Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2019/06/25 12:0 a.m.388 views

Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution

Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !-- FCM-MB40 CSRF to RCE as root, by Aaron Blair @xorcat Full...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/28 12:0 a.m.387 views

Windows TCP/IP - RCE Checker and Denial of Service

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Windows IPv6 CVE-2024-38063 Checker and Denial-Of-Service Date: 2024-08-07 Exploit Author: Photubias Vendor Homepage: https://microsoft.com Vendor Advisory: 1 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Version:...

9.8CVSS7.4AI score0.70564EPSS
Exploits24
Exploit DB
Exploit DB
added 2024/04/03 12:0 a.m.387 views

Quick CMS v6.7 en 2023 - 'password' SQLi

Title: Quick CMS v6.7 en 2023 - 'password' SQLi Author: nu11secur1ty Date: 03/19/2024 Vendor: https://opensolution.org/ Software: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Reference: https://portswigger.net/web-security/sql-injection Description: The password paramete...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/18 12:0 a.m.387 views

WordPress File Upload Plugin < 4.23.3 - Stored XSS

Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "Fil...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.387 views

ChurchCRM 4.4.5 - SQLi

Exploit Title: ChurchCRM 4.4.5 - SQLi Exploit Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection vulnerability in...

7.2CVSS7AI score0.04968EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.387 views

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...

6.1CVSS6.3AI score0.04032EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/09/06 12:0 a.m.387 views

Argus Surveillance DVR 4.0 - Unquoted Service Path

Exploit Title: Argus Surveillance DVR 4.0 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date: 03.09.2021 Version: Argus Surveillance DVR 4.0 Tested on: Windows 10 Note: "Start as service on Windows Startup" must be enabled in Program Options Proof of Concept...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/09 12:0 a.m.387 views

Online Car Rental System 1.0 - Stored Cross Site Scripting

Exploit Title: Online Car Rental System 1.0 - Stored Cross Site Scripting Date: 9/2/2021 Exploit Author: Naved Shaikh Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html Version: V 1.0 Tested on Windo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.387 views

Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)

Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Windo...

8.8CVSS8.9AI score0.02169EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.387 views

Alumni Management System 1.0 - Authentication Bypass

Exploit Title: Alumni Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/19 12:0 a.m.387 views

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak

Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

7.5CVSS7.6AI score0.74881EPSS
Exploits16
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.387 views

Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection

!/usr/bin/perl -w Cisco Titsco Email Security Appliance IronPort C160 Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/08 12:0 a.m.387 views

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...

5.3CVSS5.6AI score0.45095EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/11 12:0 a.m.387 views

Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

!/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpackfrom import sys import socket import time ''' MS17-010 exploit for Windows 2000 and later by sleepya EDB Note: mysmb.py can be found here...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/05/06 12:0 a.m.387 views

VP-ASP 6.00 - 'shopcurrency.asp' SQL Injection

VP-ASP 6.00 SQL Injection / Exploit by [email protected] people claimed there is some underground sploit for vp-asp 6.00 and I was sure that if a sploit really exist in the ug i can find the bug and make a small hack for it ^^ well it didn't take me more then 5 minutes to find a bug in...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.386 views

Devika v1 - Path Traversal via 'snapshot_path'

Exploit Title: Devika v1 - Path Traversal via 'snapshotpath' Parameter Google Dork: N/A Date: 2024-06-29 Exploit Author: Alperen Ergel Contact: @alpernae IG/X Vendor Homepage: https://devikaai.co/ Software Link: https://github.com/stitionai/devika Version: v1 Tested on: Windows 11 Home Edition CV...

9.1CVSS7.4AI score0.11414EPSS
Exploits6
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.386 views

Smart School 6.4.1 - SQL Injection

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Date: 28/09/2023 Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 -...

9.8CVSS9.7AI score0.0106EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/03/20 12:0 a.m.386 views

CSZCMS v1.3.0 - SQL Injection (Authenticated)

Title: CSZCMS v1.3.0 - SQL Injection Authenticated Author: Abdulaziz Almetairy Date: 27/01/2024 Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - L...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.386 views

mooDating 1.2 - Reflected Cross-site scripting (XSS)

Exploit Title: mooDating 1.2 - Reflected Cross-site scripting XSS Exploit Author: CraCkEr aka skalvin Date: 22/07/2023 Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Version: 1.2 Tested on: Windows 10 Pro Impact: Manipulate the...

6.1CVSS6.2AI score0.03678EPSS
Exploits10
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.386 views

Raspberry Pi 5.10 - Default Credentials

Exploit Title: Raspberry Pi 5.10 - Default Credentials Date: 08/12/2021 Exploit Author: netspooky Vendor Homepage: https://www.raspberrypi.com/ Software Link: https://www.raspberrypi.com/software/operating-systems/ Version: Raspberry Pi OS = 5.10 Tested on: Raspberry Pi OS 5.10 CVE : CVE-2021-387...

10CVSS9.6AI score0.15666EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.386 views

Simple Subscription Website 1.0 - SQLi Authentication Bypass

Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...

9.8CVSS9.7AI score0.04729EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.386 views

WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection

Exploit Title: WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection Date: 24/07 2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/newsletter-by-supsystic.1.5.5.zip Category: Web Application Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.386 views

Klog Server 2.4.1 - Command Injection (Unauthenticated)

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.386 views

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Date: 30-12-2020 Exploit Author: Mesut Cetin Vendor Homepage: http://egavilanmedia.com Version: 1.0 Tested on Windows 10, Firefox 83.0, Burp Suite Professional v1.7.34...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.386 views

Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS

Exploit Title: Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/31 12:0 a.m.386 views

Online Book Store 1.0 - 'id' SQL Injection

Title: Online Book Store 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14383/online-book-store.html Software Link: https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store Version: 1.0 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/11 12:0 a.m.386 views

Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path

Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv12.4.18.exe Version: 12.4.18 Tested On: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/18 12:0 a.m.386 views

ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path

Exploit Title: ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path Date: 2019-11-16 Exploit Author : Olimpia Saucedo Vendor Homepage: www.asus.com Version: 1.00.31 Tested on: Windows 10 Pro x64 but it should works on all windows version The application suffers from an unquoted servic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.386 views

thesystem App 1.0 - Persistent Cross-Site Scripting

Exploit Title: thesystem App 1.0 - Persistent Cross-Site Scripting Author: İsmail Güngör Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.386 views

ChaosPro 3.1 - SEH Buffer Overflow

!C:\Python27\python.exe Title : ChaosPro 3.1 Twitter : @securitychops Blog Post : https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html our egg! payload = "T00WT00W" adjust the stack from 00F2FFA6 to 00F2FFA8 payload += "\x83\xC4\x02" the payload payload +=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/08/11 12:0 a.m.386 views

Ovidentia 6.6.5 - 'item' SQL Injection

Ovidentia 6.6.5 Sql Injection AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download : www.ovidentia.org DORK : "Powered by Ovidentia" Bug http://Site/index...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/20 12:0 a.m.385 views

HNAS SMU 14.8.7825 - Information Disclosure

Exploit Title: Hitachi NAS HNAS System Management Unit SMU 14.8.7825 - Information Disclosure CVE: CVE-2023-6538 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host", required=Tru...

7.6CVSS6.7AI score0.01583EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/03/18 12:0 a.m.385 views

Atlassian Confluence < 8.5.3 - Remote Code Execution

Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Date: 25/1/2024 Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Teste...

10CVSS9.8AI score0.99984EPSS
Exploits32
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.385 views

Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/14 12:0 a.m.385 views

Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password

!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/19 12:0 a.m.385 views

osTicket 1.14.2 - SSRF

Exploit Title: osTicket 1.14.2 - SSRF Date: 18-01-2021 Exploit Author: Talat Mehmood Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Version: 4. After submitting this comment, print this ticket. 5. You'll receive a hit on your malicious website from the intern...

9.8CVSS9.6AI score0.73267EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/02/28 12:0 a.m.385 views

qdPM < 9.1 - Remote Code Execution

!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...

8.8CVSS8.7AI score0.83235EPSS
Exploits16
Exploit DB
Exploit DB
added 2019/11/20 12:0 a.m.385 views

OpenNetAdmin 18.1.1 - Remote Code Execution

Exploit Title: OpenNetAdmin 18.1.1 - Remote Code Execution Date: 2019-11-19 Exploit Author: mattpascoe Vendor Homepage: http://opennetadmin.com/ Software Link: https://github.com/opennetadmin/ona Version: v18.1.1 Tested on: Linux Exploit Title: OpenNetAdmin v18.1.1 RCE Date: 2019-11-19 Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.385 views

Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload

===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed description Thanks & Acknowledgements References ==========Vulnerability...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/17 12:0 a.m.385 views

GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion

-------------------------------- 05/18/2007 --------------------------------- GeekLog 2. ImageImageMagick.php RFI Vuln ----------------------------------- ASCII ----------------------------------- / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / -dsd863 at ya...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.384 views

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)

Exploit Title: Roundcube Webmail 1.6.6 - Stored Cross Site Scripting XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Source Webmail Software Software Link: Releases · roundcube/roundcubemail Version: Roundcube client version earlier than 1.5.6 or from 1.6 t...

6.1CVSS6.4AI score0.73296EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.384 views

Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution

Exploit Title: Codigo Markdown Editor v1.0.1 Electron - Arbitrary Code Execution Date: 2023-05-03 Exploit Author: 8bitsec Vendor Homepage: https://alfonzm.github.io/codigo/ Software Link: https://github.com/alfonzm/codigo-app Version: 1.0.1 Tested on: Mac OS 13 Release Date:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/06/03 12:0 a.m.384 views

Zyxel USG FLEX 5.21 - OS Command Injection

Exploit Title: Zyxel USG FLEX 5.21 - OS Command Injection Shodan Dork: title:"USG FLEX 100" title:"USG FLEX 100W" title:"USG FLEX 200" title:"USG FLEX 500" title:"USG FLEX 700" title:"USG20-VPN" title:"USG20W-VPN" title:"ATP 100" title:"ATP 200" title:"ATP 500" title:"ATP 700" title:"ATP 800" Dat...

10CVSS9.8AI score0.99938EPSS
Exploits27
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.384 views

Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-10-19 Exploit Author: Vulnerability Lab Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Tested on: Linux Document Title: =============== Simplephpscripts Simple CMS v2....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/02 12:0 a.m.384 views

i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw

Exploit Title: i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw Date: 27.10.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.i3international.com i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.384 views

OpenClinic GA 5.194.18 - Local Privilege Escalation

Exploit Title: OpenClinic GA 5.194.18 - Local Privilege Escalation Date: 2021-07-24 Author: Alessandro Salzano Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Homepage: https://sourceforge.net/projects/open-clinic/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/25 12:0 a.m.384 views

Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...

8.8CVSS7AI score0.27482EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/08 12:0 a.m.384 views

Online Bus Ticket Reservation 1.0 - SQL Injection

Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection Date: 2020-12-07 Exploit Author: Sakshi Sharma Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/31 12:0 a.m.384 views

SharePoint Workflows - XOML Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SharePoint Workflows XOML Injection', 'Description' = %q This module exploits a vulnerability within SharePoint and its .NET backend that allows ...

10CVSS9.6AI score0.99222EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/27 12:0 a.m.384 views

Torrent 3GP Converter 1.51 - Stack Overflow (SEH)

Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Date: 2020-01-24 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51...

7.4AI score
Exploits0
Total number of security vulnerabilities5000