Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.332 views

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting XSS Exploit Author: LiquidWorm enteliTouch XSS input type="hidden" nam...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/11 12:0 a.m.332 views

Telesquare TLR-2855KS6 - Arbitrary File Deletion

Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host:...

9.1CVSS9.4AI score0.71384EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.332 views

Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)

Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service PoC Date: 2021-10-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://cmder.net Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip Version: v1.3.18 Tested on: Windows 10 About ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/19 12:0 a.m.332 views

Charity Management System CMS 1.0 - Multiple Vulnerabilities

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/21 12:0 a.m.332 views

Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path

Exploit Title: Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LMbdsvc' Unquoted Service Path Date: 2021-06-20 Exploit Author: Julio Aviña Vendor Homepage: https://www.lexmark.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/10 12:0 a.m.332 views

DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path

Exploit Title: DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/dhcpbbv4retailx64.exe Tested Version: 4.1.0.1503...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.332 views

Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting

Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/14 12:0 a.m.332 views

RAD SecFlow-1v SF_0290_2.3.01.26 - Cross-Site Request Forgery (Reboot)

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Cross-Site Request Forgery Reboot Date: 2020-08-31 Exploit Author: Uriel Yochpaz and Jonatan Schor Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A...

9.3CVSS7.4AI score0.04663EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.332 views

GoldWave - Buffer Overflow (SEH Unicode)

Exploit Title: GoldWave 5.70 – Buffer Overflow SEH Unicode Date: 2020-05-14 Exploit Author: Andy Bowden Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Download Link: http://goldwave.com//downloads/gwave570.exe Tested on: Windows 10 x86 PoC 1. generate crash.txt, copy contents to clipboa...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/01 12:0 a.m.333 views

Online Scheduling System 1.0 - Authentication Bypass

Exploit Title: Online Scheduling System 1.0 - Authentication Bypass Exploit Author: Bobby Cooke Date: 2020-04-30 Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/10 12:0 a.m.332 views

Dota 2 7.23f - Denial of Service (PoC)

Exploit Title: Dota 2 7.23f - Denial of Service PoC Google Dork: N/A Date: 2020-02-05 Exploit Author: Bogdan Kurinnoy [email protected] bi7s Vendor Homepage: https://www.valvesoftware.com/en/ Software Link: N/A Version: 7.23f Tested on: Windows 10 x64 CVE : CVE-2020-7949 Valve Dota 2...

7.8CVSS7.7AI score0.04165EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.332 views

Android 7 < 9 - Remote Code Execution

Exploit Title: Android 7-9 - Remote Code Execution Date: date Exploit Author: Marcin Kozlowski Version: 7-9 Tested on: Android CVE : 2019-2107 CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with...

9.3CVSS8.9AI score0.08926EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.331 views

phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)

Exploit Title: phpIPAM 1.6 - Reflected Cross Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.5.1 Tested on: Ubuntu Windows CVE : CVE-2023-24657 PoC:...

6.1CVSS6.3AI score0.03904EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/15 12:0 a.m.331 views

OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Date: 2023-08-14 Exploit Author: V. B. Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11...

7.5CVSS6.7AI score0.0338EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/04/13 12:0 a.m.331 views

Savsoft Quiz v6.0 Enterprise - Stored XSS

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/25 12:0 a.m.331 views

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Date: 2023-12-26 Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on:...

10CVSS9.5AI score0.92918EPSS
Exploits10
Exploit DB
Exploit DB
added 2024/03/06 12:0 a.m.331 views

Lot Reservation Management System - Unauthenticated File Disclosure

Exploit Title: Lot Reservation Management System Unauthenticated File Disclosure Vulnerability Google Dork: N/A Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.htm...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/09 12:0 a.m.332 views

Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Date: 03/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.331 views

Jedox 2022.4.2 - Code Execution via RPC Interfaces

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...

7.5CVSS7.6AI score0.06247EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.331 views

File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control

Exploit Title: File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control Date: 2023-04-13 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.diasoft.net - https://www.filereplicationpro.com Software Link:...

9.8CVSS9.7AI score0.06051EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/04 12:0 a.m.331 views

WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.331 views

Chikitsa Patient Management System 2.0.2 - 'backup' Remote Code Execution (RCE) (Authenticated)

Exploit Title: Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.331 views

WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection

Exploit Title: WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/ultimate-maps-by-supsystic.1.1.12.zip Category: Web Application...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.331 views

ReQuest Serious Play F3 Media Server 7.0.3 - Remote Denial of Service

Exploit Title: ReQuest Serious Play F3 Media Server 7.0.3 - Remote Denial of Service Exploit Author: LiquidWorm Software Link: http://request.com/ Version: 3.0.0 Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 7.0.3.4968 Pro 7.0.2.4954 6.5.2.4954...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/01 12:0 a.m.331 views

RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC)

Exploit Title: RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow EggHunter SEH PoC Exploit Author: Paras Bhatia Discovery Date: 2020-06-29 Vulnerable Software: RM Downloader Software Link Download: https://github.com/x00x00x00x00/RMDownloader2.50.60/raw/master/RMDownloader.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/22 12:0 a.m.331 views

ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path

Exploit Title: ProShow Producer 9.0.3797 - 'ScsiAccess' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-21 Vendor Homepage : http://www.photodex.com/ Link Software : http://files.photodex.com/release/pspro903797.exe Tested on OS: Windows 7 Analyze PoC : ==============...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/18 12:0 a.m.331 views

iSmartViewPro 1.3.34 - Denial of Service (PoC)

Exploit Title: iSmartViewPro 1.3.34 - Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019 -11-16 Vendor Homepage: http://www.smarteyegroup.com/ Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071 Tested Version: 1.3.34 Vulnerability Type: Denial of Service D...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/08 12:0 a.m.331 views

Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting

Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 and below Tested on: Debian 10 Buster, Jenkins 2.203 latest...

6.1CVSS6.5AI score0.57735EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/03 12:0 a.m.331 views

ptrace - Sudo Token Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ptrace Sudo Token Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by blindly injecting into the session...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/01/24 12:0 a.m.331 views

Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure

Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker Filename: dpcrypto.py Github: https://github.com/bao7uo/dpcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: Telerik UI for ASP.NET AJAX CVE: CVE-2017-9248 Vend...

9.8CVSS9.8AI score0.75098EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.330 views

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation Date: 2025-05-7 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Affected: Versions All versions of OttoKit SureTriggers ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the followin...

9.8CVSS7.1AI score0.5088EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/02/19 12:0 a.m.330 views

Microsoft Windows Defender - VBScript Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERVBSCRIPTTROJANMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Vulnerability Type...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.330 views

Global - Multi School Management System Express v1.0- SQL Injection

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.330 views

Social-Commerce 3.1.6 - Reflected XSS

Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Version: 3.1.6 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

6.1CVSS6.3AI score0.05271EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.330 views

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Date: 13 May 2023 Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

9.8CVSS9.8AI score0.99999EPSS
Exploits24
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.330 views

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...

7.2CVSS7.4AI score0.99999EPSS
Exploits12
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.330 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal

Exploit Title: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Exploit Author: LiquidWorm Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.330 views

SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)

Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...

6.6AI score
Exploits3
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.330 views

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)

Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting XSS Date: 1/3/2022 Exploit Author: Momen Eldawakhly CyberGuy Vendor Homepage: https://www.zyxel.com Version: ZyWALL 2 Plus Tested on: Ubuntu Linux Firefox CVE : CVE-2021-46387 GET...

6.1CVSS6.3AI score0.21028EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/18 12:0 a.m.330 views

Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path

Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.330 views

Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Date: 01-12-2021 Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.htm...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/01 12:0 a.m.330 views

CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...

6.1CVSS5.6AI score0.8845EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/10/02 12:0 a.m.330 views

Dnsmasq < 2.78 - Lack of free() Denial of Service

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14495.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...

7.5CVSS8.9AI score0.84323EPSS
Exploits5
Exploit DB
Exploit DB
added 2010/03/15 12:0 a.m.330 views

Torrent Hoster - Remount Upload

======================================================================================== | Title : Torrent Hoster Remont Upload Exploit | Author : El-Kahina | Home : www.h4kz.com | | Script : Powered by Torrent Hoster. | Tested on: windows SP2 Franais V.Pnx2 2.0 + Lunix Franais v.9.4 Ubuntu | Bug...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/05/09 12:0 a.m.330 views

Easy Message Board - Remote Command Execution

source: https://www.securityfocus.com/bid/13555/info Easy Message Board is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. http://www.example.com/cgi-bin/emsgb/easymsgb.pl?print=|id|...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/10/01 12:0 a.m.329 views

reNgine 2.2.0 - Command Injection (Authenticated)

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/14 12:0 a.m.329 views

KiTTY 0.76.1.13 - Command Injection

Exploit Title: KiTTY 0.76.1.13 - Command Injection Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤ 0.76.1.13 Tested on: Microsoft Windows...

7.8CVSS7.7AI score0.04692EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/03/10 12:0 a.m.329 views

Numbas < v7.3 - Remote Code Execution

Exploit Title: Numbas v7.3 - Remote Code Execution Google Dork: N/A Date: March 7th, 2024 Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests,...

6.2CVSS6.6AI score0.10706EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.329 views

Equipment Rental Script-1.0 - SQLi

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.329 views

Real Player v.20.0.8.310 G2 Control - 'DoGoToURL()' Remote Code Execution (RCE)

Exploit Title: Real Player v.20.0.8.310 G2 Control - 'DoGoToURL' Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: v.20.0.8.310 Tested on: Windows 7, 8.1, 10 CVE : N/A Full...

7.4AI score
Exploits0
Total number of security vulnerabilities5000