Exploitdb - Page 60 of Exploitdb Most Viewed Vulnerabilities List | Vulners.com

ExploitdbMost viewed

Recent Most viewed

47884 matches found

Exploit DB•added 2025/04/09 12:0 a.m.•308 views

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...

9.8CVSS9.7AI score0.12151EPSS

Exploit DB•added 2024/05/31 12:0 a.m.•308 views

changedetection < 0.45.20 - Remote Code Execution (RCE)

Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Date: 5-26-2024 Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import impor...

10CVSS9.8AI score0.92087EPSS

Exploit DB•added 2024/04/21 12:0 a.m.•308 views

FlatPress v1.3 - Remote Command Execution

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

Exploit DB•added 2024/03/28 12:0 a.m.•308 views

liveSite Version 2019.1 - Remote Code Execution

Exploit Title: liveSite Version : 2019.1 Campaigns Remote Code Execution Date: 2024-1-9 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Campaigns Create Campaig...

Exploit DB•added 2024/03/18 12:0 a.m.•308 views

TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5...

Exploit DB•added 2023/06/04 12:0 a.m.•308 views

MotoCMS Version 3.4.3 - SQL Injection

Title: MotoCMS Version 3.4.3 - SQL Injection Author: tmrswrr Date: 01/06/2023 Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.4.3 Description MotoCMS Version 3.4.3 SQL Injection via the keyword parameter. Steps to...

Exploit DB•added 2023/05/23 12:0 a.m.•308 views

Apache Superset 2.0.0 - Authentication Bypass

Exploit Title: Apache Superset 2.0.0 - Authentication Bypass Date: 10 May 2023 Exploit Author: MaanVader Vendor Homepage: https://superset.apache.org/ Version: Apache Superset= 1.4.1 b'thisISaSECRET1234', deployment template b'YOUROWNRANDOMGENERATEDSECRETKEY', documentation b'TESTNONDEVSECRET'...

9.8CVSS9.8AI score0.84026EPSS

Exploit DB•added 2022/05/11 12:0 a.m.•308 views

PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)

Exploit Title: PHProjekt PhpSimplyGest v1.3.0 - Stored Cross-Site Scripting XSS Date: 2022-05-05 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.phprojekt.altervista.org removed demo was at http://phprojekt.altervista.org/phpsimplygest130 Software Link:...

5.4CVSS5.5AI score0.01028EPSS

Exploit DB•added 2022/02/04 12:0 a.m.•308 views

Servisnet Tessa - Add sysAdmin User (Unauthenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...

9.8CVSS9.8AI score0.2124EPSS

Exploit DB•added 2021/12/16 12:0 a.m.•308 views

Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting XSS Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Exploit DB•added 2021/08/25 12:0 a.m.•308 views

HP OfficeJet 4630/7110 MYM1FN2025AR/2117A - Stored Cross-Site Scripting (XSS)

Exploit Title: HP OfficeJet 4630/7110 MYM1FN2025AR 2117A – Stored Cross-Site Scripting XSS Date: 01/08/2021 Exploit Author: Tyler Butler Vendor Homepage: https://www8.hp.com/ Vendor Bulletin: https://support.hp.com/ie-en/document/ish4433829-4433857-16/hpsbpi03742 Researcher Bulletin:...

Exploit DB•added 2021/05/17 12:0 a.m.•308 views

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Exploit DB•added 2021/03/11 12:0 a.m.•308 views

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Date: 1/30/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin...

6.1CVSS6.6AI score0.0024EPSS

Exploit DB•added 2021/02/11 12:0 a.m.•308 views

Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)

Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote code execution 3 Date: 10/02/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/ Version: 1.0...

Exploit DB•added 2021/01/21 12:0 a.m.•308 views

Apartment Visitors Management System 1.0 - 'email' SQL Injection

Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

Exploit DB•added 2019/08/15 12:0 a.m.•308 views

Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

Exploit DB•added 2025/05/25 12:0 a.m.•307 views

Java-springboot-codebase 1.1 - Arbitrary File Read

Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 1.1 Tested on:...

8.7CVSS7AI score0.06841EPSS

Exploit DB•added 2025/05/01 12:0 a.m.•307 views

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing

Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.txt x.com/hyp3rlinx ISR: ApparitionSec Vendor www.microsoft.com Product .xrm-ms File Type Vulnerability Type NTLM Hash...

Exploit DB•added 2024/04/12 12:0 a.m.•307 views

HTMLy Version v2.9.6 - Stored XSS

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

Exploit DB•added 2024/02/27 12:0 a.m.•307 views

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...

7.5CVSS7.6AI score0.00088EPSS

Exploit DB•added 2024/02/02 12:0 a.m.•307 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

Exploit DB•added 2022/01/27 12:0 a.m.•307 views

WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

7.2CVSS7.2AI score0.34848EPSS

Exploit DB•added 2022/01/05 12:0 a.m.•307 views

WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)

Exploit Title: WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting XSS Unauthenticated Date: 22/12/2021 Exploit Author: gx1 Vulnerability Discovery: Gaetano Perrone Vendor Homepage: https://www.crmperks.com/ Software Link: https://wordpress.org/plugins/contact-form-entries/ Version...

6.1CVSS6.3AI score0.51607EPSS

Exploit DB•added 2021/10/08 12:0 a.m.•307 views

Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)

Exploit title: Maian-Cart 3.8 - Remote Code Execution RCE Unauthenticated Date: 27.11.2020 19:35 Tested on: Ubuntu 20.04 LTS Exploit Authors: DreyAnd, purpl3 Software Link: https://www.maiancart.com/download.html Vendor homepage: https://www.maianscriptworld.co.uk/ Version: Maian Cart 3.8 CVE:...

9.8CVSS9.7AI score0.65463EPSS

Exploit DB•added 2021/03/19 12:0 a.m.•307 views

SOYAL Biometric Access Control System 5.0 - Master Code Disclosure

Exploit Title: SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affect...

Exploit DB•added 2019/11/12 12:0 a.m.•307 views

Atlassian Confluence 6.15.1 - Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...

9CVSS9AI score0.93854EPSS

Exploit DB•added 2019/08/30 12:0 a.m.•307 views

YouPHPTube 7.4 - Remote Code Execution

Exploit Title: YouPHPTube &webSiteTitle=Zerodays.lol&databaseHost=&databaseName=&databasePass=&databasePort=&databaseUser="...

Exploit DB•added 2008/07/30 12:0 a.m.•307 views

Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection

GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be used to steal the cookie data as mentioned earlier in this advisory. Arbitrar...

Exploit DB•added 2025/04/15 12:0 a.m.•306 views

IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)

Author Title: John Page aka hyp3rlinx Author Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/IBMiNavigatorHTTPSecurityTokenBypass-CVE-2024-51464.txt Vendor: www.ibm.com Vendor www.ibm.com Product Navigator for i is a Web console interface where you can perfor...

5.4CVSS4.8AI score0.03261EPSS

Exploit DB•added 2025/04/15 12:0 a.m.•306 views

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)

Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 0.1 Tested on: Debian Linux CVE :...

8.7CVSS6.8AI score0.07457EPSS

Exploit DB•added 2024/06/01 12:0 a.m.•306 views

Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cre...

Exploit DB•added 2024/03/25 12:0 a.m.•306 views

LBT-T300-mini1 - Remote Buffer Overflow

include include define MAXLEN 256 define BUFFEROVERRUNLENGTH 50 define SHELLCODELENGTH 32 // NOP sled to increase the chance of successful shellcode execution char nopsledSHELLCODELENGTH =...

Exploit DB•added 2023/06/14 12:0 a.m.•306 views

Online Thesis Archiving System v1.0 - Multiple-SQLi

Exploit Title: Online Thesis Archiving System v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 06.12.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...

Exploit DB•added 2023/04/25 12:0 a.m.•306 views

Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution

Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution RCE Date: 4/23/2023 Author: Or4nG.M4n Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Exploit DB•added 2023/04/14 12:0 a.m.•306 views

Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Exploit DB•added 2022/03/07 12:0 a.m.•306 views

Malwarebytes 4.5 - Unquoted Service Path

Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC...

Exploit DB•added 2021/07/05 12:0 a.m.•306 views

Church Management System 1.0 - Arbitrary File Upload (Authenticated)

Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution Authenticated Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link:...

Exploit DB•added 2021/01/05 12:0 a.m.•306 views

Online Learning Management System 1.0 - RCE (Authenticated)

Exploit Title: Online Learning Management System 1.0 - RCE Authenticated Date: 01.01.2021 Exploit Author: Bedri Sertkaya Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

Exploit DB•added 2020/12/21 12:0 a.m.•306 views

Online Marriage Registration System 1.0 - 'searchdata' SQL Injection

Exploit Title: Online Marriage Registration System 1.0 - 'searchdata' SQL Injection Date: 12-21-2020 Exploit Authors: Andrea Bruschi, Raffaele Sabato Vendor: Phpgurukul Product Web Page: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/ Version: 1.0 CVE: CVE-2020-351...

8.8CVSS8.9AI score0.00314EPSS

Exploit DB•added 2020/10/19 12:0 a.m.•306 views

HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: https://www.szuray.com/ Software Link: N/A Version: up to 1.97 Tested on: Linux CVE: CVE-2020-24219 Vendors: URayTech...

7.8CVSS7.7AI score0.25223EPSS

Exploit DB•added 2020/10/15 12:0 a.m.•306 views

Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass

Exploit Title: Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass Date: 24/09/2020 Exploit Author: Saurav Shukla & Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html...

Exploit DB•added 2025/04/05 12:0 a.m.•305 views

Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload

Exploit Title: WordPress Plugin Royal Elementor Addons = 1.3.78 - Unauthenticated Arbitrary File Upload RCE Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://royal-elementor-addons.com Software Link:...

9.8CVSS7.4AI score0.93478EPSS

Exploit DB•added 2024/04/15 12:0 a.m.•305 views

djangorestframework-simplejwt 5.3.1 - Information Disclosure

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

5.5CVSS6.4AI score0.00235EPSS

Exploit DB•added 2024/03/25 12:0 a.m.•305 views

MobileShop master v1.0 - SQL Injection Vuln.

Exploit Title: MobileShop master v1.0 - SQL Injection Vuln. + Date: 2024-13-03 + Exploit Author: "HAZIM ARBAŞ" from EMA Security LTD - Siber Güvenlik ve Bilişim Hizmetleri https://emasecurity.com + Vendor Homepage:...

Exploit DB•added 2024/03/14 12:0 a.m.•305 views

SolarView Compact 6.00 - Command Injection

Exploit Title: SolarView Compact 6.00 - Command Injection - Shodan Dork: http.html:"solarview compact" - Exploit Author: ByteHunter - Email: [email protected] - Version: 6.00 - Tested on: 6.00 - CVE : CVE-2023-23333 import argparse import requests def vulncheckipaddress, port: url =...

9.8CVSS9.6AI score0.94216EPSS

Exploit DB•added 2024/03/10 12:0 a.m.•305 views

Ladder v0.0.21 - Server-side request forgery (SSRF)

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

7.5CVSS7.7AI score0.06831EPSS

Exploit DB•added 2023/07/21 12:0 a.m.•305 views

Perch v3.2 - Stored XSS

Exploit Title: Perch v3.2 - Stored XSS Application: Perch Cms Version: v3.2 Bugs: XSS Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

Exploit DB•added 2023/07/21 12:0 a.m.•305 views

Perch v3.2 - Remote Code Execution (RCE)

Exploit Title: Perch v3.2 - Remote Code Execution RCE Application: Perch Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

Exploit DB•added 2023/06/14 12:0 a.m.•305 views

Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution

Exploit Title: Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modula...

Exploit DB•added 2023/06/14 12:0 a.m.•305 views

projectSend r1605 - CSV injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

Total number of security vulnerabilities5000