Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2000/07/13 12:0 a.m.282 views

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.281 views

Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow

/ Title : Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-7795 Vulnerability : Buffer Overflow Description : A buffer overflow vulnerability affecting certain Tenda routers, exploitable via an unauthenticated POST request to an...

9CVSS7.4AI score0.02792EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/03/29 12:0 a.m.281 views

Solstice Pod 6.2 - API Session Key Extraction via API Endpoint

Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwin School Ethical Hackers Vendor Homepage: https://www.mersive.com/ Software Link: https://documentation.mersive.com/en/solstice/about-solstice.html Versions: 5.5, 6.2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.281 views

Adobe Connect 11.4.5 - Local File Disclosure

Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested...

5.3CVSS5.3AI score0.81875EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.281 views

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.281 views

ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure

Exploit Title: ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure Exploit Author: LiquidWorm Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.281 views

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...

9.8CVSS9.7AI score0.39973EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.281 views

Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)

Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Date: 07/01/2022 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.281 views

ECOA Building Automation System - Remote Privilege Escalation

Exploit Title: ECOA Building Automation System - Remote Privilege Escalation Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Remote Privilege Escalation Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.281 views

Rails 5.0.1 - Remote Code Execution

Exploit Title: Rails 5.0.1 - Remote Code Execution Date: 2020-07-19 Exploit Author: Lucas Amorim Vendor Homepage: www.rubyonrails.org Software Link: www.rubyonrails.org Version: Rails " end if ARGV.length 3 header exit-1 end url = ARGV0 ip = ARGV1 port = ARGV2 puts " Sending payload to url" uri =...

8.8CVSS8.8AI score0.83085EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.281 views

Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting

Exploit Title: Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Google Dork: inurl:"/vam/indexvamop.php" Date: 2020-06-29 Exploit Author: Peter Blue Vendor Homepage: https://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net Version: 2.6.2 Tested on: Linu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/14 12:0 a.m.281 views

BSA Radar 1.6.7234.24750 - Local File Inclusion

Exploit title: BSA Radar 1.6.7234.24750 - Local File Inclusion Date: 2020-07-08 Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE-2020-14946 - Local File Inclusion Description: The Administrator section of th...

4.3CVSS4.7AI score0.077EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/11/19 12:0 a.m.281 views

scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)

Exploit Title: scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage: https://apps.apple.com/ca/app/scadaapp/id1206266634 Software Link: App Store for iOS devices Tested Version: 1.1.4.0 Vulnerability Type: Denial of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.281 views

CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection

Exploit Title: CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection Author: Cakes Discovery Date: 2019-09-16 Vendor Homepage: https://github.com/SaloniKumari123/CollegeManagementSystem Software Link: https://github.com/SaloniKumari123/CollegeManagementSystem/archive/master.zip Tested Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/09 12:0 a.m.281 views

Enigma NMS 65.0.0 - Cross-Site Request Forgery

-------------------------------------------------------------------- Exploit Title: Enigma NMS Cross-Site Request Forgery CSRF Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software Link:...

8.8CVSS9AI score0.00947EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/12 12:0 a.m.281 views

Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell

!/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local Vendor Homepage:...

10CVSS9.8AI score0.5766EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.280 views

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Telegram Bot Username Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...

5.4CVSS7.4AI score0.00872EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/07/08 12:0 a.m.280 views

Sudo chroot 1.9.17 - Local Privilege Escalation

Exploit Title: Sudo chroot 1.9.17 - Local Privilege Escalation Google Dork: not aplicable Date: Mon, 30 Jun 2025 Exploit Author: Stratascale Vendor Homepage:https://salsa.debian.org/sudo-team/sudo Software Link: Version: Sudo versions 1.9.14 to 1.9.17 inclusive Tested on: Kali Rolling 2025-7-3 CV...

9.3CVSS9.6AI score0.47467EPSS
Exploits70
Exploit DB
Exploit DB
added 2024/04/08 12:0 a.m.280 views

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

Exploit Title: Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass Author: LiquidWorm Vendor: Positron srl Product web page: https://www.positron.it https://www.positron.it/prodotti/apparati-broadcast/stereo-multicoder/tra-7005/ Affected version: 1.20 TRA7K5REV107 TRA7K5REV1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/03 12:0 a.m.280 views

Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.280 views

EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Exploit Title: EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.280 views

Medicine Tracker System v1.0 - Sql Injection

Exploit Title: Medicine Tracker System v1.0 - Sql Injection Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts0.zip Version: V1.0.0 Tested on: Windows/Linux Proof of Concept: 1-...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.280 views

XWorm Trojan 2.1 - Null Pointer Derefernce DoS

Exploit Author: XWorm Trojan 2.1 - Null Pointer Derefernce DoS Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ Software Link: N/A Version: 2.1 Tested on: Windows 10 CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.280 views

UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path

Exploit Title: UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea // https://twitter.com/ecarrilloeg Discovery Date: 2022-04-24 Vendor Homepage: https://www.zte.com.cn/global/ Tested Version: 2.0.3.0 Vulnerability Type: Unquoted Service Path...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/18 12:0 a.m.280 views

Simple Chatbot Application 1.0 - 'message' Blind SQLi

Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/16 12:0 a.m.280 views

GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)

Exploit Title: GeoGebra Classic 5.0.631.0-d - Denial of Service PoC Date: 2021-03-15 Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 5.0.631.0-d Tested on: Windows 8.1 Pro STEPS Open the program GeoGebra Run the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/16 12:0 a.m.280 views

GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)

Exploit Title: GeoGebra 3D Calculator 5.0.511.0 - Denial of Service PoC Date: 2021-03-15 Author: Brian Rodríguez Software Site: https://www.geogebra.org/download Download Link:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/16 12:0 a.m.280 views

Magic Home Pro 1.5.1 - Authentication Bypass

Exploit Title: Magic Home Pro 1.5.1 - Authentication Bypass Google Dork: NA Date: 22 October 2020 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2020-27199/ Vendor Homepage: http://www.zengge.com/appkzd Software Link:...

7.5CVSS7.6AI score0.02875EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.280 views

Online Job Portal 1.0 - Cross Site Scripting (Stored)

Exploit Title: Online Job Portal 1.0 Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/17 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/18 12:0 a.m.280 views

Online Healthcare management system 1.0 - Authentication Bypass

Exploit Title: Online Healthcare management system 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-05-16 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14217/online-healthcare-patient-record-management-system-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/08 12:0 a.m.280 views

Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape

Exploit Title: Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Date: 2020-01-07 Exploit Author: Harrison Neal, PatchAdvisor Vendor Homepage: https://tomcat.apache.org/ Software Link: https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.exe Version: 8.0.36...

9.1CVSS8.8AI score0.10303EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/03 12:0 a.m.280 views

Plantronics Hub 3.13.2 - Local Privilege Escalation

Exploit Title: Plantronics Hub 3.13.2 - Local Privilege Escalation Date: 2020-01-2 Exploit Author: Markus Krell - @MarkusKrell Vendor Homepage: https://support.polycom.com/content/dam/polycom-support/global/documentation/plantronics-hub-local-privilege-escalation-vulnerability.pdf Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/29 12:0 a.m.280 views

SpotAuditor 5.3.2 - 'Name' Denial of Service

Exploit Title: SpotAuditor 5.3.2 - 'Name' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-28 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.280 views

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)

!/usr/bin/env python Author: Xavi Beltran Contact: [email protected] Exploit Development: https://xavibel.com/2019/08/31/seh-based-local-buffer-overflow-dameware-remote-support-v-12-1-0-34/ Date: 14/7/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.1.0.34 Tools...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/21 12:0 a.m.280 views

Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl

/ Reproduction Tested on macOS 10.14.3: $ clang -o stfwildread stfwildread.cc $ ./stfwildread Explanation SIOCSIFADDR is an ioctl that sets the address of an interface. The stf interface ioctls are handled by the stfioctl function. The crash occurs in the following case where a struct ifreq is re...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/12/14 12:0 a.m.280 views

Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit)

$Id: tomcatmgrdeploy.rb 11330 2010-12-14 17:26:44Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2026/02/11 12:0 a.m.279 views

motionEye 0.43.1b4 - RCE

Exploit Title: motionEye 0.43.1b4 - RCE Exploit PoC: motionEye RCE via client-side validation bypass safe PoC Filename: motioneyercepocedb.txt Author: prabhatverma47 Date tested: 2025-05-14 original test; prepared for submission: 2025-10-11 Affected Versions: motionEye = 0.43.1b4 Tested on: Debia...

7.2CVSS5.4AI score0.18993EPSS
Exploits17
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.279 views

Check Point Security Gateway - Information Disclosure (Unauthenticated)

Exploit Title: Check Point Security Gateway - Information Disclosure Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 Version: R77.20 EOL, R77.30 EOL, R80.10 EOL, R80.20 EOL, R80.20.x, R80.20SP EOL, R80.30 EOL, R80.30SP EOL, R80.40...

8.6CVSS8.9AI score0.99978EPSS
Exploits52
Exploit DB
Exploit DB
added 2024/03/12 12:0 a.m.279 views

Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE

Exploit Title: Cisco Firepower Management Center Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface...

9.9CVSS9.7AI score0.15821EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/03/03 12:0 a.m.279 views

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...

9.8CVSS6.7AI score0.23581EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.279 views

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/06/06 12:0 a.m.279 views

Macro Expert 4.9 - Unquoted Service Path

Exploit Title: Macro Expert 4.9 - Unquoted Service Path Date: 04/06/2023 Exploit Author: Murat DEMIRCI Vendor Homepage: http://www.macro-expert.com/ Software Link: http://www.macro-expert.com/product/gmsetup4.9.exe Version: 4.9 Tested on: Windows 10 Proof of Concept : C:\Users\Muratsc qc "Macro...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.279 views

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Bludit CMS v3.14.1 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-04-15 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/releases/tag/3.14.1 Version: 3.14.1 Tested on: Windows 10, PHP 7.4.29, Apache...

5.4CVSS5.5AI score0.02586EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.279 views

Suprema BioStar 2 v2.8.16 - SQL Injection

Exploit Title: Suprema BioStar 2 v2.8.16 - SQL Injection Date: 26/03/2023 Exploit Author: Yuriy Vander Tsarenko https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/ Vendor Homepage: https://www.supremainc.com/ Software Link:...

6.5CVSS6.5AI score0.07496EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.279 views

Music Gallery Site v1.0 - SQL Injection on page Master.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested...

8.8CVSS8.8AI score0.01741EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.279 views

e107 CMS v3.2.1 - Multiple Vulnerabilities

Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Date: 30/04/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.279 views

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...

7.2CVSS6.9AI score0.77677EPSS
Exploits9
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.279 views

Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path

Exploit Title: Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-04-11 Vendor : Microsoft Version : 15.0.847.40 Tested on OS: Microsoft Exchange Server 2013 SP1 PoC :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.279 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any po...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/18 12:0 a.m.279 views

OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)

Exploit Title: OpenBMCS 2.4 - Cross Site Request Forgery CSRF Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 CSRF Send E-mail Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size o...

7.4AI score
Exploits0
Total number of security vulnerabilities5000