Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.428 views

dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: dotclear 2.25.3 - Remote Code Execution RCE Authenticated Application: dotclear Version: 2.25.3 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://dotclear.org/ Software Link: https://dotclear.org/download Date of found: 08.04.2023...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.428 views

RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.428 views

Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting

Exploit Title: Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Date: 24-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/11 12:0 a.m.428 views

CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)

Exploit Title: CMSUno 1.6.2 - 'user' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/09 12:0 a.m.428 views

Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link: https://github.com/snipe/snipe-it/releases/tag/v4.7.5 Version: 4.7.5 Category: Webapps Tested on: Xamp...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/04 12:0 a.m.428 views

SSDWLAB 6.1 - Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/02/26 12:0 a.m.428 views

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

// // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-607...

7.8CVSS7AI score0.0596EPSS
Exploits13
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.427 views

XAMPP 8.2.4 - Unquoted Path

Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/13 12:0 a.m.427 views

Job Portal 1.0 - File Upload Restriction Bypass

/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.427 views

Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Date: November 1, 2021 Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS...

8.8CVSS8.9AI score0.33946EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/04 12:0 a.m.427 views

Opencart 3 Extension TMD Vendor System - Blind SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/08 12:0 a.m.427 views

WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)

Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Date: 2021/06/08 Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9,...

10CVSS9.5AI score0.94535EPSS
Exploits19
Exploit DB
Exploit DB
added 2020/07/13 12:0 a.m.427 views

Park Ticketing Management System 1.0 - Authentication Bypass

Exploit Title: Park Ticketing Management System 1.0 - Authentication Bypass Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/09 12:0 a.m.426 views

Zyxel zysh - Format string

!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...

7.8CVSS6.9AI score0.05805EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.426 views

WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting XSS Date: 2021-10-28 Exploit Author: Vulnerability Lab Vendor Homepage: https://hotel.eplug-ins.com/ Software Link: https://hotel.eplug-ins.com/hoteldoc/ Version: v3 Tested on: Linux Document Title: ===============...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/04 12:0 a.m.426 views

Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)

Exploit Title: Client Management System 1.1 - 'cname' Stored Cross-site scripting XSS Date: 2021-08-04 Exploit Author: Mohammad Koochaki Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.426 views

Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path

Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/07 12:0 a.m.426 views

Voting System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Date: 07/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/18 12:0 a.m.426 views

WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version: 1.17.5 Exploit Author: LiquidWorm Tested on: Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/10 12:0 a.m.426 views

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting Google Dork: intext:"by UliCMS" Date: 2019-05-12 Exploit Author: Unk9vvN Vendor Homepage: https://en.ulicms.de Software Link: https://www.ulicms.de/aktuelles.html?single=ulicms-20191-spitting-lama-ist-fertig Version: 2019....

6.1CVSS6.3AI score0.03473EPSS
Exploits9
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.426 views

Odoo CRM 10.0 - Code Execution

Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value...

8.5CVSS6.7AI score0.0359EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/06/09 12:0 a.m.425 views

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

9.8CVSS9.6AI score0.60113EPSS
Exploits9
Exploit DB
Exploit DB
added 2022/05/12 12:0 a.m.425 views

TLR-2005KSH - Arbitrary File Delete

Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...

9.4CVSS9.4AI score0.36834EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.425 views

VestaCP 0.9.8 - 'v_sftp_licence' Command Injection

Title: VestaCP 0.9.8 - 'vsftplicence' Command Injection Date: 17.03.2021 Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com 0.9.8-26-43 Software Link: https://vestacp.com 0.9.8-26 POST /edit/server/ HTTP/1.1 Host: TARGET:8083 Connection: close...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.426 views

Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)

Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection 2 Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/ Date: 05/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor Version: 6.4.4 Tested on: Debian 10 CVE :...

9.8CVSS9.6AI score0.82976EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.425 views

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintnamesparc3.c - dtprintinfo on Solaris 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.425 views

Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection

Exploit Title: Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection Exploit Author: Mesut Cetin Date: 2021-01-15 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.425 views

Genexis Platinum-4410 - 'SSID' Persistent XSS

Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/24 12:0 a.m.425 views

BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting

Exploit title: BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting Exploit Author: William Summerhill Date: 2020-06-22 Vendor homepage: https://www.globalradar.com/ Tested on: Window CVE-2020-14943 Description: The "Firstname" and "Lastname" parameters in Global RADAR BSA Radar 1.6.7234.X...

5.4CVSS7.5AI score0.03684EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.425 views

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Date: 2020-05-28 Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station 6.0.3 CVE: CVE-2019-7192, CVE-2019-7193...

10CVSS9.6AI score0.89681EPSS
Exploits12
Exploit DB
Exploit DB
added 2019/09/09 12:0 a.m.425 views

WordPress Core 5.2.3 - Cross-Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/15 12:0 a.m.425 views

Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass

Exploit Title: NETGEAR WiFi Router R6080 - Security Questions Answers Disclosure Date: 13/07/2019 Exploit Author: Wadeek Hardware Version: R6080-100PES Firmware Version: 1.0.0.34 / 1.0.0.40 Vendor Homepage: https://www.netgear.com/support/product/R6080.aspx Firmware Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/30 12:0 a.m.425 views

Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit)

$Id: seattlelabpass.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

7.5CVSS7AI score0.71483EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/08/03 12:0 a.m.424 views

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)

/ Author : Byte Reaper CVE : CVE-2025-54589 Title : Copyparty 1.18.6 - Reflected Cross-Site Scripting XSS CVE-2025-54589 is a reflected cross-site scripting XSS vulnerability in Copyparty ≤ 1.18.6 where the filter parameter is inserted into the HTML response without proper sanitization, allowing ...

6.3CVSS6.4AI score0.02393EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.424 views

AspEmail v5.6.0.2 - Local Privilege Escalation

Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: https://www.aspemail.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.424 views

Google Chrome 78.0.3904.70 - Remote Code Execution

Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Date: 2022-05-03 Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...

8.8CVSS8.3AI score0.72977EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.424 views

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...

7.7CVSS7.6AI score0.041EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/07/05 12:0 a.m.424 views

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/05/12 12:0 a.m.424 views

Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service

source: https://www.securityfocus.com/bid/47820/info Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Apache APR versions prior to 1.4.4 are vulnerable. ?php / Apache 2.2.17 modautoindex local/remote Denial of Service author: Maksymilian...

4.3CVSS9AI score0.30406EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.423 views

Blood Donor Management System v1.0 - Stored XSS

Exploit Title: Blood Donor Management System v1.0 - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/24 12:0 a.m.423 views

User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.423 views

Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)

Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/22 12:0 a.m.423 views

MyBB 1.8.25 - Chained Remote Command Execution

Exploit Title: MyBB 1.8.25 - Chained Remote Command Execution Exploit Author: SivertPL [email protected] Date: 19.03.2021 Description: Nested autourl Stored XSS - templateset second order SQL Injection leading to RCE through improper string interpolation in eval. Software Link:...

8.8CVSS7.5AI score0.1059EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.423 views

School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14562/school-log-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.423 views

Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)

Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/29 12:0 a.m.424 views

Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation

/ chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offsets have been tested on Ubuntu / Linux Mint. vroom vroom ============================== user@ubuntu:$ una...

7.8CVSS8.2AI score0.11127EPSS
Exploits16
Exploit DB
Exploit DB
added 2024/02/27 12:0 a.m.422 views

Moodle 4.3 - Reflected XSS

Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/13 12:0 a.m.422 views

Splunk 9.0.4 - Information Disclosure

Exploit Title: Splunk 9.0.4 - Information Disclosure Date: 2023-09-18 Exploit Author: Parsa rezaie khiabanloo Vendor Homepage: https://www.splunk.com/ Version: 9.0.4 Tested on: Windows OS Splunk through 9.0.4 allows information disclosure by appending...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/27 12:0 a.m.422 views

ChurchCRM v4.5.3 - Authenticated SQL Injection

Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Tested Version: 4.5.1 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and belo...

7.2CVSS7AI score0.01023EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.422 views

WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WordPress Plugin Elementor 3.6.2 - Remote Code Execution RCE Authenticated Date: 04/16/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://elementor.com/ Software Link: https://wordpress.org/plugins/elementor/advanced/ scroll down to select the...

7.4AI score
Exploits0
Total number of security vulnerabilities5000