Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.276 views

AirKeyboard iOS App 1.0.5 - Remote Input Injection

Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage: https://airkeyboardapp.com Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 Version: Version 1.0.5 Tested on: iOS 18.5 with AirKeyboard app '''...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.277 views

AnyDesk 9.0.1 - Unquoted Service Path

Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path Date: 2024-12-11 Exploit Author: Parastou Razi Contact: [email protected] Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download Version: Software Version 9.0.1 Tested on: Windows 11 x64 1. Description: The Anydesk...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.276 views

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting XSS Date: 8-7-2024 Category: Web Application Exploit Author: Jeremia Geraldi Sihombing Version: 2.10.1 Tested on: Windows CVE: CVE-2024-39143 Description: ---------------- A stored cross-site scripting XSS vulnerability exists in...

5.4CVSS5.5AI score0.00928EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.276 views

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)

Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://wordpress.org/plugins/kubio/ Software Link: https://downloads.wordpress.org/plugin/kubio.2.5.1.zip Reference:...

9.8CVSS7.4AI score0.76761EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/03/19 12:0 a.m.276 views

VeeVPN 1.6.1 - Unquoted Service Path

Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path Date: 2024-12-27 Exploit Author: Doğukan Orhan Vendor Homepage: https://veepn.com/ Version: 1.6.1 Tested on: Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\Users\PCwmic service where 'name like "%VeePNService%"' get...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/31 12:0 a.m.276 views

Joomla iProperty Real Estate 4.1.1 - Reflected XSS

Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: The Thinkery LLC Vendor Homepage: http://thethinkery.net Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/ Demo:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.276 views

ABB FlowX v4.00 - Exposure of Sensitive Information

Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information Date: 2023-03-31 Exploit Author: Paul Smith Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series Version: ABB Flow-X all versions before V4.00 Tested on: Kali Linux CVE:...

5.3CVSS5.4AI score0.0388EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/02 12:0 a.m.276 views

PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting

Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting XSS Google Dork: None Date: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 functions.php function login...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/10 12:0 a.m.276 views

Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...

9.8CVSS9.7AI score0.04353EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.276 views

WebTareas 2.4 - Blind SQLi (Authenticated)

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

9.8CVSS9.8AI score0.05611EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.276 views

Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection

Exploit Title: Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/01 12:0 a.m.276 views

Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation

Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Date: 09/07/2021 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/15 12:0 a.m.276 views

Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.276 views

Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/09 12:0 a.m.276 views

Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path

Exploit Title: Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: sandboxie-plus.com Software Link: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.2/Sandboxie-Plus-x64-v0.7.2.exe Version: Version 0.7.2 Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/01 12:0 a.m.276 views

moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.276 views

ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection

Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection Google Dork: intitle:"Applications Manager Login Screen" Date: 2020-07-23 Exploit Author: aldorm Vendor Homepage: https://www.manageengine.com/ Software Link: Version: 12 and 13 before Build 13200 Tested on:...

9.8CVSS9.6AI score0.04772EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/02/26 12:0 a.m.276 views

PhpIX 2012 Professional - 'id' SQL Injection

Title: PhpIX 2012 Professional - 'id' SQL Injection Date: 2020-02-26 Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search Enggine. + /productdetail.php?id=448578 ====|...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/17 12:0 a.m.276 views

Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME

== Summary == This bug report describes two issues introduced by commit 64b875f7ac8a "ptrace: Capture the ptracer's creds not PTPTRACECAP", introduced in v4.10 but also stable-backported to older versions. I will send a suggested patch in a minute "ptrace: Fix -ptracercred handling for...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/08/15 12:0 a.m.276 views

KCFinder 2.51 - Local File Disclosure

--------------------------------------------------- Exploit Title: KCFinder Local File Disclosure Author: DaOne Vendor Homepage: http://kcfinder.sunhater.com/ Category: webapps/php Version: 2.51 + old versions Google dork: inurl:kcfinder/browse.php...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/04/30 12:0 a.m.276 views

Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied inp...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.275 views

Langflow 1.2.x - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...

9.8CVSS7.4AI score0.9999EPSS
Exploits33
Exploit DB
Exploit DB
added 2025/05/01 12:0 a.m.275 views

Daikin Security Gateway 14 - Remote Password Reset

Daikin Security Gateway 214 - Remote Password Reset Vendor: Daikin Industries, Ltd. Product web page: https://www.daikin.com https://www.daikin.eu/enus/products/product.html/DRGATEWAYAA.html Affected version: App: 100, Frm: 214 Summary: The Security gateway allows the iTM and LC8 controllers to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.275 views

TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12342 Description: Two critical...

7.1CVSS7.1AI score0.08886EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/07/31 12:0 a.m.275 views

General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/14 12:0 a.m.275 views

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit Exploit Author: LiquidWorm Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit Vendor: Sielco S.r.l Product web page: https://www.sielco.org...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.275 views

Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

8.8CVSS8.9AI score0.02266EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/03/30 12:0 a.m.275 views

Boa Web Server v0.94.14 - Authentication Bypass

Exploit Title: Boa Web Server v0.94.14 - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://github.com/gpg/boa CVE: N/A Tested on: Debian 5.18.5 Description : Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate the correct security constraint on th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/12 12:0 a.m.275 views

WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

6.1CVSS6.3AI score0.26379EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.275 views

Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)

Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/08 12:0 a.m.275 views

Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...

9.1CVSS7.7AI score0.97856EPSS
Exploits14
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.275 views

OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path

Exploit Title: OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.oki.com/ Software Link: https://www.oki.com/mx/printing/download/sPSV0100412270910.exe Software Version: 1.0.41 File Version: 1.4.2.0 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/26 12:0 a.m.275 views

InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service (PoC)

Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2019-11-23 Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/16 12:0 a.m.275 views

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...

7.5CVSS8.1AI score0.8703EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/26 12:0 a.m.275 views

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: 1, a: 2, a: 3, a: 4; function v7v8,v9 if v4.length == 0 v43 = a: 5; ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.275 views

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/13 12:0 a.m.275 views

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

!/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print ' https://github.com/a2u/CVE-2018-7600' print '' print 'Provided only for educational or informatio...

9.8CVSS10AI score0.99993EPSS
Exploits46
Exploit DB
Exploit DB
added 2017/05/17 12:0 a.m.275 views

WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress PHPMailer Host Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in WordPress version...

9.8CVSS8.1AI score0.99714EPSS
Exploits58
Exploit DB
Exploit DB
added 2025/07/02 12:0 a.m.274 views

gogs 0.13.0 - Remote Code Execution (RCE)

Exploit Title: gogs 0.13.0 - Remote Code Execution RCE Date: 27th June, 2025 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/gogs/gogs.git Version: gogs =0.13.0 Tested on: Ubuntu CVE: CVE-2024-39930 =============================== Example Usage: python3 exploit.py...

9.9CVSS6.5AI score0.07258EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.274 views

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...

7.6CVSS7.6AI score0.01307EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.274 views

Restaurant Management System 1.0 - SQL Injection

Exploit Title: Restaurant Management System 1.0 - SQL Injection Date: 2023-03-20 Exploit Author: calfcrusher [email protected] Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/14 12:0 a.m.274 views

SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path

Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.274 views

ECOA Building Automation System - Cookie Poisoning Authentication Bypass

Exploit Title: ECOA Building Automation System - Cookie Poisoning Authentication Bypass Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/13 12:0 a.m.274 views

Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS

Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS Date: 13.08.2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.274 views

StreamRipper32 2.6 - Buffer Overflow (PoC)

Exploit Title: StreamRipper32 2.6 - Buffer Overflow PoC Date: 2020-05-14 Exploit Author: Andy Bowden Tested On: Win10 x64 Download Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Vendor Page: http://streamripper.sourceforge.net/ Version: 2.6 Steps To Reproduce: Double click on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/03 12:0 a.m.274 views

ktsuss 1.4 - suid Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ktsuss suid Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a vulnerability in ktsuss versio...

10CVSS9.8AI score0.82828EPSS
Exploits6
Exploit DB
Exploit DB
added 2015/06/16 12:0 a.m.274 views

Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Privilege Escalation (Access /etc/shadow)

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIGUSERNS=y and where overlayfs has the FSUSERNSMOUNT flag, which allows the mounting of overlayfs insi...

7.8CVSS7.2AI score0.37679EPSS
Exploits22
Exploit DB
Exploit DB
added 2008/04/02 12:0 a.m.274 views

HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)

!/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt shameless plug This vulnerability was found, analysed and exploited as...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.273 views

Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape

Titles: Microsoft Edge Renderer Process Mojo IPC 134.0.6998.177 - Sandbox Escape Author: nu11secur1ty Date: 08/07/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730...

8.3CVSS7.4AI score0.08404EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.273 views

TOTOLINK N300RB 8.54 - Command Execution

Title: TOTOLINK N300RB 8.54 - Command Execution Author: Skander BELABED - Magellan Sécurité Date: 07/11/2025 Vendor: TOTOLINK Product: N300RB Firmware version: 8.54 CVE: CVE-2025-52089 Description: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8....

8.8CVSS7.4AI score0.07063EPSS
Exploits2
Total number of security vulnerabilities5000