Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2004/12/15 12:0 a.m.1488 views

CUPS 1.1.x - '.HPGL' File Processor Buffer Overflow

source: https://www.securityfocus.com/bid/11968/info CUPS is reported prone to a remote buffer overflow vulnerability. The issue is reported to exist in the 'hpgl-input.c' source file and is because of a lack of sufficient boundary checks performed on data contained in HPGL files. A remote attack...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/22 12:0 a.m.1466 views

Gym Management System 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-05-21 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/gym-management-system-project-in-php/ Version: 1.0 Tested On:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/08/04 12:0 a.m.1455 views

elgg 1.5 - '/_css/js.php' Local File Inclusion

Product: elgg.org Version: dbname,$mysqldblink 48: if $simplecacheenabled || $override 49: $filename = $dataroot . 'viewssimplecache/' . md5$viewtype . $view; 51: $contents = filegetcontents$filename; 56: else 59: $contents = elggview$view; /lib/elgglib.php: 237: function elggview$view, .. 317:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/10 12:0 a.m.1440 views

CuteNews 2.1.2 - Remote Code Execution

Exploit Title: CuteNews 2.1.2 - Remote Code Execution Google Dork: N/A Date: 2020-09-10 Exploit Author: Musyoka Ian Vendor Homepage: https://cutephp.com/cutenews/downloading.php Software Link: https://cutephp.com/cutenews/downloading.php Version: CuteNews 2.1.2 Tested on: Ubuntu 20.04, CuteNews...

8.8CVSS8.7AI score0.52901EPSS
Exploits10
Exploit DB
Exploit DB
added 2021/06/24 12:0 a.m.1438 views

Adobe ColdFusion 8 - Remote Command Execution (RCE)

Exploit Title: Adobe ColdFusion 8 - Remote Command Execution RCE Google Dork: intext:"adobe coldfusion 8" Date: 24/06/2021 Exploit Author: Pergyz Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: 8 Tested on: Microsoft Windows Server 2008 R2 Standard CVE :...

7.5CVSS7AI score0.83865EPSS
Exploits10
Exploit DB
Exploit DB
added 2006/05/06 12:0 a.m.1431 views

AWStats 6.5 - 'migrate' Remote Shell Command Injection

!/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org 65.99.197.147 53377 id uid=81apach...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.1424 views

HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account

Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d Tested on: Linux CVE: N/A References:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.1423 views

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
Exploit DB
Exploit DB
added 2019/04/12 12:0 a.m.1412 views

Microsoft Internet Explorer 11 - XML External Entity Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Internet Explorer v11 latest version...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/13 12:0 a.m.1404 views

Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)

Exploit Title: Microsoft Windows 10 - Local Privilege Escalation UAC Bypass Author: Nassim Asrir Date: 2019-01-10 Exploit Author: Nassim Asrir CVE: N/A Tested On: Windows 10Pro 1809 Vendor : https://www.microsoft.com Technical Details I discovered a Local Privilege Escalation in Windows 10 UAC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/09 12:0 a.m.1400 views

Bludit 3.9.12 - Directory Traversal

Exploit Title: Bludit 3.9.12 - Directory Traversal Date: 2020-06-05 Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/env python3 -- coding: utf-8 -- import...

8.8CVSS8.7AI score0.77962EPSS
Exploits16
Exploit DB
Exploit DB
added 2014/07/21 12:0 a.m.1389 views

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition

-- 0. Sparse summary Race condition between updating httpd's "scoreboard" and modstatus, leading to several critical scenarios like heap buffer overflow with user supplied payload and leaking heap which can leak critical memory containing htaccess credentials, ssl certificates private keys and so...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/22 12:0 a.m.1388 views

Microsoft Windows 7/2003/2008 RDP - Remote Code Execution

RDP Blue POC by k8gege Local: Win7 python Target: Win2003 & Win2008 open 3389 import socket import sys import os import platform buf="" buf+="\x03\x00\x00\x13" TPKT, Version 3, lenght 19 buf+="\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x00\x00\x00\x00" ITU-T Rec X.224 buf+="\x03\x00\x01\xd6"...

10CVSS10AI score0.99999EPSS
Exploits123
Exploit DB
Exploit DB
added 2014/03/15 12:0 a.m.1386 views

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs from ips.txt This is a generic exploit for 64-bit...

7.5CVSS7AI score0.87475EPSS
Exploits15
Exploit DB
Exploit DB
added 2020/05/19 12:0 a.m.1384 views

Victor CMS 1.0 - Authenticated Arbitrary File Upload

Exploit Title: Victor CMS 1.0 - Authenticated Arbitrary File Upload Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.1377 views

PHP imap_open - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'php imapopen Remote Code Execution', 'Description' = %q The imapopen function within php, if called without the /norsh flag, will attempt to...

8.5CVSS7.4AI score0.9523EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.1376 views

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)

Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo...

9.8CVSS9.2AI score0.99964EPSS
Exploits175
Exploit DB
Exploit DB
added 2019/10/24 12:0 a.m.1373 views

Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Polkit pkexec helper PTRACETRACEME local root exploit', 'Description' = %q This module exploits an issue in ptracelink in kernel/ptrace.c...

7.8CVSS8.4AI score0.52199EPSS
Exploits21
Exploit DB
Exploit DB
added 2020/11/25 12:0 a.m.1371 views

SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow

Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow Date: 18-Sep-2020 Exploit Author: Abdessalam kingA.salam Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7,windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/11 12:0 a.m.1371 views

MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service

VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 0.6 Date: May 1st, 2017 Tag: miniupnpc getHTTPResponse chunked encoding integer signedness error Overview -------- Name: miniupnpc Vendor: Thomas Bernard References: http://miniupnp.free.fr/ 1...

9.8CVSS9.6AI score0.24027EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.1367 views

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

Exploit Title: Fortinet FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...

9.8CVSS9.9AI score0.99999EPSS
Exploits22
Exploit DB
Exploit DB
added 2020/06/08 12:0 a.m.1362 views

Kyocera Printer d-COPIA253MF - Directory Traversal (PoC)

Exploit Title : Kyocera Printer d-COPIA253MF - Directory Traversal PoC Exploit Author: Hakan Eren ŞAN Date: 2020-06-06 Vendor Homepage: https://www.kyoceradocumentsolutions.com.tr/tr.html Version: d-COPIA253MF plus Tested on : Linux Credit: Berat Isler First step , you can capture the main page...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/01 12:0 a.m.1360 views

Advanced Comment System 1.0 - Remote Command Execution (RCE)

Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Date: November 30, 2021 Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.1358 views

IncomCMS 2.0 - Insecure File Upload

Exploit Title: IncomCMS 2.0 - Insecure File Upload Google Dork: intext:"Incom CMS 2.0" Date: 07.12.2020 Exploit Author: MoeAlBarbari Vendor Homepage: https://www.incomcms.com/ Version: 2.0 Tested on: BackBox linux CVE: CVE-2020-29597 Upload your files Upload your file...

9.8CVSS9.8AI score0.71006EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/08/02 12:0 a.m.1353 views

uftpd 2.10 - Directory Traversal (Authenticated)

Exploit Title: uftpd 2.10 - Directory Traversal Authenticated Google Dork: N/A Exploit Author: Aaron Esau arinerron Vendor Homepage: https://github.com/troglobit/uftpd Software Link: https://github.com/troglobit/uftpd Version: 2.7 to 2.10 Tested on: Linux CVE : CVE-2020-20277 Reference:...

9.8CVSS9.7AI score0.25249EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.1349 views

jQuery UI 1.12.1 - Denial of Service (DoS)

Exploit Title: jQuery UI 1.12.1 - Denial of Service DoS Date: 20 Jan, 2021 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://jqueryui.com/ Software Link: https://jqueryui.com/download/ Version: DoS - jQuery UI 1.12.1 DoS - jQuery UI 1.12.1 Exploit PoC by Rafael Cintra Lopes function...

6.6AI score
Exploits4
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.1349 views

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

Exploit Title: Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Date: 23/09/2018 Author: Nassim Asrir Vendor Homepage: https://www.pfsense.org/ Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2019-16701 Tested On: Windows 1064bit | Pfsense 2.3.4 / 2.4.4-...

9CVSS7AI score0.19614EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/31 12:0 a.m.1345 views

Zabbix 3.4.7 - Stored XSS

Exploit Title: Zabbix 3.4.7 - Stored XSS Date: 30-03-2021 Exploit Author: Radmil Gazizov Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn3.4.7 Version: 3.4.7 Tested on: Linux Reference - https://github.com/GloryToMoon/POCcodes/blob/main/zabbixstoredxss347.txt 1...

9.1CVSS9.3AI score0.5415EPSS
Exploits5
Exploit DB
Exploit DB
added 2016/10/18 12:0 a.m.1345 views

Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)

/ Exploit Title: Windows x86 all versions AFD privilege escalation MS11-046 Date: 2016-10-16 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows XP SP3 x86 Windows XP Pro SP2 x64 Windows Server 2003 SP2 x86 Windows Server 2003 SP2 x64 Windows Server 2003 SP2 Itanium-based Systems Windo...

7.2CVSS6.8AI score0.08488EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.1342 views

Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation

// Linux 4.10 // - added known helper paths // - added search for suitable helpers // - added automatic targeting // - changed target suid exectuable from passwd to pkexec // https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272 // --- // Tested on: // - Ubuntu 16.04.5 kernel...

7.8CVSS7.1AI score0.52199EPSS
Exploits21
Exploit DB
Exploit DB
added 2016/03/16 12:0 a.m.1334 views

OpenSSH 7.2p1 - (Authenticated) xauth Command Injection

''' Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor: OpenBSD References: http://www.openssh.com/1 Version: 7.2...

6.4CVSS7.1AI score0.37016EPSS
Exploits13
Exploit DB
Exploit DB
added 2016/01/04 12:0 a.m.1327 views

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)

!/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3...

10CVSS9.5AI score0.99323EPSS
Exploits23
Exploit DB
Exploit DB
added 2011/05/21 12:0 a.m.1315 views

E-Manage MySchool 7.02 - SQL Injection

Exploit Title: SQL Injection MySchool Version 7.02 Google Dork: "MySchool Version 7.02" Date: 05-21-2011 Software Link: http://em.com.eg/ Version: Version 7.02 Author: az7rb Tested on : winxp sp3 Ar end bt5 Homepage : www.p0c.cc Greetz : p0c Team & Dr.NaNo & All My Msn Messenger Friends wWw.p0c.c...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/27 12:0 a.m.1315 views

OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service

!/bin/bash OpenSSH CRC compensation attack detection DoS PoC. Tavis Ormandy Yes, I really did implement crc-32 in bash. usage: script victim hostname hostname=$1:-localhost port=$2:-22 where the fifo is created to communicate with netcat fifo=/tmp/nc.$$ make the fifos mkfifo $fifo.in mkfifo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/23 12:0 a.m.1304 views

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution

Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short raises an exception if a string is provided for a value...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/14 12:0 a.m.1303 views

Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Exploit Title: Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Author: nu11secur1ty Date: 2020-03-31 Vendor: Oracle Software Link: https://download.oracle.com/otn/nt/middleware/12c/122140/fmw12.2.1.4.0wlsDisk11of1.zip Exploit link:...

9.8CVSS9.6AI score0.97116EPSS
Exploits26
Exploit DB
Exploit DB
added 2021/03/25 12:0 a.m.1301 views

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting

Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Date: 3/24/21 Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerabilit...

6.1CVSS6.7AI score0.08632EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/03 12:0 a.m.1298 views

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...

7.8CVSS8.2AI score0.55367EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/12/21 12:0 a.m.1295 views

Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload

Exploit Title: Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload Date: 12/20/2020 Exploit Author: Ramón Vila Ferreres @ramonvfer Vendor Homepage: https://contactform7.com Software Link: https://wordpress.org/plugins/contact-form-7/ Version: 5.3.1 and below Tested on: Windows 10 190...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2015/06/10 12:0 a.m.1294 views

ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.5 ModCopy Command Execution', 'Description' = %q This module exploits the SITE CPFR/CPTO commands in ProFTPD version...

10CVSS7.4AI score0.96803EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/10/02 12:0 a.m.1293 views

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DOUBLEPULSAR Payload Execution and Neutralization', 'Description' = %q This module executes a Metasploit payload against the Equation Group's...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/30 12:0 a.m.1271 views

WordPress Plugin Adserve 0.2 - 'adclick.php' SQL Injection

getvar"SELECT url FROM $tablename WHERE id=$id;"; Exploit id variable isnt filtered so we can inject and check the output in the Location response-header If exploit is succesfull Wordpress administrators login and md5 hashed password is retrieved echo "\n"; echo "-------WordPress Adserve plugin v...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.1268 views

Aerospike Database 5.1.0.3 - OS Command Execution

Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution Date: 2020-08-01 Exploit Author: Matt S Vendor Homepage: https://www.aerospike.com/ Version: &1|nc ip port /tmp/ft&' def getclientcfg: try: return aerospike.client 'hosts': cfg.ahost, cfg.aport, 'policies': 'timeout': 8000.connect...

10CVSS9.6AI score0.86749EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/11/12 12:0 a.m.1258 views

Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection

Exploit Title: Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection Software Link: https://codecanyon.net/item/good-lms-learning-management-system-wp-plugin/9033850 Version: prefix . 'gdlrpayment '; 688- $sql .= 'WHERE id=' . $POST'id' . ' AND '; 689- $sql .=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/11/03 12:0 a.m.1257 views

Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation (2)

/ source: https://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/18 12:0 a.m.1256 views

BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery

Exploit Title: BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery Date: 2020-09-11 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://bigbluebutton.org/ Version: BigBlueButton 2.2.25 RedTeam Pentesting discovered a vulnerability in the BigBlueButton web...

6.5CVSS7.1AI score0.08825EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/06/20 12:0 a.m.1255 views

SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS9.8AI score0.99637EPSS
Exploits23
Exploit DB
Exploit DB
added 2020/11/25 12:0 a.m.1250 views

Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path

Exploit Title: Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path Date: 2020-11-24 Exploit Author: Luis Sandoval Vendor Homepage: https://www.wondershare.com/ Software Link: https://www.wondershare.com/drfone/ Version: 10.7.1.321 Tested on: Windows 10 Hom...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.1245 views

WordPress Core < 4.7.4 - Unauthorized Password Reset

============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High ============================================= Source:...

5.9CVSS6.2AI score0.26699EPSS
Exploits7
Exploit DB
Exploit DB
added 2013/04/08 12:0 a.m.1244 views

MongoDB - nativeHelper.apply Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MongoDB nativeHelper.apply Remote Cod...

6CVSS7AI score0.44543EPSS
Exploits7
Total number of security vulnerabilities5000