Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2024/05/04 12:0 a.m.339 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.339 views

Joomla HikaShop 4.7.4 - Reflected XSS

Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: Hikari Software Team Vendor Homepage: https://www.hikashop.com/ Software Link: https://demo.hikashop.com/index.php/en/ Joomla Extension Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/06/04 12:0 a.m.339 views

STARFACE 7.3.0.10 - Authentication with Password Hash Possible

Exploit Title: STARFACE 7.3.0.10 - Authentication with Password Hash Possible Affected Versions: 7.3.0.10 and earlier versions Fixed Versions: - Vulnerability Type: Broken Authentication Security Risk: low Vendor URL: https://www.starface.de Vendor Status: notified Advisory URL:...

8.1CVSS8.2AI score0.04421EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/31 12:0 a.m.339 views

Online Security Guards Hiring System 1.0 - Reflected XSS

Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Google Dork : NA Date: 23-01-2023 Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows ...

6.1CVSS6.3AI score0.06169EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/05/12 12:0 a.m.339 views

Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)

Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...

8.8CVSS7AI score0.57317EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/02/08 12:0 a.m.339 views

WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting XSS Date: 2022-01-26 Exploit Author: Shweta Mahajan Vendor Homepage: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/ Software Link: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/ Test...

4.8CVSS5.5AI score0.05063EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.339 views

Seacms 11.1 - 'file' Local File Inclusion

Exploit Title: Seacms 11.1 - 'file' Local File Inclusion Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 GET /SEACMS111/5f9js3/adminsafe.php?action=download&file=C:/windows/system.ini HTTP/1.1 Host: 192.168.137.139...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/14 12:0 a.m.339 views

D-Link DIR-600M - Authentication Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2019-13101 D-Link DIR-600M Incorrect Access Control', 'Description' = %q This module attempts to find D-Link router DIR-600M which is...

9.8CVSS9.8AI score0.67091EPSS
Exploits2
Exploit DB
Exploit DB
added 2016/11/28 12:0 a.m.340 views

Google Android - 'BadKernel' Remote Code Execution

function gc forvar i=0;i0.toString16; function log var str = ""; forvar i=0;i"; console.logstr; document.writestr; function setaccessaddressaddress controllerdv.setUint3234,address,true; controllerdv.setUint3244,0x40000000,true; function getdateviewaddress setaccessaddressaddress;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/11/18 12:0 a.m.339 views

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (8)

!/usr/bin/perl See http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=1806 Very simple PERL script to execute commands on IIS Unicode vulnerable servers Use port number with SSLproxy for testing SSL sites Usage: unicodexecute2 IP:port command Only makes use of "Socket" library New i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/26 12:0 a.m.338 views

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)

Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...

8.8CVSS9.5AI score0.19519EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/07/28 12:0 a.m.338 views

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Software Link: https://github.com/stephenmcd/mezzanine Version: 6.1.0 Category: Web Application...

4.8CVSS6.5AI score0.00576EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.338 views

Pimcore customer-data-framework 4.2.0 - SQL injection

Exploit Title: Pimcore customer-data-framework 4.2.0 - SQL injection Date: 01/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore versions prior to 10.5.21 Tested on: Ubuntu 20.04 with Pimcore 10.5.20 CVE:...

7.2CVSS7AI score0.00824EPSS
Exploits2
Exploit DB
Exploit DB
added 2024/04/15 12:0 a.m.338 views

Jenkins 2.441 - Local File Inclusion

Exploit Title: Jenkins 2.441 - Local File Inclusion Date: 14/04/2024 Exploit Author: Matisse Beckandt Backendt Vendor Homepage: https://www.jenkins.io/ Software Link: https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-2.441.zip Version: 2.441 Tested on: Debian 12 Bookworm CVE:...

9.8CVSS9.7AI score0.99999EPSS
Exploits46
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.338 views

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Date: 09/25/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.338 views

Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping

Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Google Dork: NA Date: 22-07-2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.keepersecurity.com/enGB/ Software Link: https://www.keepersecurity.com/enGB/get-keeper.html Version: Desktop App...

5.5CVSS7AI score0.00734EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.338 views

GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...

7.8CVSS7AI score0.07685EPSS
Exploits7
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.338 views

TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...

8.8CVSS8.8AI score0.32355EPSS
Exploits7
Exploit DB
Exploit DB
added 2022/03/23 12:0 a.m.338 views

ProtonVPN 1.26.0 - Unquoted Service Path

Exploit Title: ProtonVPN 1.26.0 - Unquoted Service Path Date: 22/03/2022 Exploit Author: gemreda @gemredax Vendor Homepage: https://protonvpn.com/ Software Link: https://protonvpn.com/ Version: 1.26.0 Tested: Windows 10 x64 Contact: [email protected] PS C:\Users\Emre sc.exe qc "ProtonVPN Wireguard" ...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/27 12:0 a.m.338 views

Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers

Exploit Title: Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers Date: 24/09/2021 Exploit Author: Michael Alamoot Vendor Homepage: https://www.cisco.com/ Version: RV130W 1.0.3.44 Tested on: Kali linux ! /usr/bin/env python3 from scapy.contrib.eigrp import EIGRPAuthData from...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/05 12:0 a.m.338 views

Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

7.2CVSS7.1AI score0.84112EPSS
Exploits9
Exploit DB
Exploit DB
added 2021/06/03 12:0 a.m.338 views

Gitlab 13.9.3 - Remote Code Execution (Authenticated)

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Date: 02/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/11254...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.338 views

RedwoodHQ 2.5.5 - Authentication Bypass

-- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link: https://redwoodhq.com/redwood-download/ Tested on: Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/25 12:0 a.m.338 views

JioFi 4G M2S 1.0.2 - Denial of Service

Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

6.5CVSS6.5AI score0.04766EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/23 12:0 a.m.338 views

Microsoft Windows CONTACT - HTML Injection / Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program + ZDI-CAN-7591 Vendor...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/08/05 12:0 a.m.338 views

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

!/usr/bin/env python Exploit Title: PoC for BIND9 TKEY DoS Exploit Author: elceef Software Link: https://github.com/elceef/tkeypoc/ Version: ISC BIND 9 Tested on: multiple CVE : CVE-2015-5477 import socket import sys print'CVE-2015-5477 BIND9 TKEY PoC' if lensys.argv 2: print'Usage: ' + sys.argv0...

7.8CVSS7.8AI score0.91284EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/08/18 12:0 a.m.337 views

Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)

/ Exploit Title: Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection XXE Google Dork: N/A Date: 2025-08-17 Exploit Author: Byte Reaper Vendor Homepage: https://www.lantronix.com/ Software Link: https://www.lantronix.com/products/lantronix-provisioning-manager/ Version:...

8.6CVSS7.4AI score0.01667EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.337 views

TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow

/ Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - DHCP Stack Buffer Overflow Date: 10/20/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-11237 Category: Remote Technical...

9.8CVSS7.1AI score0.05198EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/15 12:0 a.m.337 views

OpenClinic GA 5.247.01 - Information Disclosure

Exploit Title: OpenClinic GA 5.247.01 - Information Disclosure Date: 2023-08-14 Exploit Author: VB Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11 CVE:...

7.5CVSS7.6AI score0.03002EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.337 views

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Exploit Title: Crypto Currency Tracker CCT 9.5 - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register...

9.8CVSS9.7AI score0.03564EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/06 12:0 a.m.337 views

Lost and Found Information System v1.0 - SQL Injection

Exploit Title: Lost and Found Information System v1.0 - SQL Injection Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /php-lfis/admin/?page=systeminfo/contactinformation Tested on: Windows/Linux CVE : CVE-2023-33592 import requests URL of the...

9.8CVSS9.7AI score0.03832EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/25 12:0 a.m.337 views

KodExplorer 4.49 - CSRF to Arbitrary File Upload

Exploit Title: KodExplorer | | | | | | | / | | |\ \ | /| | | //|/ //\ ./||/|| || | | // | | || KODExplorer = v4.49 Remote Code Executon Coded by MrEmpy ''' def httpd: port = 8080 httpddir = os.path.joinos.path.dirnamefile, 'http' os.chdirhttpddir Handler =...

8.8CVSS8.8AI score0.02666EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.337 views

SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)

Exploit Title: SolarView Compact 6.00 - 'pow' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29301 Tested on: Windows Proof Of Concept:...

6.6AI score
Exploits3
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.337 views

Printix Client 1.3.1106.0 - Remote Code Execution (RCE)

Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Date: 3/1/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8,...

9.8CVSS9.7AI score0.18235EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.337 views

PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/16 12:0 a.m.337 views

COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass

Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/05 12:0 a.m.337 views

Rockstar Service - Insecure File Permissions

Exploit Title: Rockstar Service - Insecure File Permissions Date: 2020-04-02 Exploit Author: George Tsimpidas Software Link : https://socialclub.rockstargames.com/rockstar-games-launcher Version Patch: 1.0.37.349 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/21 12:0 a.m.337 views

ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path

Exploit Title: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path Discovery by: Burhanettin Özgenç Discovery Date: 2020-09-15 Vendor Homepage: https://www.forensit.com/downloads.html Tested Version: 2.2.0.4 Vulnerability Type: Unquoted Service Path Tested on OS: Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.336 views

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...

4.3CVSS7.4AI score0.00785EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/02 12:0 a.m.336 views

SAP NetWeaver - 7.53 - HTTP Request Smuggling

Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 - HTTP Request Smuggling Through SAP's Front Door Google Dork: https://github.com/BecodoExploit-mrCAT/SAPGateBreaker-Exploit/blob/main/dorks Date: Tuesday, April 2, 2025 Exploit Author: @C41Tx90 - Victor de Queiroz - Beco do Exploit - Elytron...

10CVSS7.4AI score0.97945EPSS
Exploits8
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.336 views

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Google Dork: n/a Date: 04/02/2024 Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/03 12:0 a.m.336 views

Petrol Pump Management Software v.1.0 - SQL Injection

Exploit Title: Petrol Pump Management Software v.1.0 - SQL Injection Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0 Tested on:...

9.8CVSS7AI score0.12946EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/06/13 12:0 a.m.336 views

Teachers Record Management System 1.0 - File Upload Type Validation

Exploit Title: Teachers Record Management System 1.0 – File Upload Type Validation Date: 17-01-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3187 =============================== STEPSTOREPRODUCE...

6.5CVSS5.7AI score0.02556EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/31 12:0 a.m.336 views

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

7.2CVSS7AI score0.14507EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/07/06 12:0 a.m.336 views

perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)

Exploit Title: perfexcrm 1.10 - 'State' Stored Cross-site scripting XSS Date: 05/07/2021 Exploit Author: Alhasan Abbas exploit.msf Vendor Homepage: https://www.perfexcrm.com/ Version: 1.10 Tested on: windows 10 Vunlerable page: /clients/profile POC: ---- POST /clients/profile HTTP/1.1 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/14 12:0 a.m.336 views

phpMyChat Plus 1.98 - 'pmc_username' SQL Injection

Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1.98 Tested on Windows 10/Kali Rolling The phpMyCh...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/15 12:0 a.m.336 views

Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate

EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts "...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/04 12:0 a.m.336 views

LabCollector 5.423 - SQL Injection

Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Date: 09/09/2019 Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author: Carlos Avila Category: webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/02/11 12:0 a.m.336 views

Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Local Privilege Escalation

/ Just a lame binder local root exploit stub. Somewhat messy but whatever. The bug was reported in CVE-2013-6282. Tested on Android 4.2.2 and 4.4. Kernels 3.0.57, 3.4.5 and few more. All up to 3.4.5 unpatched should be vulnerable. You need to customize the addresses so that they match the target...

8.8CVSS9.2AI score0.39711EPSS
Exploits9
Exploit DB
Exploit DB
added 2003/04/07 12:0 a.m.336 views

Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow (4)

source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt...

7.4AI score
Exploits0
Total number of security vulnerabilities5000