Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.304 views

WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection

Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...

8.8CVSS8.8AI score0.38298EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.304 views

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/17 12:0 a.m.304 views

GeoVision Geowebserver 5.3.3 - Local FIle Inclusion

Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Date: 6-16-21 Vendor Notified Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/08 12:0 a.m.304 views

Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: Employee Record Management System 1.2 - Stored Cross-Site Scripting XSS Date: 07 July 2021 Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Tested on: Server: XAMP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.304 views

Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure Vendor: Selea s.r.l. Product we...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/11 12:0 a.m.304 views

iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address

During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API. One of the classes that is allowed to be decoded from the incoming data is NSDictionary. However, due to the logic of NSUnarchiver, all subclasses of NSDictionary that also implement secu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/21 12:0 a.m.304 views

Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free

Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here res2: 0 done ... crash Explanation The following snippet is taken from...

9.3CVSS8AI score0.17438EPSS
Exploits6
Exploit DB
Exploit DB
added 2010/05/12 12:0 a.m.304 views

Zervit Web Server 0.4 - Directory Traversals

zervit Web Server v0.4 Directory Traversals Found By: DrIDE Date: May 12, 2010 Download: http://zervit.sourceforge.net/ Tested on: Windows 7 - Description - zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest version of the application available. zervit HTTP Server is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/29 12:0 a.m.304 views

Sendmail 8.11.6 - Address Prescan Memory Corruption

/ source: https://www.securityfocus.com/bid/7230/info A vulnerability in Sendmail may be exploited remotely to execute arbitrary code. The flaw is present in the 'prescan' procedure, which is used for processing email addresses in SMTP headers. This condition has been confirmed to be exploitable ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/28 12:0 a.m.303 views

Invision Community 4.7.20 - (calendar/view.php) SQL Injection

Exploit Title: Invision Community = 4.7.18. Proof of Concept https://karmainsecurity.com/pocs/CVE-2025-48932.php...

6.8AI score
Exploits2
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.303 views

CrushFTP 11.3.1 - Authentication Bypass

Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.crushftp.com Software Link: https://www.crushftp.com/download.html Version: =2.28.1 , colorama=0.4.6 ,...

9.8CVSS7.4AI score0.99947EPSS
Exploits18
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.303 views

Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)

Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link: https://github.com/adaptlearning/adaptauthoring Version: 0.11.3 CVE Identifier: CVE-2024-50672 , CVE-2024-50671...

9.8CVSS7AI score0.01526EPSS
Exploits2
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.303 views

Microweber 2.0.15 - Stored XSS

Exploit Title: Stored XSS in Microweber Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/12 12:0 a.m.303 views

OSGi v3.8-3.18 Console - RCE

!/usr/bin/python Exploit Title: OSGi v3.8-3.18 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.303 views

Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Date: 07/2023 Exploit Author: Ansh Jain @sudoark Author Contact : [email protected] Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

9.8CVSS9.7AI score0.02084EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/06/04 12:0 a.m.303 views

Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-03 Exploit Author: tmrswrr Vendor Homepage: https://barebonescms.com/ Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip Version: v2.0.2 Tested :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.303 views

pfsenseCE v2.6.0 - Anti-brute force protection bypass

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

9.8CVSS9.7AI score0.09844EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/06/03 12:0 a.m.303 views

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)

Exploit Title: Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 - Remote Code Execution RCE Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/02 12:0 a.m.303 views

Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...

7.5CVSS7.6AI score0.31043EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.303 views

NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation

Exploit Title: NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation Date: 01.03.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.nucom.es Vendor: NUEVAS COMUNICACIONES IBERIA, S.A. Product web page: https://www.nucom.es Affected version: 5.07.90multiNCM01 5.07.89multiNCM01...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/12 12:0 a.m.303 views

SmartAgent 3.1.0 - Privilege Escalation

Exploit Title: SmartAgent 3.1.0 - Privilege Escalation Date: 01-11-2021 Exploit Author: Orion Hridoy Vendor Homepage: https://www.smartagent.io/ Version: Build 3.1.0 Tested on: Windows 10/Kali Linux A Low grade user like ViewOnly can create an account with SuperUser permission. Steps To Reproduce...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.303 views

Amarok 2.8.0 - Denial-of-Service

Exploit Title: Amarok 2.8.0 - Denial-of-Service Date: 1 November 2020 Exploit Author: FishballAndMeatball Vendor Homepage: https://amarok.kde.org/ Software link: https://community.kde.org/Amarok/GettingStarted/Download Version: Amarok 2.8.0 Tested on: Windows 10, Windows 7, Windows XP CVE:...

5.5CVSS5.5AI score0.03429EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/01/06 12:0 a.m.303 views

Complaint Management System 4.0 - 'cid' SQL injection

Exploit Title: Complaint Management System 4.0 - 'cid' SQL injection Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Tested on: Windows 7 CVE : N/A Description: The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/02 12:0 a.m.303 views

BloodX 1.0 - Authentication Bypass

Exploit Title: BloodX 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-31 Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: An standalone platform which lets...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/30 12:0 a.m.303 views

Thrive Smart Home 1.1 - Authentication Bypass

Exploit: Thrive Smart Home 1.1 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Thrive Product web page: http://www.thrivesmarthomes.com Affected version: 1.1 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5554 Advisory URL:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.303 views

Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.303 views

DHCP Client - Command Injection 'DynoRoot' (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager...

7.9CVSS7.9AI score0.94457EPSS
Exploits14
Exploit DB
Exploit DB
added 2018/02/05 12:0 a.m.303 views

Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/03/16 12:0 a.m.303 views

ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' = %q This module exploits a remote command execution RCE vulnerability in...

9.8CVSS9.8AI score0.99906EPSS
Exploits19
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.302 views

WordPress Core 6.2 - Directory Traversal

Exploit Title: WordPress Core 6.2 - Directory Traversal Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 6.2 Tested on: Win, Ubuntu CVE : CVE-2023-2745 import requests from colorama import init,...

6.1CVSS7.4AI score0.79527EPSS
Exploits7
Exploit DB
Exploit DB
added 2024/02/26 12:0 a.m.302 views

Flashcard Quiz App v1.0 - 'card' SQL Injection

Exploit Title: Flashcard Quiz App v1.0 - 'card' SQL Injection Google Dork: N/A Application: Flashcard Quiz App Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.302 views

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter login.htm/mail.htm Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.302 views

PHP Shopping Cart 4.2 - Multiple-SQLi

Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to b...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.302 views

Coppermine Gallery 1.6.25 - RCE

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.302 views

WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion

Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 26-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ Version: 1.7.4 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/01 12:0 a.m.302 views

Phpwcms 1.9.30 - Arbitrary File Upload

Exploit Title: Phpwcms 1.9.30 - Arbitrary File Upload Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating paylo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/10 12:0 a.m.302 views

Amica Prodigy 1.7 - Privilege Escalation

Exploit Title: Amica Prodigy 1.7 - Privilege Escalation Date: 2021-08-06 Exploit Author: Andrea Intilangelo Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe Version: 1.7 Tested on: Windows 10...

7.8CVSS7.8AI score0.01129EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/07/13 12:0 a.m.302 views

OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)

Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated 2 Exploit author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Date: 2021-07-05 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Docker PoC:...

8.8CVSS7.5AI score0.66891EPSS
Exploits15
Exploit DB
Exploit DB
added 2021/06/09 12:0 a.m.302 views

GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

Exploit Title: GravCMS 1.10.7 - Arbitrary YAML Write/Update Unauthenticated 2 Original Exploit Author: Mehmet Ince Vendor Homepage: https://getgrav.org Version: 1.10.7 Tested on: Debian 10 Author: legend /usr/bin/python3 import requests import sys import re import base64 target=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.302 views

Concrete5 8.5.4 - 'name' Stored XSS

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

4.8CVSS5.6AI score0.03008EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/21 12:0 a.m.303 views

Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS

Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version:Flexmonster Pivot Table & Charts 2.7.17 Tested on:Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20140...

6.1CVSS6.4AI score0.01616EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/10/31 12:0 a.m.302 views

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH)

Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Google Dork: N/A Date: 2019-10-30 Exploit Author: Doan Nguyen 4ll4u Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Version: v4.6.1217 Tested on: Windows XP SP3 CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/06/05 12:0 a.m.302 views

Plesk < 9.5.4 - Remote Command Execution

Plesk Apache zeroday / June 2013 discovered & exploited by kingcope this Plesk configuration setting makes it possible: scriptAlias /phppath/ "/usr/bin/" Furthermore this is not cve-2012-1823 because the php interpreter is called directly. no php file is called Parallels Plesk Remote Exploit -- P...

9.8CVSS10AI score0.99998EPSS
Exploits42
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.301 views

Artica Proxy 4.50 - Remote Code Execution (RCE)

Exploit Title: Artica Proxy 4.50 - Remote Code Execution RCE Date: 23-04-2024 Exploit Author: Madan Vendor Homepage: https://artica-proxy.com/ Version: 4.40, 4.50 Tested on: relevant os CVE : CVE-2024-2054 you can also find the exploit on my github repo: https://github.com/Madan301/CVE-2024-2054...

9.8CVSS9.6AI score0.8126EPSS
Exploits9
Exploit DB
Exploit DB
added 2024/02/19 12:0 a.m.301 views

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/WindowsDefenderBackdoorJS.Relvelshe.ADetectionMitigationBypass.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.301 views

WinterCMS < 1.2.3 - Persistent Cross-Site Scripting

Exploit Title: WinterCMS alertdocument.cookie; //Post Request...

4.8CVSS5.1AI score0.027EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/06/26 12:0 a.m.301 views

PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory

Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Date: 2023-06-20 Dork: /modules/winbizpayment/downloads/download.php country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Vendor Homepage:...

7.5CVSS7.6AI score0.05523EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.301 views

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Date: 2023-05-10 Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.301 views

Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting (XSS)

Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/06 12:0 a.m.301 views

Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

5.3CVSS5.7AI score0.7233EPSS
Exploits7
Total number of security vulnerabilities5000