Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2019/07/15 12:0 a.m.1243 views

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected RDP services by cve-2019-0708 Tested on: Windows XP 32-bits / Windows 7...

10CVSS10AI score0.99999EPSS
Exploits123
Exploit DB
Exploit DB
added 2010/02/04 12:0 a.m.1242 views

Samba 3.4.5 - Symlink Directory Traversal (Metasploit)

source: https://www.securityfocus.com/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.1235 views

Microsoft Windows - 'SMBGhost' Remote Code Execution

!/usr/bin/env python ''' EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of my...

10CVSS9.2AI score0.9981EPSS
Exploits125
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.1234 views

Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

9.8CVSS7.4AI score0.77635EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/08/05 12:0 a.m.1229 views

Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Moodle 3.9 - Remote Code Execution RCE Authenticated Date: 12-05-2021 Exploit Author: lanz Vendor Homepage: https://moodle.org/ Version: Moodle 3.9 Tested on: FreeBSD !/usr/bin/python3 Moodle 3.9 - RCE Authenticated as teacher Based on PoC and Payload to assign full permissions to...

8.8CVSS8.7AI score0.16425EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.1229 views

Online Library Management System 1.0 - Arbitrary File Upload

Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/01 12:0 a.m.1228 views

Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Shiro v1.2.4 Cookie RememberME Deserial RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary code on...

9.8CVSS7.4AI score0.92988EPSS
Exploits9
Exploit DB
Exploit DB
added 2023/03/29 12:0 a.m.1225 views

Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.1222 views

Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload

Exploit Title: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage: https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE: CVE-2020-23972 Description: An attacker can...

7.5CVSS7.6AI score0.31444EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/18 12:0 a.m.1222 views

Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)

Exploit Title : Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting Authenticated Exploit Author : ZwX Exploit Date : 2020-10-23 Vendor Homepage : https://wpforms.com/ Download Plugin : https://downloads.wordpress.org/plugin/wpforms-lite.1.6.3.1.zip + Description Vulnerability:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.1221 views

Apache Flink 1.9.x - File Upload RCE (Unauthenticated)

!/usr/bin/env python3 coding: utf-8 Exploit Title: Apache Flink 1.9.x - File Upload RCE Unauthenticated Google Dork: None Date: 2020.11.01 Exploit Author: bigger.wing Vendor Homepage: https://flink.apache.org/ Software Link: https://flink.apache.org/downloads.html Version: 1.9.x Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/25 12:0 a.m.1215 views

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass

Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

8.1CVSS8.1AI score0.0417EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/15 12:0 a.m.1214 views

Solaris SunSSH 11.0 x86 - libpam Remote Root

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit Author: Hacker Fantastic Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris11-overview.html Version: 11 Tested on: SunOS solaris 5.11 11.0 / SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871...

10CVSS7AI score0.80291EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/04/05 12:0 a.m.1213 views

Mini Mouse 9.2.0 - Remote Code Execution

Exploit Title: Mini Mouse 9.2.0 - Remote Code Execution Author: gosh Date: 01-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi Version: 9.2.0 Tested on: Windows 10 Pro build 19042.662 !/usr/bin/python3 import requests import json...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/02 12:0 a.m.1212 views

Mozilla Firefox 67 - Array.pop JIT Type Confusion

Exploit Title: Mozilla Firefox 67 - Array.pop JIT Type Confusion Date: 2021-12-07 Type: RCE Platform: Windows Exploit Author: deadlock Forrest Orr Author Homepage: https://forrest-orr.net Vendor Homepage: https://www.mozilla.org/en-US/ Software Link:...

10CVSS9.3AI score0.55874EPSS
Exploits14
Exploit DB
Exploit DB
added 2020/10/23 12:0 a.m.1197 views

Car Rental Management System 1.0 - Arbitrary File Upload

Exploit Title: Car Rental Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana and Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/02 12:0 a.m.1197 views

WhatsApp Remote Code Execution - Paper

%PDF-1.5 %���� 46 0 obj endobj 47 0 obj /W 1 3 1 /Index 46 78 /Info 70 0 R /Root 48 0 R /Size 124 /Prev 558655 /ID stream x�cbd�gb8 "Y��lc��"�����d�-g3��:��@$���"e��� R,���6J@�� 0�D����X001�7v�I � �  endstream endobj 48 0 obj endobj 49 0 obj stream x�cb�ee���...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/04 12:0 a.m.1196 views

Android - Binder Driver Use-After-Free

The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. As described in the upstream commit:...

7.8CVSS8.1AI score0.72105EPSS
Exploits28
Exploit DB
Exploit DB
added 2020/05/15 12:0 a.m.1194 views

ManageEngine Service Desk 10.0 - Cross-Site Scripting

Exploit Title: ManageEngine Service Desk 10.0 - Cross-Site Scripting Date: 2020-05-14 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/service-desk/download.html Version: 10.0 10000.0.0.0 Tested on: Window...

6.1CVSS6.3AI score0.06301EPSS
Exploits3
Exploit DB
Exploit DB
added 2006/09/25 12:0 a.m.1191 views

BirdBlog 1.x - 'comment.php?entryid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.1188 views

Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting

Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: http://demo.themeftc.com/wibar Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/05 12:0 a.m.1186 views

Xmind 2020 - Persistent Cross-Site Scripting

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2009/11/12 12:0 a.m.1183 views

Linux Kernel 2.6.32 - 'pipe.c' Local Privilege Escalation (4)

while : ; do echo y ; sleep 1 ; | while read ; do echo z$REPLY; done ; & PID=$! OUT=$ps -efl | grep 'sleep 1' | grep -v grep | read PID REST ; echo $PID; OUT="$OUT%% " DELAY=$RANDOM 1000 / 32768 usleep $DELAY 1000 + RANDOM % 1000 echo n /proc/$OUT/fd/1 Trigger defect done...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/05/16 12:0 a.m.1180 views

RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass

xx vnc-411-unixsrc.bl4ck/common/rfb/CConnection.cxx --- vnc-411-unixsrc/common/rfb/CConnection.cxx 2005-03-11 09:08:41.000000000 -0600 +++ vnc-411-unixsrc.bl4ck/common/rfb/CConnection.cxx 2006-05-15 14:03:30.000000000 -0500 @@ -183,7 +183,12 @@ // Inform the server of our decision if secType !=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.1178 views

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if lensys.argv != 4:...

6.5AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.1173 views

Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)

Title: Mailman 1.x 2.1.23 - Cross Site Scripting XSS Type: Reflected XSS Software: Mailman Version: =1.x = 2.1.23 Vendor Homepage: https://www.list.org Original link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950 POC Author: Valerio Alessandroni Date: 28/10/2020 Description:...

6.1CVSS6.7AI score0.04569EPSS
Exploits3
Exploit DB
Exploit DB
added 2016/12/04 12:0 a.m.1172 views

BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution

!/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to...

6.4CVSS7AI score0.37016EPSS
Exploits13
Exploit DB
Exploit DB
added 2020/09/18 12:0 a.m.1169 views

Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Mantis Bug Tracker 2.3.0 - Remote Code Execution Unauthenticated Date: 2020-09-17 Vulnerability Discovery: hyp3rlinx, permanull Exploit Author: Nikolas Geiselman Vendor Homepage: https://mantisbt.org/ Software Link: https://mantisbt.org/download.php Version: 1.3.0/2.3.0 Tested on:...

8.8CVSS7.8AI score0.90856EPSS
Exploits12
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.1163 views

Hikvision Web Server Build 210702 - Command Injection

Exploit Title: Hikvision Web Server Build 210702 - Command Injection Exploit Author: bashis Vendor Homepage: https://www.hikvision.com/ Version: 1.0 CVE: CVE-2021-36260 Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html All credit to WatchfulIP...

9.8CVSS9.6AI score0.99869EPSS
Exploits23
Exploit DB
Exploit DB
added 2016/11/14 12:0 a.m.1163 views

Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Local Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Linux BPF Local Privilege Escalation', 'Description' = %q Linux kernel =4.4 with CONFIGBPFSYSCALL and...

7.8CVSS7.8AI score0.10202EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.1159 views

SugarCRM 6.5.18 - Persistent Cross-Site Scripting

Exploit Title: SugarCRM 6.5.18 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-16 Vendor Homepage: https://www.sugarcrm.com Version: 6.5.18 Document Title: =============== SugarCRM v6.5.18 - Contacts Persistent Cross Site Web Vulnerability References Source:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/02/06 12:0 a.m.1158 views

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. RewriteRule ^...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.1157 views

DedeCMS v.5.8 - "keyword" Cross-Site Scripting

Exploit Title: DedeCMS v.5.8 - "keyword" Cross-Site Scripting Date: 2020-07-27 Exploit Author: Noth Vendor Homepage: https://github.com/dedetech/DedeCMSv5 Software Link: https://github.com/dedetech/DedeCMSv5 Version: v.5.8 CVE : CVE-2020-27533 A Cross Site Scripting XSS issue was discovered in th...

5.4CVSS5.6AI score0.03463EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/09/27 12:0 a.m.1144 views

SmarterStats 11.3.6347 - Cross-Site Scripting

---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries ---------------------------- Author: David Hoyt Date:...

6.1CVSS6.3AI score0.02466EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/11/30 12:0 a.m.1139 views

Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)

Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 28-11-2020 Remote: Yes Exploit Author: Óscar Andreu Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows...

10CVSS9.5AI score0.99323EPSS
Exploits23
Exploit DB
Exploit DB
added 2022/03/08 12:0 a.m.1134 views

Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)

// Exploit Title: Linux Kernel 5.8 Proof-of-concept exploit for the Dirty Pipe vulnerability CVE-2022-0847 caused by an uninitialized "pipebuffer.flags" variable. It demonstrates how to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on...

7.8CVSS8.4AI score0.89063EPSS
Exploits100
Exploit DB
Exploit DB
added 2020/11/18 12:0 a.m.1134 views

ZeroLogon - Netlogon Elevation of Privilege

Exploit Title: ZeroLogon - Netlogon Elevation of Privilege Date: 2020-10-04 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Tested on: Microsof...

10CVSS8.7AI score0.99512EPSS
Exploits75
Exploit DB
Exploit DB
added 2005/10/31 12:0 a.m.1132 views

PHP 4.x/5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/04 12:0 a.m.1128 views

Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path

Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path Discovery Date: 2020-09-03 Discovery by: chipo Vendor Homepage: https://nordvpn.com Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Tested Version: 6.31.13.0 Tested on OS:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/01 12:0 a.m.1122 views

Shopping Portal ProVersion 3.0 - Authentication Bypass

Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Descriptio...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/03 12:0 a.m.1122 views

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability', 'Description' = %q This module exploits a vulnerability in Apache Tomcat's...

9.3CVSS7.1AI score0.99652EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.1120 views

Foxit Reader 9.0.1.1049 - Arbitrary Code Execution

Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution Date: 2020-08-29 Exploit Author: CrossWire Vendor Homepage: https://www.foxitsoftware.com/ Software Link:...

8.8CVSS8.7AI score0.63313EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/07/07 12:0 a.m.1117 views

Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...

9.8CVSS9.5AI score0.95242EPSS
Exploits16
Exploit DB
Exploit DB
added 2020/10/21 12:0 a.m.1114 views

Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting

Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting Product Name Exploit Author: Adeeb Shah @hyd3sec Date: August 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.1109 views

WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)

Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...

9.8CVSS9.6AI score0.86896EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.1101 views

libupnp 1.6.18 - Stack-based buffer overflow (DoS)

Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow DoS Date: 2020-08-20 Exploit Author: Patrik Lantz Vendor Homepage: https://pupnp.sourceforge.io/ Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download Version: = 1.6.6 Tested on:...

10CVSS6.9AI score0.82807EPSS
Exploits6
Exploit DB
Exploit DB
added 2013/02/05 12:0 a.m.1100 views

FreeBSD 9.1 - 'ftpd' Remote Denial of Service

FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 --- 1. Description --- I have decided check BSD ftpd servers once again for wildcards. Old bug in libc CVE-2011-0418...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.1092 views

Zabbix 5.0.0 - Stored XSS via URL Widget Iframe

Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe Date: 8/11/2020 Exploit Author: Shwetabh Vishnoi Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/download Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before...

6.1CVSS6.6AI score0.32304EPSS
Exploits2
Exploit DB
Exploit DB
added 2010/11/24 12:0 a.m.1087 views

ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)

$Id: coldfusionfckeditor.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.5CVSS6.9AI score0.83865EPSS
Exploits10
Exploit DB
Exploit DB
added 2017/10/20 12:0 a.m.1085 views

Axis SSI - Remote Command Execution / Read Files

STX Subject: SSI Remote Execute and Read Files Researcher: bashis August 2016 Release date: October, 2017 Old stuff that I've forgotten, fixed Q3/2016 by Axis Attack Vector: Remote Authentication: Anonymous no credentials needed Conditions: The cam must be configure to allow anonymous view Execut...

7AI score
Exploits0
Total number of security vulnerabilities5000