Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2019/06/06 12:0 a.m.359 views

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion

Exploit Title: Remote file inclusion Date: 03-06-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References: https://nvd.nist.gov/vuln/detail/CVE-2019-12477...

5.5CVSS5.5AI score0.13318EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.358 views

PCMan FTP Server 2.0.7 - Buffer Overflow

Exploit Title: PCMan FTP Server 2.0.7 - Buffer Overflow Date: 04/17/2025 Exploit Author: Fernando Mengali Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0.7 Tested on: Windows XP SP3 - Version 5.1...

9.8CVSS7AI score0.01854EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.358 views

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload...

9.8CVSS7AI score0.43683EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.358 views

AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

Exploit Title: Life Insurance Management Stored System- cross-site scripting XSS Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEG...

6.1CVSS6.6AI score0.00299EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/06/23 12:0 a.m.358 views

NCH Express Invoice - Clear Text Password Storage and Account Takeover

Exploit Title: NCH Express Invoice - Clear Text Password Storage and Account Takeover Google Dork:: intitle:ExpressInvoice - Login Date: 07/Apr/2020 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://www.nchsoftware.com/ Software Link:...

7.8CVSS7.8AI score0.00999EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.358 views

PMB 7.4.6 - SQL Injection

Exploit Title: PMB 7.4.6 - SQL Injection Google Dork: inurl:opaccss Date: 2023-01-06 Exploit Author: str0xo DZ Walid Ben https://github.com/Str0xo Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 7.4.6 -==== Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.358 views

WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection

Exploit Title: WordPress Plugin Welcart e-Commerce 2.0.0 - 'searchordercolumn0' SQL injection Date: 04/08 2020 Exploit Author: Erik David Martin Vendor Homepage: https://www.welcart.com/ Software Link: https://downloads.wordpress.org/plugin/usc-e-shop.2.0.0.zip Category: Web Application Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/22 12:0 a.m.358 views

Artworks Gallery Management System 1.0 - 'id' SQL Injection

Exploit Title: Artworks Gallery Management System 1.0 - 'id' SQL Injection Exploit Author: Vijay Sachdeva Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/14634/artworks-gallery-management-system-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/20 12:0 a.m.358 views

Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/17 12:0 a.m.358 views

WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software Link: https://wordpress.org/plugins/popup-builder/ Version: 3.49 Tested...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/09/28 12:0 a.m.358 views

vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exploit Title: Vtiger CRM = 6.3.0 Authenticated Remote Code Execution Date: 2015-09-28 Exploit Author: Benjamin Daniel Mussler Vendor Homepage: https://www.vtiger.com Software Link: https://www.vtiger.com/open-source-downloads/ Version: 6.3.0 and lowe...

8.8CVSS7.9AI score0.40241EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.357 views

SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal

Exploit Title: SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal Date: 2025-05-28 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.solarwinds.com/serv-u-managed-file-transfer-server Software Link:...

8.6CVSS7.3AI score0.99614EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/05/06 12:0 a.m.357 views

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/grokability/snipe-it Version: /printassigned endpoint. This...

5CVSS7AI score0.01189EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.357 views

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption

Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Buffer Overflow Memory Corruption Date: 11/24/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12344 Category: Remote...

9.8CVSS7.1AI score0.01842EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/24 12:0 a.m.357 views

User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection Unauthenticated Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/25 12:0 a.m.357 views

Zenphoto 1.6 - Multiple stored XSS

Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/25 12:0 a.m.357 views

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

9.8CVSS9.3AI score0.12453EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/28 12:0 a.m.357 views

WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation

Exploit Title: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation Date: 02/16/2022 Exploit Author: Momen Eldawakhly Cyber Guy at Cypro AB Vendor Homepage: https://www.wago.com Version: Firmware version 03.05.1017 Tested on: PopOS! Linux ======================================== = The ordinary us...

9AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/22 12:0 a.m.357 views

KeePass 2.44 - Denial of Service (PoC)

Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/30 12:0 a.m.357 views

Ajenti 2.1.31 - Remote Code Exection (Metasploit)

Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit: https://metasploit.com/download...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/20 12:0 a.m.357 views

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1)

E-DB Note: https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafte...

8.1CVSS8.6AI score0.99988EPSS
Exploits23
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.356 views

Shelly PRO 4PM v0.11.0 - Authentication Bypass

!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...

5.3CVSS5.4AI score0.02462EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.356 views

Atom CMS 2.0 - Remote Code Execution (RCE)

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

9.8CVSS9.6AI score0.54766EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/14 12:0 a.m.356 views

Baixar GLPI Project 9.4.6 - SQLi

Exploit Title: Baixar GLPI Project 9.4.6 - SQLi Date: 10/12 Exploit Author: Joas Antonio Vendor Homepage: https://glpi-project.org/pt-br/ https://www.blueonyx.it/ Software Link: https://glpi-project.org/pt-br/baixar/ Version: GLPI - 9.4.6 Tested on: Windows/Linux CVE : CVE-2021-44617 POC1:...

9.8CVSS9.7AI score0.02089EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.356 views

Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass

Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/26 12:0 a.m.356 views

WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting XSS Date: 10/25/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.filterable-portfolio.com/ Software Link: https://wordpress.org/plugins/fg-gallery/ Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.356 views

WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.356 views

DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)

Exploit Title: DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow SEH Egghunter Date: 2020-07-26 Exploit Author: MasterVlad Vendor Homepage: https://www.diskboss.com/ Software Link: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Version: 7.7.14...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.356 views

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Product HC10 HC.Server Service 10.14 HC10 is a unified hosting...

7.5CVSS7.6AI score0.08793EPSS
Exploits5
Exploit DB
Exploit DB
added 2016/03/30 12:0 a.m.356 views

Google Android 5.0.1 - Metaphor Stagefright (ASLR Bypass)

Source: https://github.com/NorthBit/Metaphor Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd. Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf Twitter: https://twitter.com/HighByte Metaphor's source code is now released! T...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.355 views

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover

Exploit Title: Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover Shodan Dork: html:"expedition project" FOFA Dork: "expedition project" && iconhash="1499876150" Exploit Author: ByteHunter Email: [email protected] Vulnerable Versions: 1.2 1.2.92 Tested on: 1.2.90.1 & 1.2.75 CVE ...

9.8CVSS9.8AI score0.91783EPSS
Exploits9
Exploit DB
Exploit DB
added 2024/03/14 12:0 a.m.355 views

Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)

Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution RCE - Shodan Dork: http.htmlhash:-1402735717 - Fofa Dork: body="img/freeloginge.gif" && body="./img/loginbg.gif" - Exploit Author: ByteHunter - Email: [email protected] - Version: PSG-5124LINK SOFTWARE RELEASE:26293 - Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/11 12:0 a.m.355 views

WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

7.5CVSS7.6AI score0.30894EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.355 views

Online ID Generator 1.0 - Remote Code Execution (RCE)

Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.355 views

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

6.1CVSS6.3AI score0.48533EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/31 12:0 a.m.355 views

Pydio Cells 4.1.2 - Unauthorised Role Assignments

Exploit Title: Pydio Cells 4.1.2 - Unauthorised Role Assignments Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Privilege Escalation Security Risk: high Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

8.8CVSS7AI score0.14197EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.355 views

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution RCE Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html Version:...

9.8CVSS8.4AI score0.9767EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.355 views

WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)

Exploit Title: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service PoC Author: Luis Martinez Discovery Date: 2021-05-18 Vendor Homepage: https://apps.apple.com/mx/app/webssh-ssh-client/id497714887 Software Link: App Store for iOS devices Tested Version: 14.16.10 Vulnerability Type: Denial of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/15 12:0 a.m.355 views

rConfig 3.9.5 - Remote Code Execution (Unauthenticated)

Exploit Title: rConfig 3.9.5 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-10-13 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/downloads/rconfig-3.9.5.zip Version: rConfig v3.9.5 Tested on: CentOS 7 x6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/16 12:0 a.m.355 views

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation

Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CVE: CVE-2020-2696 / raptordtsessionipa.c - CDE dtsession L...

8.8CVSS8.8AI score0.00643EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.355 views

October CMS - Upload Protection Bypass Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/19 12:0 a.m.355 views

Samba 3.3.5 - Format String / Security Bypass

source: https://www.securityfocus.com/bid/35472/info Samba is prone to multiple vulnerabilities. Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application or to bypass certain security restrictions. Samba 3.0.31 through 3.3.5 are affected. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/12/13 12:0 a.m.355 views

PHPCOIN 1.2.2 - '/includes/db.php?$_CCFG[_PKG_PATH_DBSE]' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote PHP code and execute it in the context ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/26 12:0 a.m.354 views

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution RCE Date: 25-06-2025 Exploit Author: Huseyin Mardini @housma Original Researcher: Luka Sikic Original Exploit Author: hash3liZer Vendor Homepage: https://wordpress.org/plugins/social-warfare/ Softwa...

6.1CVSS7AI score0.73543EPSS
Exploits20
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.354 views

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation

Exploit Title: Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation Date: 2025-05-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-38193 pragma once...

7.8CVSS7.2AI score0.27561EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/03/03 12:0 a.m.354 views

Boss Mini 1.4.0 - local file inclusion

Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...

9.8CVSS9.7AI score0.75387EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.354 views

Icinga Web 2.10 - Arbitrary File Disclosure

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...

7.5CVSS7.7AI score0.89378EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/10/19 12:0 a.m.354 views

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/14 12:0 a.m.354 views

Purchase Order Management System 1.0 - Remote File Upload

Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Date: 2021-09-14 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/21 12:0 a.m.354 views

KevinLAB BEMS 1.0 - Authentication Bypass

Exploit Title: KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Date: 05.07.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kevinlab.com Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Manageme...

7.4AI score
Exploits0
Total number of security vulnerabilities5000