Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2016/06/29 12:0 a.m.292 views

Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)

/ Exploit Title: Elevation of privilege on Windows 7 SP1 x86 Date: 28/06-2016 Exploit Author: @blomster81 Vendor Homepage: www.microsoft.com Version: Windows 7 SP1 x86 Tested on: Windows 7 SP1 x86 CVE : 2016-0400 MS16-014 EoP PoC created from...

7.8CVSS7.8AI score0.24554EPSS
Exploits10
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.291 views

PHPJabbers Taxi Booking 2.0 - Reflected XSS

Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/taxi-booking-script/ Version: 2.0 Tested on: Windows 10 Pro Impact: Manipulate the content ...

6.1CVSS6.6AI score0.0522EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.291 views

Aures Booking & POS Terminal - Local Privilege Escalation

Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 2323 Common...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.291 views

MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService"

Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2023/05/24 12:0 a.m.291 views

Service Provider Management System v1.0 - SQL Injection

Exploit Title: Service Provider Management System v1.0 - SQL Injection Date: 2023-05-23 Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.291 views

Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path

Exploit Title: Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sony.com/ Software Link: https://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/en/index.html Version: 6.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/15 12:0 a.m.291 views

AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)

Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Date: 09/09/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c...

8.8CVSS8.8AI score0.04682EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/07/19 12:0 a.m.291 views

Dolibarr ERP/CRM 10.0.6 - Login Brute Force

Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force Date:2020-01-18 Exploit Author: Creamy Chicken Soup Vendor Homepage: https://www.dolibarr.org Software Link: https://sourceforge.net/projects/dolibarr/ Version: 10.0.6 Tested on: Windows 10 - 64bit CVE: CVE-2020-7995 function...

10CVSS9.6AI score0.04537EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/02/03 12:0 a.m.291 views

Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1)

Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...

7.8CVSS8.6AI score0.99295EPSS
Exploits81
Exploit DB
Exploit DB
added 2020/07/02 12:0 a.m.291 views

OCS Inventory NG 2.7 - Remote Code Execution

Exploit Title: OCS Inventory NG 2.7 - Remote Code Execution Date: 2020-06-05 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-14947 Vendor Homepage: https://ocsinventory-ng.org/ Version: v2.7 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 import requests import sys import warnings impo...

8.8CVSS8.8AI score0.19481EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.291 views

Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)

Exploit Title: Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion Authenticated Date: 2020-05-10 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Exploit-Db Author ID: 8763 Reference: https://www.xcloner.com/xcloner-news/security-release-available-for-archived-joomla-version/ Vendor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.291 views

WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment

ReplacementFragment::insertFragmentForTestRenderingNode rootEditableElement auto holder = createDefaultParagraphElementdocument; holder-appendChildmfragment; rootEditableElement-appendChildholder; // 2 document.updateLayoutIgnorePendingStylesheets; return holder;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/14 12:0 a.m.291 views

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Tesla Agent Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of tesla agent botnet panel. ,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/25 12:0 a.m.291 views

AZADMIN CMS 1.0 - SQL Injection

Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.291 views

Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sharepoint-ruby' class MetasploitModule 'DOS Vulnerability in SharePoint 2016 Server', 'Description' = %q A vulnerability in Microsoft SharePoint Server could...

7.5CVSS7.9AI score0.25745EPSS
Exploits5
Exploit DB
Exploit DB
added 2015/08/26 12:0 a.m.291 views

Magento eCommerce - Remote Code Execution

Exploit Title : Magento Shoplift exploit SUPEE-5344 Author : Manish Kishan Tanwar AKA error1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Debugged At : Indishell Laboriginally developed by joren //////////////////////// ///...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.290 views

Invision Community 5.0.6 - Remote Code Execution (RCE)

\n"; print "\nExample....: php $argv0 http://localhost/invision/"; print "\nExample....: php $argv0 https://invisioncommunity.com/\n\n"; die; $ch = curlinit; $params = "app" = "core", "module" = "syst...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.290 views

RDPGuard 9.9.9 - Privilege Escalation

Exploit Title: RDPGuard 9.9.9 - Privilege Escalation Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version: 9.9.9 latest Tested on: Windows 10 32bit Steps to Reproduce 1. Prepare a .bat...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.290 views

Car Rental Project 1.0 - Remote Code Execution

Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...

7.2CVSS7.4AI score0.05808EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.290 views

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)

ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Off-by-One Config Write DoS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...

7.7CVSS7AI score0.00874EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.290 views

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 bbmdUpdate.php - Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management an...

10CVSS6.6AI score0.02846EPSS
Exploits17
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.290 views

GeoVision GV-ASManager 6.1.1.0 - CSRF

Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.1.0 or less Tested on: Windo...

8.8CVSS8.8AI score0.01731EPSS
Exploits2
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.290 views

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting XSS Date: 12 April 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.1.1 Proof Of Concept: 1. Click Add Video part and enter the XSS payload as below into the first input of form or Reques...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/11 12:0 a.m.290 views

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR

!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...

7.6CVSS6.7AI score0.00544EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.290 views

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

9.8CVSS9.8AI score0.02849EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.290 views

Zomplog 3.9 - Cross-site scripting (XSS)

Exploit Title: Zomplog 3.9 - Cross-site scripting XSS Application: Zomplog Version: v3.9 Bugs: XSS Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.290 views

Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"

Exploit Title: Game Jackal Server v5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.allradiosoft.ru Software Link: https://www.allradiosoft.ru/en/ss/index.htm Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36166 PoC C:\Userswmic...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2023/05/13 12:0 a.m.290 views

Epson Stylus SX510W Printer Remote Power Off - Denial of Service

Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2020-05-16 Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.290 views

Auto Dealer Management System 1.0 - Broken Access Control Exploit

Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...

8.8CVSS7.6AI score0.03074EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.290 views

Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A...

6.1CVSS6.6AI score0.02486EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.290 views

Explore CMS 1.0 - SQL Injection

Exploit Title: Explore CMS 1.0 - SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: CVE-2022-27412 POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries...

9.8CVSS9.7AI score0.03829EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/04/07 12:0 a.m.290 views

Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path

Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Date: 02/04/2022 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE:...

7.8CVSS7.9AI score0.01027EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.290 views

ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)

Exploit Title: ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/10 12:0 a.m.290 views

Cain & Abel 4.9.56 - Unquoted Service Path

Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 2022-02-08 Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/21 12:0 a.m.290 views

Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)

Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/29 12:0 a.m.290 views

FOGProject 1.5.9 - File Upload RCE (Authenticated)

Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Date: 2021-04-28 Exploit Author: [email protected] Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.290 views

SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)

Exploit Title: SuiteCRM 7.11.15 - 'lastname' Remote Code Execution Authenticated Date: 08 NOV 2020 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://suitecrm.com/ Software Link: https://github.com/salesagility/SuiteCRM Version: 7.11.15 and below Tested on: Ubuntu 20.04 LTS CVE:...

9CVSS8.7AI score0.63267EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/04/16 12:0 a.m.290 views

ThinkPHP - Multiple PHP Injection RCEs (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinkPHP Multiple PHP Injection RCEs', 'Description' = %q This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/24 12:0 a.m.290 views

WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection

Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://slicedinvoices.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/29 12:0 a.m.290 views

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Application Testing Suite WebLogic Server Administration Console War Deployment', 'Description' = %q This module abuses a feature in...

7.1CVSS7AI score0.30876EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.290 views

Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module

commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1 infrastructure is used instead of an open-coded parser. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.290 views

Joomla! Component JoomCRM 1.1.1 - SQL Injection

Exploit Title: Joomla! Component JoomCRM 1.1.1 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/ Version: 1.1.1 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/07/13 12:0 a.m.290 views

Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/payloadgenerator' require 'msf/core/exploit/powershell' require 'rex' class MetasploitModule 'MS16-032 Secondary Logon Handle Privile...

7.8CVSS7.6AI score0.37164EPSS
Exploits14
Exploit DB
Exploit DB
added 2008/11/01 12:0 a.m.290 views

YourFreeWorld Autoresponder Hosting - 'tr.php' SQL Injection

Autoresponder Hosting id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script :http://www.yourfreeworld.com/script/autoresponderhosting.php DorK : inurl:tr.php?id= Autoresponder Exploit :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/08/25 12:0 a.m.290 views

Bluemoon inc. PopnupBlog 3.30 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30827/info Bluemoon inc. PopnupBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/23 12:0 a.m.290 views

Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage

!/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specific size or fall on a certain...

5CVSS5.1AI score0.73006EPSS
Exploits15
Exploit DB
Exploit DB
added 2006/10/16 12:0 a.m.290 views

Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/20561/info Microsoft Class Package Export Tool 'clspack.exe' is prone to a local buffer-overflow vulnerability because the application fails to properly size attacker-supplied data before copying it into an insuficiently sized memory buffer. Exploiting th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/17 12:0 a.m.290 views

VP-ASP Shopping Cart - 'Shopadmin.asp' HTML Injection

source: https://www.securityfocus.com/bid/15490/info VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content. Attacker-supplied HTML and script code would be executed in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.289 views

ProSSHD 1.2 20090726 - Denial of Service (DoS)

Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Google Dork: N/A Date: 13 january 2024 Exploit Author: Fernando Mengali Vendor Homepage: https://prosshd.com/ Software Link: N/A Version: 1.2 20090726 Tested on: Windows XP CVE: CVE-2024-0725 $sis="$^O"; if $sis eq "windows" $cmd="cls";...

7.5CVSS7.6AI score0.03649EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.289 views

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Google Dork: Date: 04/11/2023 Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import stri...

9.8CVSS8.4AI score0.52299EPSS
Exploits6
Total number of security vulnerabilities5000