Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2021/03/18 12:0 a.m.396 views

VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS

Title: VestaCP 0.9.8 - 'vinterface' Add IP Stored XSS Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com alert1&vshared=on&vowner=admin&vname=&vnat=&ok=Add...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/09 12:0 a.m.396 views

AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path

Exploit Title: AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path Date: 2020-12-11 Exploit Author: Mohammed Alshehri Vendor Homepage: Anytxt.net Software Link: https://sourceforge.net/projects/anytxt/files/AnyTXT.Searcher.1.2.394.exe Version: Version 1.2.394 Tested on: Microsoft Windows ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.396 views

Cassandra Web 0.5.0 - Remote File Read

Exploit Title: Cassandra Web 0.5.0 - Remote File Read Date: 12-28-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://github.com/avalanche123/cassandra-web Software Link: https://rubygems.org/gems/cassandra-web/versions/0.5.0 Version: 0.5.0 Tested on: Linux !/usr/bin/python -- coding: UTF-...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.396 views

Pharmacy Store Management System 1.0 - 'id' SQL Injection

Exploit Title: Pharmacy Store Management System 1.0 - 'id' SQL Injection Google Dork: N/A Date: 1.12.2020 Exploit Author: Aydın Baran Ertemir Vendor Homepage: https://www.sourcecodester.com/php/13225/pharmacy-store-management-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/21 12:0 a.m.396 views

CSZ CMS 1.2.7 - 'title' HTML Injection

Exploit Title: CSZ CMS 1.2.7 - 'title' HTML Injection Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Authenticated user can inject hyperlink to Backend System Dashboard and Member...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.395 views

Grandstream GSD3710 1.0.11.13 - Stack Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Overflow Date: 2025-05-29 Exploit Author: Pepelux Vendor Homepage: https://www.grandstream.com/ Version: Grandstream GSD3710 - firmware:1.0.11.13 and lower Tested on: Linux and MacOS CVE: CVE-2022-2025 """ Author: Jose Lui...

9.8CVSS7.4AI score0.04122EPSS
Exploits1
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.395 views

PrusaSlicer 2.6.1 - Arbitrary code execution

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Date: 16/01/2024 Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and...

5.3CVSS6.8AI score0.0072EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.395 views

Joomla! v4.2.8 - Unauthenticated information disclosure

!/usr/bin/env ruby Exploit Title: Joomla! v4.2.8 - Unauthenticated information disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2023-23752 Date: 2023-03-24 Vendor Homepage:...

5.3CVSS5.9AI score0.99827EPSS
Exploits43
Exploit DB
Exploit DB
added 2022/03/23 12:0 a.m.395 views

WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/08 12:0 a.m.395 views

Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Wing FTP Server - Authenticated RCE Date: 02/06/2022 Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe Version: " %...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.395 views

Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)

Exploit Title: Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting XSS Date: 2021-10-22 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/ Version: 3.5 Document Title: =============== Isshue Shopping Cart v3.5 - Cross Site W...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.395 views

Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

7.5CVSS7.6AI score0.19612EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.395 views

WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS

Exploit Title: WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settingscurrencycode' Stored XSS Date: 04-01-2021 Software Link: https://wordpress.org/plugins/stripe-payments/developers Exploit Author: Park Won Seok Contact: [email protected] Category: Webapps Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.395 views

Prey 1.9.6 - "CronService" Unquoted Service Path

Exploit Title: Prey 1.9.6 - "CronService" Unquoted Service Path Discovery by: Ömer Tuygun Discovery Date:16.10.2020 Vendor Homepage: https://preyproject.com/ Software Link: https://preyproject.com/download/ Tested Version: 1.9.6 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 P...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/01 12:0 a.m.395 views

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download Version: 3.3.16 Tested on: Linux Ubuntu 18.04 CVE: N/A 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/21 12:0 a.m.395 views

Composr CMS 10.0.30 - Persistent Cross-Site Scripting

Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Date: 2020-02-06 Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last revised: May 21, 2020 - Discovered by:...

5.4CVSS5.8AI score0.00652EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/08/21 12:0 a.m.395 views

LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the abilit...

9.8CVSS9.2AI score0.31215EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/05/22 12:0 a.m.395 views

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

8.8CVSS7.4AI score0.01536EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/02/02 12:0 a.m.395 views

WordPress Core 4.7.0/4.7.1 - Content Injection

2017 - @leonjza Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html Usage example: List available posts: $ python inject.py http://localhost:8070/ Discovering API Endpoint API liv...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.394 views

Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

Title: Jorani v1.0.3-c2014-2023 - XSS Reflected & Information Disclosure Author: nu11secur1ty Date: 08/27/2023 Vendor: https://jorani.org/ Software: https://demo.jorani.org/session/login Reference: https://portswigger.net/web-security/cross-site-scripting Reference:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.394 views

Lucee 5.4.2.17 - Authenticated Reflected XSS

Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS Google Dork: NA Date: 05/08/2023 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/28 12:0 a.m.394 views

Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path

Exploit Title: Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-24 Vendor Homepage: https://www.cobiansoft.com/ Software Link : https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/02 12:0 a.m.394 views

YouTube Video Grabber 1.9.9.1 - Buffer Overflow (SEH)

Exploit Title: YouTube Video Grabber 1.9.9.1 - Buffer Overflow SEH Date: 01.11.2021 Software Link: https://www.litexmedia.com/ytgrabber.exe Exploit Author: Achilles Tested Version: 1.9.9.1 Tested on: Windows 7 64bit 1.- Run python code : YouTube.py 2.- Open EVIL.txt and copy All content to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/18 12:0 a.m.394 views

crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow

Exploit Title: crossfire-server 1.9.0 - 'SetUp' Remote Buffer Overflow Exploit Author: Khaled Salem @Khaled0x07 Software Link: https://www.exploit-db.com/apps/43240af83a4414d2dcc19fff3af31a63-crossfire-1.9.0.tar.gz Version: 1.9.0 Tested on: Kali Linux 2020.4 CVE : CVE-2006-1236 !/bin/python impor...

7.5CVSS6.8AI score0.27396EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.394 views

Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)

Exploit Title: Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit Authenticated Date: 12-29-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://support.zoom.us/hc/en-us/articles/201363093-Deploying-the-Meeting-Connector Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.394 views

Seacms 11.1 - 'checkuser' Stored XSS

Exploit Title: Seacms 11.1 - 'checkuser' Stored XSS Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 POST /SEACMS111/5f9js3/adminsafe.php?action=setting HTTP/1.1 Host: 192.168.137.139 User-Agent: Mozilla/5.0 Windows N...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/22 12:0 a.m.394 views

Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC)

Exploit Title: Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service PoC Date: 2020-05-16 Found by: Alvaro J. Gene Socket0x03 Software Link: https://konica-minolta-ftp-utility.software.informer.com/download/ Vulnerable Application: Konica Minolta FTP Utility Version: 1.0 Server: FTP Server...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/11 12:0 a.m.394 views

National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation

Exploit Title: National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation Discovery Date: 2019-10-10 Exploit Author: Ivan Marmolejo Vendor Homepage: http://www.ni.com/en-us.html Software Link: https://www.ni.com/en-us/shop/select/circuit-design-suite Version: 14.0 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/05/18 12:0 a.m.394 views

Joomla! Component JComments 2.1 - 'ComntrNam' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40230/info The JComments component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/10/01 12:0 a.m.393 views

openSIS 9.1 - SQLi (Authenticated)

Exploit Title: openSIS 9.1 - SQLi Authenticated Google Dork: intext:"openSIS is a product" Date: 09.09.2024 Exploit Author: Devrim Dıragumandan d0ub1edd Vendor Homepage: https://www.os4ed.com/ Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 Version: 9.1 Tested on: Linux ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/28 12:0 a.m.393 views

Workout Journal App 1.0 - Stored XSS

Exploit Title: Workout Journal App 1.0 - Stored XSS Date: 12.01.2024 Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows /...

4.7CVSS6.7AI score0.00443EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.393 views

Member Login Script 3.3 - Client-side desync

Title: Member Login Script 3.3 - Client-side desync Author: nu11secur1ty Date: 08/25/2023 Vendor: https://www.phpjabbers.com/ Reference: https://portswigger.net/web-security/request-smuggling/browser/client-side-desync Description: The server appears to be vulnerable to client-side desync attacks...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.393 views

Apache Tomcat 10.1 - Denial Of Service

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...

7.5CVSS7AI score0.73139EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.393 views

Virtua Software Cobranca 12S - SQLi

Exploit Title: Virtua Software Cobranca 12S - SQLi Shodan Query: http.favicon.hash:876876147 Date: 13/08/2021 Exploit Author: Luca Regne Vendor Homepage: https://www.virtuasoftware.com.br/ Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S1308.exe Version: 12S Tested on: Windo...

7.5CVSS7.6AI score0.29667EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/04/11 12:0 a.m.393 views

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)

Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion LFI Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.franklinfueling.com/ Version: 1.8.19.8580 Tested on: Linux Firefox CVE : CVE-2021-46417 Proof of Concept...

7.8CVSS7.6AI score0.59753EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.393 views

Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Date: 24/10/2021 Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/01 12:0 a.m.393 views

Telegram Desktop 2.9.2 - Denial of Service (PoC)

Exploit Title: Telegram Desktop 2.9.2 - Denial of Service PoC Exploit Author: Aryan Chehreghani Date: 2021-08-30 Vendor Homepage: https://telegram.org Software Link: https://telegram.org/dl/desktop/win64 Tested Version: 2.9.2 x64 Tested on OS: Windows 10 Enterprise About App Telegram is a messagi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/21 12:0 a.m.393 views

Mida eFramework 2.9.0 - Back Door Access

Exploit Title: Mida eFramework 2.9.0 - Back Door Access Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

9.8CVSS9.7AI score0.18293EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.393 views

V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download

Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Date: 2019-09-27 Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.393 views

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/05/06 12:0 a.m.393 views

AV Arcade - 'Search' Cross-Site Scripting / HTML Injection

Exploit Title: AV Arcade Search Field XSS/HTML Injection Date: 6/5/2010 Author: Vadim Toptunov, http://www.twitter.com/pentesting Software Link: http://www.avscripts.net/avarcade/ Version: 5.1.4 Free and Pro latest and prior Tested on: Any NIX CVE : N/a Code : below Description: AV arcade is a fr...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/25 12:0 a.m.393 views

PHPSavant Savant2 - 'Stylesheet.php?MosConfig_absolute_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/19151/info Savant2 is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/28 12:0 a.m.392 views

Blood Bank v1.0 - Multiple SQL Injection

Exploit Title: Blood Bank v1.0 SQL Injection Vulnerability Date: 2023-11-14 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0...

5.5CVSS5.5AI score0.00394EPSS
Exploits9
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.392 views

News Portal v4.0 - SQL Injection (Unauthorized)

Exploit Title: News Portal v4.0 - SQL Injection Unauthorized Date: 09/07/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/c Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/14 12:0 a.m.393 views

Microsoft Internet Explorer / ActiveX Control - Security Bypass

Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt twitter.com/hyp3rlinx ISR:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.392 views

KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path

Exploit Title: KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-11-08 Vendor : KMSpico Version : ServiceKMS 17.1.0.0 Vendor Homepage : https://official-kmspico.com/ Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc "Service...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/05 12:0 a.m.392 views

PhreeBooks ERP 5.2.5 - Remote Command Execution

Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmail BOZKURT...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.392 views

elFinder 2.1.47 - 'PHP connector' Command Injection

!/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqid" : "1693222c439f4", "cmd" : "upload", "target" :...

9.8CVSS9.5AI score0.96633EPSS
Exploits11
Exploit DB
Exploit DB
added 2009/08/31 12:0 a.m.392 views

Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation

/ Linux socksendpage NULL pointer dereference Copyright 2009 Ramon de Carvalho Valle This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.391 views

Cisco ISE 3.0 - Remote Code Execution (RCE)

Exploit Title: Cisco ISE 3.0 - Remote Code Execution RCE Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Java Deserialization RCE CVE: CVE-2025-20124 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...

9.9CVSS7.4AI score0.17218EPSS
Exploits4
Total number of security vulnerabilities5000