Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.969 views

Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/13 12:0 a.m.968 views

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)

Exploit Title: Jiofi 4 JMR 1140 CSRF To View Wi-fi Password Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 Category: Hardware Wifi Router Version: JMR-11...

9.8CVSS0.3AI score0.03807EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/09 12:0 a.m.967 views

SmarterMail Build 6985 - Remote Code Execution

Exploit Title: SmarterMail Build 6985 - Remote Code Execution Exploit Author: 1F98D Original Author: Soroush Dalili Date: 10 May 2020 Vendor Hompage: re CVE: CVE-2019-7214 Tested on: Windows 10 x64 References:...

10CVSS9.6AI score0.84174EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/11/19 12:0 a.m.967 views

Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free

EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/24 12:0 a.m.965 views

nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting

Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.nopcommerce.com/ Version: 4.30 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29475 Stored Cross-site scriptingXSS: Stored XSS, also...

4.8CVSS5.5AI score0.01082EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/02/26 12:0 a.m.964 views

Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)

Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.964 views

SAP Lumira 1.31 - Stored Cross-Site Scripting

Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Date: 13.08.2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.964 views

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution

!/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html Version: Oracl...

9.8CVSS9AI score0.99964EPSS
Exploits35
Exploit DB
Exploit DB
added 2021/06/04 12:0 a.m.963 views

Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

8.8CVSS8.7AI score0.13499EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.961 views

Laravel Nova 3.7.0 - 'range' DoS

Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/07/20 12:0 a.m.961 views

OpenSSH 7.2p2 - Username Enumeration

!/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-19 Purpose: User name enumeration against SSH daemons...

5.9CVSS7AI score0.88944EPSS
Exploits12
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.955 views

Microsoft Internet Explorer 11 32-bit - Use-After-Free

Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...

7.6CVSS8.2AI score0.86863EPSS
Exploits17
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.955 views

Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection

Exploit Title: Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ramil Mustafayev Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/ Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.954 views

Microsoft Windows 10 - Theme API 'ThemePack' File Parsing

Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10 v.1803 17134.407 Tested on: Windows 7, 8.0, 8.1, 10, Serve...

9.3CVSS7.6AI score0.46406EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.949 views

Testa Online Test Management System 3.4.7 - 'q' SQL Injection

Exploit Title: Testa Online Test Management System 3.4.7 - 'q' SQL Injection Date: 2020-07-21 Google Dork: N/A Exploit Author: Ultra Security Team Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad Khalifeh , Milad Ranjbar Vendor Homepage: https://testa.cc Version: v3.4.7 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/25 12:0 a.m.948 views

osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting

Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting Date: 2020-11-19 Exploit Author: Emre Aslan Vendor Homepage: https://www.oscommerce.com/ Version: 2.3.4.1 Tested on: Windows & XAMPP == Tutorial https://HOST/catalog/admin/newsletters.php?action=new 3- Enter the XSS paylo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.946 views

CSE Bookstore 1.0 - Authentication Bypass

Exploit Title: CSE Bookstore Authentication Bypass Date: 27/10/2020 Exploit Author: Alper Basaran Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Windows 10 Enterprise 1909 CSE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.940 views

PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: PostgreSQL 9.6.1 - Remote Code Execution RCE Authenticated Date: 2023-02-01 Exploit Author: Paulo Trindade @paulotrindadec, Bruno Stabelini @Bruno Stabelini, Diego Farias @fulcrum and Weslley Shaimon Github: https://github.com/paulotrindadec/CVE-2019-9193 Version: PostgreSQL 9.6.1 ...

9CVSS7.1AI score0.91877EPSS
Exploits17
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.940 views

WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection

Exploit Title: WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection Date: 09/08/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/membership-by-supsystic.1.4.7.zip Version: 1.4.7 Tested on: Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/20 12:0 a.m.939 views

IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow

Exploit Title: IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec Vendor Homepage: https://www.ibm.com/support/knowledgecenter/en/SSGSG77.1.0/com.ibm.itsm.tsm.doc/welcome.html Version: 5.2.0.1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.939 views

Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path

Exploit Title: Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path Discovery by: Erika Figueroa Discovery Date: 2020-11-07 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 1.0.64.10 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 x64 es Step ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/11 12:0 a.m.938 views

ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path

Exploit Title: ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-10 Vendor Homepage: https://www.asus.com/ Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/17 12:0 a.m.937 views

Avaya Aura Communication Manager 5.2 - Remote Code Execution

Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/14 12:0 a.m.935 views

Samba 3.0.21 < 3.0.24 - LSA trans names Heap Overflow (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Samba...

10CVSS6.8AI score0.77806EPSS
Exploits23
Exploit DB
Exploit DB
added 2018/06/06 12:0 a.m.931 views

Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass

Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass. CVE-2018-11692. Webapps exploit for Hardware platform Exploit Title: Incorrect Access Control in Canon LBP6650, LBP3370, LBP3460, LBP7750C Date: 3.6.2018 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Software Link:...

10CVSS9.7AI score0.04574EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/11/25 12:0 a.m.930 views

Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path

Exploit Title: Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-24 Vendor Homepage: https://www.dell.com/ Software Link : https://www.dell.com/support/home/mx/es/mxbsdt1/drivers/driversdetails?driverid=vwpkk Tested Version...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.928 views

Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF

Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF Date: 2020-07-30 Author: Julien Ahrens Vendor Homepage: https://www.acronis.com Version: 12.5 Build 16341 CVE: CVE-2020-16171 VERSIONS AFFECTED ==================== Acronis Cyber Backup v12.5 Build 16327 and probably belo...

6.5CVSS6.8AI score0.05505EPSS
Exploits4
Exploit DB
Exploit DB
added 2011/01/17 12:0 a.m.928 views

Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation

Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid stock kernel 2.6.32-27-generic contains a bug that allows to keep attached to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.927 views

Chromium 83 - Full CSP Bypass

Title: Chromium 83 - Full CSP Bypass Date: 02/09/2020 Exploit Author: Gal Weizman Vendor Homepage: https://www.chromium.org/ Software Link: https://download-chromium.appspot.com/ Version: 83 Tested On: Mac OS, Windows, iPhone, Android CVE: CVE-2020-6519 function var payload = top.SUCCESS = true;...

6.5CVSS8.1AI score0.1132EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/11/24 12:0 a.m.927 views

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

10CVSS9.8AI score0.89849EPSS
Exploits11
Exploit DB
Exploit DB
added 2017/08/28 12:0 a.m.927 views

Abusing Token Privileges For LPE

Abusing Token Privileges For LPE. Papers exploit for Windows platform |=-----------------------------------------------------------------------=| |=----------------= Abusing Token Privileges For LPE=------------------=| |=-----------------------------------------------------------------------=|...

7.8CVSS0.87042EPSS
Exploits22
Exploit DB
Exploit DB
added 2008/05/15 12:0 a.m.927 views

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It works if such a key...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/23 12:0 a.m.924 views

VTiger v7.0 CRM - 'To' Persistent XSS

Exploit Title: VTiger v7.0 CRM - 'To' Persistent XSS Date: 2020-11-18 Exploit Vulnerability-Lab Vendor Homepage: https://www.vtiger.com/open-source-crm/download-open-source/ Software Link: https://sourceforge.net/projects/vtigercrm/files/ Version: v7.0 Document Title: =============== VTiger v7.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/11 12:0 a.m.922 views

CuteNews 2.1.2 - Arbitrary File Deletion

Exploit Title: CuteNews 2.1.2 - Arbitrary File Deletion Date: 2020-05-08 Author: Besim ALTINOK Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Maybe it affect other versions Tested on: Xampp Credit: İsmail BOZKURT Remotely: Yes...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/10/21 12:0 a.m.922 views

TrendMicro InterScan Web Security Virtual Appliance - 'Shellshock' Remote Command Injection

!/usr/bin/env python TrendMicro InterScan Web Security Virtul Appliance ================================================== InterScan Web Security is a software virtual appliance that dynamically protects against the ever-growing flood of web threats at the Internet gateway exclusively designed to...

10CVSS10AI score0.99999EPSS
Exploits131
Exploit DB
Exploit DB
added 2016/03/03 12:0 a.m.923 views

DropBearSSHD 2015.71 - Command Injection

VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt Johnston References:...

6.4CVSS7.1AI score0.37016EPSS
Exploits13
Exploit DB
Exploit DB
added 2009/09/01 12:0 a.m.918 views

Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow

!/usr/bin/perl IIS 5.0 FTP Server / Remote SYSTEM exploit Win2k SP4 targets bug found & exploited by Kingcope, kcope2googlemail.com Affects IIS6 with stack cookie protection Modded by muts, additional egghunter added for secondary larger payload Might take a minute or two for the egg to be found...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/29 12:0 a.m.917 views

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.917 views

DotNetNuke < 9.4.0 - Cross-Site Scripting

Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits a notification page. Exploit Author: MAYASEVEN CVE :...

6.1CVSS6.5AI score0.06175EPSS
Exploits6
Exploit DB
Exploit DB
added 2006/07/21 12:0 a.m.916 views

Sendmail 8.13.5 - Remote Signal Handling (PoC)

!/usr/bin/env python [email protected] Sendmail 8.13.5 and below Remote Signal Handling exploit usage: rbl4ck-sendmail.py 127.0.0.1 0 25 this exploit was leaked to the PHC Phrack High Council so instead of only letting them have a copy, we figure everyone should have what they have. :-...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/08/03 12:0 a.m.915 views

WU-FTPD 2.6.2 - Off-by-One Remote Command Execution

/ wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz Brute-Force function added. / define VERSION "v0.0.3" include include include include include include define DEBUGNG undef DEBUGNG define NRL 0 define SCS 1 define FAD -1 define MAXBF 16 define BFLSZ 0x100 / 256 /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/07 12:0 a.m.912 views

Samba 2.2.x - Remote Buffer Overflow

!/usr/bin/perl Header Name: trans2root.pl Purpose: Proof of concept exploit for Samba 2.2.x trans2open overflow Author: H D Moore Copyright: Copyright C 2003 Digital Defense Inc. trans2root.pl -t -H -h use strict; use Socket; use IO::Socket; use IO::Select; use POSIX; use Getopt::Std; $SIGUSR2 = ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/11/02 12:0 a.m.911 views

Dolphin 7.0.3 - Multiple Vulnerabilities

Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/27 12:0 a.m.909 views

WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting XSS Date: 2021-07-31 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/wappointment.2.2.4.zip Version: 2.2.4 Tested on: Windows Description : Wappointment is prone to Stored Cross...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.907 views

Car Rental Management System 1.0 - SQL Injection / Local File include

Exploit Title: Car Rental Management System 1.0 - SQL Injection / Local File include Date: 22-10-2020 Exploit Author: Mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/16 12:0 a.m.907 views

PMB 5.6 - 'chemin' Local File Disclosure

Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure Date: 2020-10-13 Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 Tested on: Ubuntu 18.04.1 The PMB G...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/10 12:0 a.m.907 views

HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)

Exploit Title: HFS Http File Server 2.3m Build 300 - Buffer Overflow PoC Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: www.rejetto.com CVE : CVE-2020-13432 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.5CVSS7.6AI score0.30865EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/06/07 12:0 a.m.906 views

Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...

9.8CVSS9.5AI score0.95242EPSS
Exploits16
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.906 views

Moodle 3.8 - Unrestricted File Upload

Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/29 12:0 a.m.906 views

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...

7CVSS7.1AI score0.07611EPSS
Exploits24
Total number of security vulnerabilities5000