Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.401 views

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion

Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...

7.8CVSS7.7AI score0.97233EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.401 views

dotProject 2.1.9 - SQL Injection

Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9 Category: Webapps Tested on: Xampp for Windows Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/07/09 12:0 a.m.401 views

Online Guestbook Pro 5.1 - 'ogp_show.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43689/info Online Guestbook Pro is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/18 12:0 a.m.400 views

BigAnt Office Messenger 5.6.06 - SQL Injection

Exploit Title: BigAnt Office Messenger 5.6.06 - SQL Injection Date: 01.09.2025 Exploit Author: Nicat Abbasov Vendor Homepage: https://www.bigantsoft.com/ Software Link: https://www.bigantsoft.com/download.html Version: 5.6.06 Tested on: 5.6.06 CVE : CVE-2024-54761 Github repo:...

6.3CVSS7.4AI score0.01759EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/06/20 12:0 a.m.400 views

Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)

Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution RCE Google Dork: N/A Date: 2025-06-19 Exploit Author: Likhith Appalaneni Vendor Homepage: https://kubernetes.github.io/ingress-nginx/ Software Link: https://github.com/kubernetes/ingress-nginx Version: ingress-nginx v4.11.0 on Kubernetes...

9.8CVSS7.4AI score0.99098EPSS
Exploits20
Exploit DB
Exploit DB
added 2023/06/09 12:0 a.m.400 views

Thruk Monitoring Web Interface 3.06 - Path Traversal

Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit +...

8.8CVSS8.8AI score0.62682EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/02/23 12:0 a.m.400 views

Air Cargo Management System v1.0 - SQLi

Title: Air Cargo Management System v1.0 - SQLi Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/04 12:0 a.m.400 views

Lodging Reservation Management System 1.0 - Authentication Bypass

Exploit Title: Lodging Reservation Management System 1.0 - Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.400 views

Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...

9CVSS7.1AI score0.54081EPSS
Exploits11
Exploit DB
Exploit DB
added 2021/07/09 12:0 a.m.400 views

Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE

Exploit Title: Church Management System 1.0 - SQL Injection Authentication Bypass + Arbitrary File Upload + RCE Date: 05-07-2021 Exploit Author: Eleonora Guardini eleguardini93 at gmail dot com or eleonora.guardini at dedagroup dot com Vendor Homepage: https://www.sourcecodester.com Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/05 12:0 a.m.400 views

WordPress Plugin WP Learn Manager 1.1.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin WP Learn Manager 1.1.2 - Stored Cross-Site Scripting XSS Date: July 2, 2021 Exploit Author: Mohammed Adam Vendor Homepage: https://wplearnmanager.com/ Software Link: https://wordpress.org/plugins/learn-manager/ Version: 1.1.2 References link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.400 views

IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read

!/usr/bin/perl -w IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read Todor Donev 2019 c Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/05 12:0 a.m.400 views

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion

=========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694 Version: v5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/01 12:0 a.m.399 views

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Exploit title: Microsoft - NTLM Hash Disclosure Spoofing library-ms Exploit Author: John Page aka hyp3rlinx x.com/hyp3rlinx ISR: ApparitionSec Back in 2018, I reported a ".library-ms" File NTLM information disclosure vulnerability to MSRC and was told "it was not severe enough", that being said I...

6.5CVSS7.2AI score0.58974EPSS
Exploits20
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.399 views

GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/25 12:0 a.m.399 views

SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path

Exploit Title: SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path Discovery by: Brian Rodriguez Date: 21-06-2021 Vendor Homepage: https://brother.com/ Tested Version: 7.60 Vulnerability Type: Unquoted Service Path Tested on: Windows 10 Enterprise 64 bits Step to discover Unquoted Service Path:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.399 views

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

7.5CVSS7.6AI score0.02252EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.399 views

Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.399 views

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Title: Mobatek MobaXterm 12.1 - Buffer Overflow SEH Author: Xavi Beltran Date: 2019-08-31 Vendor: xavibel.com Vedor Page: https://mobaxterm.mobatek.net/download.html Software Link: https://download.mobatek.net/1112019010310554/MobaXtermPortablev11.1.zip Exploit Development process:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.399 views

thesystem App 1.0 - 'server_name' SQL Injection

Exploit Title: thesystem 1.0 - 'servername' SQL Injection Author: Sadik Cetin Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.398 views

Daily Habit Tracker 1.0 - Broken Access Control

Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on:...

9.8CVSS9.7AI score0.19503EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.398 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...

6.1CVSS6.4AI score0.00436EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.399 views

Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)

Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Date: 2023-05-02 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" ta...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/25 12:0 a.m.398 views

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)

Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2021-08-03 Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett...

8.8CVSS8.7AI score0.83235EPSS
Exploits16
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.398 views

Plastic SCM 10.0.16.5622 - WebAdmin Server Access

Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...

7.5CVSS7.7AI score0.08939EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/10 12:0 a.m.398 views

Student Result Management System 1.0 - 'class' SQL Injection

Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Date: 09.09.2020 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/07 12:0 a.m.398 views

Composr CMS 10.0.36 - Cross Site Scripting

Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting Date: 04/06/2021 Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30150 Vulnerable Endpoint:...

6.1CVSS6.3AI score0.02775EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/09/18 12:0 a.m.398 views

SpamTitan 7.07 - Remote Code Execution (Authenticated)

Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

9CVSS7.6AI score0.09644EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/01/23 12:0 a.m.398 views

Pachev FTP Server 1.0 - Path Traversal

Exploit Title: Pachev FTP Server 1.0 - Path Traversal Date: 2020-01-23 Vulnerability: Path Traversal Exploit Author: 1F98D Vendor Homepage: https://github.com/pachev/pachevftp from ftplib import FTP ip = rawinput"Target IP: " port = intrawinput"Target Port: " ftp = FTP ftp.connecthost=ip, port=po...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/03 12:0 a.m.398 views

mintinstall 7.9.9 - Code Execution

Exploit Title: mintinstall aka Software Manager object injection Date: 10/02/2019 Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-17080 import os import sys def...

7.8CVSS7.9AI score0.08204EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/05/17 12:0 a.m.398 views

Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution

Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach $widget as $widgetKey = $fields foreach $fields as...

8.8CVSS8.8AI score0.05993EPSS
Exploits4
Exploit DB
Exploit DB
added 2009/09/09 12:0 a.m.398 views

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)

This is the second version of Linux socksendpage NULL pointer dereference exploit. Now, it also works with Linux kernel versions which implements COW credentials e.g. Fedora 11. For SELinux enforced systems, it automatically searches in the SELinux policy rules for types with mmapzero permission ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/18 12:0 a.m.398 views

OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Denial of Service

/ OpenBSD 4.2 rtlabelid2name SIOCGIFRTLABEL ioctl Null Pointer Dereference local Denial of Service Exploit by Hunger Advisory: http://marc.info/?l=openbsd-security-announce&m=120007327504064 FOR TESTING PURPOSES ONLY! $ uname -mrsv OpenBSD 4.2 GENERIC375 i386 $ id uid=1000hunger gid=1000hunger...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.397 views

Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege

Titles: Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege Author: nu11secur1ty Date: 07/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/windows/windows-11?r=1 Reference: https://portswigger.net/web-security/access-control CVE-2025-49677 Descripti...

7CVSS7.4AI score0.0095EPSS
Exploits1
Exploit DB
Exploit DB
added 2024/03/03 12:0 a.m.397 views

Real Estate Management System v1.0 - Remote Code Execution via File Upload

Exploit Title: Real Estate Management System v1.0 - Remote Code Execution via File Upload Date: 2/11/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://codeastro.com Version: V1.0 Tested on: Windows 11 + XAMPP 8.0.30 + Burp Suite Professional v2023.12.1.3 Description This Vulnerability all...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.397 views

Wp2Fac - OS Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/12 12:0 a.m.397 views

F5 BIG-IP 16.0.x - Remote Code Execution (RCE)

Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x CVE : CVE-2022-1388 from requests import Request, Session import sys import json def title: print''' / \ \ / / | | \ / \ | \ / | ...

9.8CVSS10AI score0.99956EPSS
Exploits63
Exploit DB
Exploit DB
added 2022/01/19 12:0 a.m.397 views

Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 05/01/2022 Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities References Source: ====================...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/11 12:0 a.m.397 views

AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.397 views

PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)

Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting XSS Date: 2021-10-21 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/08 12:0 a.m.397 views

Wyomind Help Desk 1.3.6 - Remote Code Execution (RCE)

Exploit Title: Wyomind Help Desk 1.3.6 - Remote Code Execution RCE Date: 2021-07-07 Exploit Author: Patrik Lantz Vendor Homepage: https://www.wyomind.com/magento2/helpdesk-magento-2.html Version: Content-Type: multipart/form-data; boundary=---------------------------243970849510445067673127196635...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.397 views

Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path

Exploit Title: Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 700.1631 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es St...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/26 12:0 a.m.397 views

Windscribe 1.83 - 'WindscribeService' Unquoted Service Path

Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Date: 2020-06-26 Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/21 12:0 a.m.397 views

GNU Mailutils 3.7 - Privilege Escalation

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

7.8CVSS7.8AI score0.01135EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.396 views

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Google Dork: inurl:"/admin/pages/add" "Anchor CMS" Date: 2025-06-08 Exploit Author: /bin/neko Vendor Homepage: http://anchorcms.com Software Link: https://github.com/anchorcms/anchor-cms Version: 0.12.7 Tested on: Ubuntu 22.04 +...

5.4CVSS5.6AI score0.00558EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/04/21 12:0 a.m.396 views

Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation

Exploit Title: Palo Alto PAN-OS bool: ret = False uri = "/ssl-vpn/hipreport.esp" s = requests.Session r = "" headers = "User-Agent" : \ "Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKit/537.36 KHTML, like Gecko Chrome/118.0.0.0 Safari/537.36", Windows 10 Chrome 118.0.0.0 "Content-Type":...

10CVSS9.8AI score0.99999EPSS
Exploits43
Exploit DB
Exploit DB
added 2024/02/19 12:0 a.m.396 views

JFrog Artifactory < 7.25.4 - Blind SQL Injection

Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...

8.8CVSS8.9AI score0.00997EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.396 views

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Authenticated Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt Date: 2023-07-27 Exploit Author: Mehran Seifalinia Vendor Homepage: https://ninjaforms.com/ Software Link:...

7.1CVSS7AI score0.0601EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.396 views

AD Manager Plus 7122 - Remote Code Execution (RCE)

Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...

10CVSS8.8AI score0.99999EPSS
Exploits354
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.396 views

PHP Melody 3.0 - 'vid' SQL Injection

Exploit Title: PHP Melody 3.0 - 'vid' SQL Injection Date: 2021-10-20 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Document Title: =============== PHP Melody v3.0 - vid SQL Injection Vulnerability References Source: ====================...

7.4AI score
Exploits0
Total number of security vulnerabilities5000