Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.378 views

WBCE CMS v1.6.2 - Remote Code Execution (RCE)

Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution RCE Date: 3/5/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.2.zip Version: 1.6.2 Tested on: MacOS import requests from bs4 import BeautifulSo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/19 12:0 a.m.378 views

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...

4.8CVSS5.3AI score0.00762EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/05/13 12:0 a.m.378 views

Prison Management System - SQL Injection Authentication Bypass

Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass Date: 15/03/2024 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html Tested on: Windows ,XAMPP CVE :...

7.3CVSS6.8AI score0.0081EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.378 views

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.378 views

Jedox 2022.4.2 - Remote Code Execution via Directory Traversal

Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47875 Introductio...

8.8CVSS8.9AI score0.1016EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/07 12:0 a.m.378 views

qdPM 9.2 - Cross-site Request Forgery (CSRF)

Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...

8.8CVSS8.9AI score0.0375EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.378 views

Sysax FTP Automation 6.9.0 - Privilege Escalation

Exploit Author: bzyo @bzyo Exploit Title: Sysax FTP Automation 6.9.0 - Privilege Escalation Date: 03-20-2022 Vulnerable Software: Sysax FTP Automation 6.9.0 Vendor Homepage: https://www.sysax.com/ Version: 6.9.0 Software Link: https://www.sysax.com/download/sysaxautosetup.msi Tested on: Windows 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.378 views

Gestionale Open 11.00.00 - Local Privilege Escalation

Exploit Title: Gestionale Open 11.00.00 - Local Privilege Escalation Date: 2021-07-19 Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://www.gestionaleopen.org/ Software Homepage: https://www.gestionaleopen.org/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/21 12:0 a.m.378 views

NIMax 5.3.1f0 - 'VISA Alias' Denial of Service (PoC)

Exploit Title: NIMax 5.3.1f0 - 'VISA Alias' Denial of Service PoC Date: 24/06/2021 Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.378 views

Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Profiling System for Human Resource Management 1.0 - Remote Code Execution Unauthenticated Date: 19-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/12 12:0 a.m.378 views

Small CRM 2.0 - 'email' SQL Injection

Exploit Title: Small CRM 2.0 - 'email' SQL Injection Google Dork: N/A Date: 2020-10-10 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: V2.0 Tested on: Kali Linux CVE : N/A ========== Vulnerable Code =========...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/08 12:0 a.m.378 views

Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)

Exploit title : Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service PoC Exploit Author : LiquidWorm Date : 2020-05-06 Vendor: Extreme Networks Product web page: https://www.extremenetworks.com Datasheet: https://www.aerohive.com/wp-content/uploads/AerohiveDatasheetHiveOS.pdf Affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.378 views

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)

Exploit Title: WordPress Plugin Photo Gallery by 10Web img src=a onerror='alert2;' 4. Click Save. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full...

6.1CVSS6.5AI score0.05303EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/09/26 12:0 a.m.378 views

Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation

/ CVE-2017-1000253.c - an exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x8664 and 3.10.0-514.26.1.el7.x8664 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...

7.8CVSS7.9AI score0.10695EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.377 views

Casdoor < v1.331.0 - '/api/set-password' CSRF

Exploit Title: Casdoor history.pushState'', '', '/'; document.forms0.submit; If a user is logged into the Casdoor Webapp at time of execution, a new user will be created in the app with the following credentials userOwner: builtin userName: admin newPassword: hacked...

6.5CVSS6.7AI score0.03093EPSS
Exploits10
Exploit DB
Exploit DB
added 2024/03/16 12:0 a.m.377 views

Nokia BMC Log Scanner - Remote Code Execution

Exploit Title: Nokia BMC Log Scanner Remote Code Execution Google Dork: N/A Date: November 29, 2023 Exploit Author: Carlos Andres Gonzalez, Matthew Gregory Vendor Homepage: https://www.nokia.com/ Software Link: N/A Version: 13 Tested on: Linux CVE : CVE-2022-45899 Description The BMC Log Scanner...

6.5CVSS7AI score0.00826EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/14 12:0 a.m.377 views

Bludit 4.0.0-rc-2 - Account takeover

Exploit Title: Bludit 4.0.0-rc-2 - Account takeover Author: nu11secur1ty Date: 04.11.2013 Vendor: https://www.bludit.com/ Software: https://github.com/bludit/bludit/releases/tag/4.0.0-rc-2 Reference: https://www.cloudflare.com/learning/access-management/account-takeover/ Reference:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.377 views

Zyxel NWA-1100-NH - Command Injection

Exploit Title: Zyxel NWA-1100-NH - Command Injection Date: 12/4/2022 Exploit Author: Ahmed Alroky Vendor Homepage: https://www.zyxel.com/homepage.shtml Version: ALL BEFORE 2.12 Tested on: Linux CVE : CVE-2021-4039 References :...

10CVSS9.7AI score0.71048EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.377 views

iRZ Mobile Router - CSRF to RCE

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Date: 2022-03-18 Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21,...

9.3CVSS8.8AI score0.34531EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/01/13 12:0 a.m.377 views

Hospitals Patient Records Management System 1.0 - 'room_types' Stored Cross Site Scripting (XSS)

Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomtypes' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/16 12:0 a.m.377 views

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)

Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS Unauthenticated Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.377 views

SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution

Exploit Title: SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution Date: 29.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.377 views

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...

8.8CVSS6.3AI score0.03138EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/11/26 12:0 a.m.377 views

iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC)

Exploit Title: iNetTools for iOS 8.20 - 'Whois' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019-11-25 Vendor Homepage: https://apps.apple.com/mx/app/inettools-ping-dns-port-scan/id561659975 Software Link: App Store for iOS devices Tested Version: 8.20 Vulnerability Type:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2011/10/08 12:0 a.m.377 views

pkexec - Race Condition Privilege Escalation

/ Exploit Title: pkexec Race condition CVE-2011-1485 exploit Author: xi4oyu Tested on: rhel 6 CVE : 2011-1485 Linux pkexec exploit by xi4oyu , thx [email protected] Have fun ¡Á U can reach us @ http://www.wooyun.org : / include include include include include include include include include include...

6.9CVSS7AI score0.05246EPSS
Exploits17
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.376 views

Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

Exploit Title: Simple Backup Plugin 0: printresponse.text Replace with the desired action for the downloaded content filepath = f'simplebackupfilename' with openfilepath, 'wb' as file: file.writeresponse.content printf'File saved in: filepath' else: print"Nothing was downloaded. You can try to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/26 12:0 a.m.376 views

Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)

Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection SSTI Exploit Author: PARAG BAGUL CVE: CVE-2023-30145 Description Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter. Affected Component All versions below...

9.8CVSS9.6AI score0.45858EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/10 12:0 a.m.376 views

Roxy Fileman 1.4.5 - Arbitrary File Upload

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.376 views

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path

Exploit Title: Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-04-11 Vendor : Microsoft Version : 15.0.847.40 Tested on OS: Microsoft Exchange Server 2013 SP1 PoC :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/25 12:0 a.m.376 views

PHPIPAM 1.4.4 - SQLi (Authenticated)

Exploit Title: PHPIPAM 1.4.4 - SQLi Authenticated Google Dork: if applicable Date: 20/01/2022 Exploit Author: Rodolfo "Inc0gbyt3" Tavares Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.4.4 Tested on: Linux/Windows CVE :...

7.2CVSS7AI score0.25243EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.376 views

OpenAM 13.0 - LDAP Injection

Exploit Title: OpenAM 13.0 - LDAP Injection Date: 03/11/2021 Exploit Author: Charlton Trezevant, GuidePoint Security Vendor Homepage: https://www.forgerock.com/ Software Link: https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0,...

7.5CVSS7.8AI score0.76385EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.376 views

Sonicwall SonicOS 7.0 - Host Header Injection

Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection Google Dork: inurl:"auth.html" intitle:"SonicWall" intitle:"SonicWall Analyzer Login" Discovered Date: 03/09/2020 Reported Date: 07/09/2020 Exploit Author: Ramikan Vendor Homepage:sonicwall.com Affected Devices: All SonicWall Next Gen 6...

6.1CVSS6.3AI score0.13041EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.376 views

Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path

Exploit Title: Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path Discovery by: Riadh Bouchahoua Discovery Date: 19-03-2021 Vendor Homepage: https://mosquitto.org/ Software Links : https://mosquitto.org/download/ Tested Version: 2.0.9 Vulnerability Type: Unquoted Service Path...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/18 12:0 a.m.376 views

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Dork:N/A Date: 2020-02-17 Exploit Author: UltraSecurityTeam Team Member = Ashkan Moghaddas , AmirMohammad Safari , Behzad khalife , Milad Ranjbar Vendor Homepage: UltraSec.Org Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/12/01 12:0 a.m.376 views

TVT TD-2308SS-B DVR - Directory Traversal

Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P 3.1.6.P-1.0.2.1-03 3.1.75.B-1.0.2.1-00...

7.8CVSS6.9AI score0.10223EPSS
Exploits6
Exploit DB
Exploit DB
added 2010/12/07 12:0 a.m.376 views

Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation

/ Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which were discovered by Nelson Elhage: CVE-2010-4258 ------------- This is the interesti...

6.2CVSS8.1AI score0.02655EPSS
Exploits11
Exploit DB
Exploit DB
added 2023/07/07 12:0 a.m.375 views

Faculty Evaluation System v1.0 - SQL Injection

Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/01 12:0 a.m.375 views

CHIYU TCP/IP Converter devices - CRLF injection

Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...

6.5CVSS6.5AI score0.18003EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.375 views

Collabtive 3.1 - 'address' Persistent Cross-Site Scripting

Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting Date: 2021-01-23 Exploit Author: Deha Berkin Bir Vendor Homepage: https://collabtive.o-dyn.de/ Version: 3.1 Tested on: Windows & XAMPP CVE: CVE-2021-3298 == Tutorial Executed Payloads " onfocus="alert1" autofocus=" HTML...

5.4CVSS5.6AI score0.02144EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.375 views

Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)

Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...

6.5CVSS6.7AI score0.04206EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.375 views

Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.375 views

Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)

Exploit Title: Restaurant Reservation System 1.0 - 'date' SQL Injection Authenticated Date: 2020-10-05 Exploit Author: b1nary Vendor Homepage: https://www.sourcecodester.com/php/14482/restaurant-reservation-system-php-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/28 12:0 a.m.375 views

Mida eFramework 2.8.9 - Remote Code Execution

Exploit Title: Mida eFramework 2.8.9 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

10CVSS9.8AI score0.57326EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.375 views

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP Bypass) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...

7.8CVSS7.4AI score0.05457EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.375 views

Opencart 3.x - Cross-Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

4.8CVSS5.5AI score0.01952EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.374 views

ServiceNow Multiple Versions - Input Validation & Template Injection

!/usr/bin/env python3 """ Title : ServiceNow Multiple Versions - Input Validation & Template Injection Date: 2025-01-31 Author: ibrahimsql Vendor: ServiceNow Version: Vancouver, Washington DC, Utah various patches affected from 0 before Utah Patch 10 Hot Fix 3 affected from 0 before Utah Patch 10...

9.8CVSS7.4AI score0.99976EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.374 views

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft...

9.8CVSS7AI score0.95086EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.374 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...

5.4CVSS5.8AI score0.00468EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/06/19 12:0 a.m.374 views

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Date: 2023-06-19 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

8.1CVSS8.3AI score0.13625EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/05/31 12:0 a.m.374 views

Pydio Cells 4.1.2 - Server-Side Request Forgery

Exploit Title: Pydio Cells 4.1.2 - Server-Side Request Forgery Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Server-Side Request Forgery Security Risk: medium Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

6.5CVSS6.5AI score0.03846EPSS
Exploits4
Total number of security vulnerabilities5000