Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.1084 views

Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection

Exploit Title: Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection Date: 2020-12-04 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/geraked/phpscript-sgh Software Link: https://github.com/geraked/phpscript-sgh Version: 0.1.0 Tested on: Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/11 12:0 a.m.1082 views

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in Webmin...

9CVSS7.4AI score0.77813EPSS
Exploits9
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.1080 views

Apache Struts 2.5.20 - Double OGNL evaluation

Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...

9.8CVSS9.7AI score0.97399EPSS
Exploits15
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.1075 views

Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...

10CVSS10AI score0.99999EPSS
Exploits123
Exploit DB
Exploit DB
added 2020/04/21 12:0 a.m.1072 views

IQrouter 3.3.1 Firmware - Remote Code Execution

Exploit Title: IQrouter 3.3.1 Firmware - Remote Code Execution Date: 2020-04-21 Exploit Author: drakylar Vendor Homepage: https://evenroute.com/ Software Link: https://evenroute.com/iqrouter Version: IQrouter firmware up to 3.3.1 Tested on: IQrouter firmware 3.3.1 CVE : N/A !/usr/bin/env python3...

9.8CVSS8.6AI score0.03189EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.1070 views

Microsoft Internet Explorer 11 - Use-After-Free

Exploit Title: Microsoft Internet Explorer 11 - Use-After-Free Date: 2020-05-07 Exploit Author: maxpl0it Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 CVE :...

7.6CVSS8.2AI score0.86863EPSS
Exploits17
Exploit DB
Exploit DB
added 2002/06/24 12:0 a.m.1069 views

OpenSSH 3.x - Challenge-Response Buffer Overflow (2)

source: https://www.securityfocus.com/bid/5093/info The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to the OpenSSH SSH2 challenge-response mechanism. They...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.1068 views

WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-13 Vendor Homepage: https://wordpress.org/plugins/buddypress/ Version: 6.2.0 Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerabilit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/06 12:0 a.m.1068 views

GitLab 12.9.0 - Arbitrary File Read

Exploit Title: GitLab 12.9.0 - Arbitrary File Read Google Dork: - Date: 2020-05-03 Exploit Author: KouroshRZ Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Ubuntu 18.04 but it's OS independent CVE : -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/23 12:0 a.m.1067 views

Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload

Exploit Title: Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/3dprint-lite/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/3dprint-lite/ Version: spacehen www.github.com/spacehen" def printusage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/25 12:0 a.m.1067 views

WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Mayur Parmar Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: PopOS Stored Cross-site scriptingXSS: Stored attacks are those where the injected script is permanently store...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/10/21 12:0 a.m.1064 views

Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)

/ EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.1059 views

Fuel CMS 1.4.1 - Remote Code Execution (2)

Title: Fuel CMS 1.4.1 - Remote Code Execution 2 Exploit Author: Alexandre ZANNI Date: 2020-11-14 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: FILE -h | --help Options: Root URL base path including HTTP scheme,...

9.8CVSS9.6AI score0.82937EPSS
Exploits17
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.1056 views

WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection

Exploit Title: WordPress Rest Google Maps Plugin SQL Injection Google Dork: inurl:index.php?restroute=3D/wpgmza/ Date: 2020-09-09 Exploit Author: Jonatas Fil Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/developers Software Link: https://wordpress.org/plugins/wp-google-maps/...

9.8CVSS9.6AI score0.78699EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/01/11 12:0 a.m.1055 views

EyesOfNetwork 5.3 - LFI

Exploit Title: EyesOfNetwork 5.3 - LFI Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 The php not exclude other tools than proposed...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.1055 views

Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation

/ Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...

7.8CVSS7.3AI score0.02733EPSS
Exploits17
Exploit DB
Exploit DB
added 2016/03/10 12:0 a.m.1056 views

Exim < 4.86.2 - Local Privilege Escalation

============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...

7CVSS5.7AI score0.05901EPSS
Exploits13
Exploit DB
Exploit DB
added 2019/05/24 12:0 a.m.1049 views

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Exploit Title: Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Date: 03/2019 Author: Simon Zuckerbraun Vendor: https://www.microsoft.com/ Version: February 2019 patch level Tested on: Windows 10 1809 17763.316 CVE: CVE-2019-0752 Content Dim ar1&h3000000...

7.6CVSS6.5AI score0.81551EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/02/18 12:0 a.m.1047 views

Gitea 1.12.5 - Remote Code Execution (Authenticated)

Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Date: 17 Feb 2020 Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/en/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link:...

7.2CVSS6.9AI score0.95432EPSS
Exploits12
Exploit DB
Exploit DB
added 2020/09/11 12:0 a.m.1043 views

Internet Explorer 11 - Use-After-Free

Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...

7.6CVSS0.86863EPSS
Exploits17
Exploit DB
Exploit DB
added 2010/03/24 12:0 a.m.1043 views

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

Vbulletin Blog 4.0.2 XSS Vulnerability Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin™ Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved. The script is affected by Permanent XSS vulnerability, so you can put in bad java script code alert'put...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/21 12:0 a.m.1038 views

School Faculty Scheduling System 1.0 - Authentication Bypass POC

Exploit Title: School Faculty Scheduling System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/20 12:0 a.m.1037 views

WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29233 Stored Cross-site scriptingXSS: Stored XSS, also...

5.4CVSS5.8AI score0.01271EPSS
Exploits3
Exploit DB
Exploit DB
added 2008/01/05 12:0 a.m.1037 views

ClipShare 2.6 - Remote User Password Change

!/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User Passord Change Exploit\n"; print "\nBy...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/13 12:0 a.m.1035 views

Technicolor TD5130.2 - Remote Command Execution

Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST /mntping.cgi HTTP/1.1 Host: HOST User-Agent:...

9CVSS7.2AI score0.16206EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.1033 views

Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation

/ Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under t...

7.8CVSS7.3AI score0.02733EPSS
Exploits16
Exploit DB
Exploit DB
added 2020/08/28 12:0 a.m.1028 views

Online Shopping Alphaware 1.0 - 'id' SQL Injection

Title: Online Shopping Alphaware 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-28 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/07/15 12:0 a.m.1026 views

Claroline 1.8.9 - '/claroline/redirector.php?url' Arbitrary Site Redirect

source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser ...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/13 12:0 a.m.1022 views

Centos WebPanel 7 - 'term' SQL Injection

Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : CVE-2020-10230 Type: Error Based...

9.8CVSS9.9AI score0.14668EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/16 12:0 a.m.1019 views

KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path

Exploit Title: KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Discovery by: IRVIN GIL Discovery Date: 2020-11-14 Vendor Homepage: https://www.kite.com/ Tested Version: 1.2020.1113.1 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 es Step to discover...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/08/29 12:0 a.m.1016 views

HelpDeskZ 1.0.2 - Arbitrary File Upload

''' Updated Exploit Provided by Drew Griess Exploit Title HelpDeskZ = v1.0.2 - Unauthenticated Shell Upload Google Dork intextHelp Desk Software by HelpDeskZ Date 2016-08-26 Exploit Author Lars Morgenroth - @krankoPwnz Vendor Homepage httpwww.helpdeskz.com Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/13 12:0 a.m.1014 views

Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC Remote Code Execution', 'Description' = %q An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11....

9.8CVSS10AI score0.99999EPSS
Exploits48
Exploit DB
Exploit DB
added 2020/10/12 12:0 a.m.1011 views

Cisco ASA and FTD 9.6.4.42 - Path Traversal

Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...

7.5CVSS7.8AI score0.99992EPSS
Exploits24
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.1010 views

Subrion CMS 4.2.1 - Arbitrary File Upload

Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE Authenticated Date: 17/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE:...

7.2CVSS7.4AI score0.64261EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.1010 views

CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)

Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/15 12:0 a.m.998 views

WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

8.8CVSS8.8AI score0.79823EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/11/16 12:0 a.m.994 views

Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path

Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Exploit Author : Isabel Lopez Exploit Date: 2020-11-13 Vendor Homepage : https://www.file.net/process/athcoexagent.exe.html Link Software :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/26 12:0 a.m.992 views

Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Exploit Title: Moodle 3.10.3 - 'label' Persistent Cross Site Scripting Date: 25.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/16 12:0 a.m.991 views

Piwigo 2.10.1 - Cross Site Scripting

Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...

5.4CVSS5.5AI score0.23822EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.987 views

Pluck v4.7.18 - Remote Code Execution (RCE)

Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/03/26 12:0 a.m.987 views

BlackBoard Academic Suite 6/7 - '/bin/common/announcement.pl?data__announcements___pk1_pk2__subject' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/06 12:0 a.m.986 views

Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path

Exploit Title: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path Discovery by: Marcos Antonio León psk Discovery Date: 2019-11-04 Vendor Homepage: https://www.wacom.com Software Link : http://cdn.wacom.com/U/drivers/IBMPC/pro/WacomTablet637-3.exe Tested Version: 6.3.7.3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.985 views

IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path

Exploit Title: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Discovery by: Diego Cañada Software link: https://www.pconlife.com/download/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/ Discovery Date: 2020-12-03 Tested Version: 1.0.6499.0 Vulnerability Type: Unquoted Service Path...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/04/17 12:0 a.m.977 views

HackBack - A DIY Guide

HackBack - A DIY Guide. Papers exploit for Multiple platform | | | | | | | | | | | | || |/ |/ | |/ / | \ / |/ | |/ / | | | | | | | | | | | | || || ||,|||\ |/ ,|||\ A DIY Guide ,-.,-. ,-\ o O/; / , | | -.,, / \ -./ / ,.\ / -..-\ ./ ' / /| \ ,/ \ |.-" '/\ \ \ / ,, | \ | o/o / . \ , / / ;-;'...

9CVSS7.5AI score0.96188EPSS
Exploits16
Exploit DB
Exploit DB
added 2003/08/13 12:0 a.m.977 views

HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion

source: https://www.securityfocus.com/bid/8416/info A file include vulnerability has been reported in the htmltags.php module of HolaCMS. This problem may allow an attacker to access potentially sensitive information reserved for adminstration. It has also been reported that some files included v...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/25 12:0 a.m.978 views

Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/10 12:0 a.m.974 views

WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting

Exploit Title: WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://sygnoos.com Software Link: https://wordpress.org/plugins/popup-builder/ / https://popup-builder.com/ Version: = 3.69.6 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/18 12:0 a.m.974 views

Microsoft Windows - Local Privilege Escalation (MS15-051)

Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

7.8CVSS7.8AI score0.562EPSS
Exploits38
Exploit DB
Exploit DB
added 2010/07/09 12:0 a.m.971 views

Write-to-file Shellcode Win32

Write-to-file Shellcode Win32. CVE-2010-0425. Shellcode exploits for multiple platform ; Write-to-file Shellcode ; ; This shellcode was used in the exploit for: CVE-2010-0425 ; Supported: Windows 2000, WinXP, Server 2003, Server 2008, Vista, Windows 7 ; ; Size: 278 bytes ;...

10CVSS0.1AI score0.94248EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/04/28 12:0 a.m.970 views

Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)

Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...

7.6CVSS5.8AI score0.03174EPSS
Exploits4
Total number of security vulnerabilities5000