attack Vector: This vulnerability can results attacker to inject the XSS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.455 views

WonderCMS 3.1.3 - Authenticated Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE :...

9.8CVSS9.7AI score0.26912EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/10/14 12:0 a.m.455 views

WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts

So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format In this case, simply reversing the order of the returned elements...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/04 12:0 a.m.455 views

Apache Tomcat 6/7/8/9 - Information Disclosure

Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability Date: 4th March 2017 Exploit Author: justpentest Vendor Homepage: tomcat.apache.org Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0....

7.1CVSS8.8AI score0.39633EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.454 views

GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.454 views

CoreFTP Server build 725 - Directory Traversal (Authenticated)

Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...

6.5CVSS6.6AI score0.05369EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/24 12:0 a.m.454 views

HTTPDebuggerPro 9.11 - Unquoted Service Path

Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/10/02 12:0 a.m.454 views

Dnsmasq < 2.78 - Information Leak

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available. Setup a simple network with...

5.9CVSS9.3AI score0.67549EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.453 views

Engineers Online Portal 1.0 - 'multiple' Authentication Bypass

Exploit Title: Engineers Online Portal 1.0 - 'multiple' Authentication Bypass Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/20 12:0 a.m.453 views

Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation

Exploit Title: Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: 18/10/2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/12 12:0 a.m.453 views

RATES SYSTEM 1.0 - 'Multiple' SQL Injections

Exploit Title: RATES SYSTEM 1.0 - 'Multiple' SQL Injections Date: 11-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Software Link: https://www.sourcecodester.com/php/14904/rates-system.html Version: V1.0 Category: Webapps Tested on: Linux/Windows Description: PHP Dashboards is prone to an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.453 views

RarmaRadio 2.72.5 - Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.5 - Denial of Service PoC Date: 2020-05-12 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: https://www.raimersoft.com/rarmaradio.html Version: 2.75.5 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program TapinRadio In...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/10 12:0 a.m.453 views

WinGate 9.4.1.5998 - Insecure Folder Permissions

Exploit Title: WinGate 9.4.1.5998 - Insecure Folder Permissions Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: https://www.wingate.com Version: 9.4.1.5998 CVE: CVE-2020-13866 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.8CVSS7.8AI score0.01068EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.453 views

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure

!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.453 views

Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass

/ The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check which means that no bailout will happen. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.452 views

SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-8...

9.8CVSS9.7AI score0.20112EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/07 12:0 a.m.452 views

binutils 2.37 - Objdump Segmentation Fault

Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.452 views

Engineers Online Portal 1.0 - File Upload Remote Code Execution (RCE)

Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Date: 10/23/2021 Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windo...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.452 views

MariaDB 10.2 - 'wsrep_provider' OS Command Execution

Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Date: 03/18/2021 Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through...

9CVSS7.3AI score0.38179EPSS
Exploits9
Exploit DB
Exploit DB
added 2020/07/23 12:0 a.m.452 views

Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)

Exploit Title: Snes9K 0.09z - 'Port Number' Buffer Overflow SEH Date: 2020-07-20 Exploit Author: MasterVlad Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://www.exploit-db.com/apps/ef5249b64ce34575c12970b334a08c17-snes9k009z.zip Version: 0.09z Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/12 12:0 a.m.452 views

SNMPv3 - HMAC Validation error Remote Authentication Bypass

snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini http://lab.mediaservice.net/...

10CVSS6.7AI score0.6879EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.451 views

GLPI GZIP(Py3) 9.4.5 - RCE

!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...

9CVSS9AI score0.10949EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/11/08 12:0 a.m.451 views

Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.451 views

PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: PHP Melody 3.0 - 'Multiple' Cross-Site Scripting XSS Date: 2021-10-20 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Tested on: Linux Document Title: =============== PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.451 views

User Management System 1.0 - 'uid' SQL Injection

Exploit Title: User Management System 1.0 - 'uid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ Version: V1 Tested on: Windows Identify...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/24 12:0 a.m.451 views

LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/01 12:0 a.m.451 views

Apache Solr 8.2.0 - Remote Code Execution

Title: Apache Solr 8.2.0 - Remote Code Execution Date: 2019-11-01 Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github: https://github.com/AleWong/Apache-Solr-RCE-via-Velocity-template usage: python3 script.py ip por...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.451 views

Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe and Registry', 'Description' = %q This module exploits a flaw in the WSReset.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.451 views

LibreNMS - addhost Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...

10CVSS9.5AI score0.71487EPSS
Exploits9
Exploit DB
Exploit DB
added 2006/06/19 12:0 a.m.451 views

IdeaBox 1.1 - 'gorumDir' Remote File Inclusion

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper a.k.a Rahim $$ $$ Contact:...

7.4AI score
Exploits0
Total number of security vulnerabilities5000