Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2015/06/01 12:0 a.m.271 views

Realtek SDK - Miniigd UPnP SOAP Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Realtek SDK Miniigd UPnP SOAP Command Execution', 'Description' = %q Different devices using the Realtek SDK with the miniigd daemon...

10CVSS7.4AI score0.99975EPSS
Exploits6
Exploit DB
Exploit DB
added 2006/01/26 12:0 a.m.271 views

Oracle Database Server 9i/10g - 'XML' Local Buffer Overflow

/ Argeniss - Information Security http://www.argeniss.com infoatdotatdotc:\Unbreakable.txt' FROM DUAL; / Argeniss - Information Security http://www.argeniss.com infoatdotatdotcom Oracle version: 10g Release 1 Platform: Linux Shellcode opens a shell on port 4444 from www.metasploit.com. / DECLARE ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/09/06 12:0 a.m.271 views

Microsoft Windows - CSRSS Privilege Escalation (MS05-018)

include include include pragma comment lib,"Advapi32.lib" typedef struct CONSOLESTATEINFO / 0x00 / DWORD cbSize; / 0x04 / COORD ScreenBufferSize; / 0x08 / COORD WindowSize; / 0x0c / POINT WindowPosition; / 0x14 / COORD FontSize; / 0x18 / DWORD FontFamily; / 0x1c / DWORD FontWeight; / 0x20 / WCHAR...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.270 views

Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection

/ Title : Tigo Energy Cloud Connect Advanced CCA 4.0.1 - Command Injection Author : Byte Reaper CVE : CVE-2025-7769 / include include include include "argparse.h" include include include define FULLURL 2500 define POSTPAYLOAD 5500 const char baseurl = NULL; const char cookies = NULL; const char i...

8.7CVSS7.4AI score0.15849EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.270 views

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link: https://github.com/AquilaCMS/AquilaCMS Version: v1.409.20 CVE: CVE-2024-48572, CVE-2024-48573 import io import json import...

9.8CVSS9.6AI score0.01EPSS
Exploits2
Exploit DB
Exploit DB
added 2024/05/13 12:0 a.m.270 views

Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/06/03 12:0 a.m.270 views

Microweber CMS 1.2.15 - Account Takeover

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...

8.8CVSS8.8AI score0.08958EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.270 views

WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)

Exploit Title: WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery CSRF Date: 24-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Summary: Cross site forgery vulnerability has been identified...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.270 views

Thinfinity VirtualUI 2.5.26.2 - Information Disclosure

Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...

7.5CVSS7.7AI score0.12785EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/09/30 12:0 a.m.270 views

Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Date: 28.09.2021 Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/13 12:0 a.m.270 views

Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 12/08/2021 Exploit Author: Ömer Hasan Durmuş Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Version: v1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.270 views

Equipment Inventory System 1.0 - 'multiple' Stored XSS

Exploit Title: Equipment Inventory System 1.0 - 'multiple' Stored XSS Exploit Author: Jitendra Kumar Tripathi Vendor Homepage: https://www.sourcecodester.com/php/11327/equipment-inventory.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/16 12:0 a.m.270 views

AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)

Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: http://agatasoft.com/ Software Link: http://agatasoft.com/PingMasterPro.exe Version: 2.1 Tested on: Windows 10 Home x64 STEPS Open the program AgataSoft PingMaster Pro...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/16 12:0 a.m.270 views

Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting

Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/09 12:0 a.m.270 views

Alcatel-Lucent Omnivista 8770 - Remote Code Execution

Exploit Title: Alcatel-Lucent Omnivista 8770 - Remote Code Execution Google Dork: inurl:php-bin/webclient.php Date: 2019-12-01 Author: 0x1911 Vendor Homepage: https://www.al-enterprise.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/18 12:0 a.m.270 views

RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection

!/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages are the recommended GUI configuration components and listen on ...

10CVSS10AI score0.99999EPSS
Exploits132
Exploit DB
Exploit DB
added 2007/09/14 12:0 a.m.270 views

Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass

source: https://www.securityfocus.com/bid/25676/info Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. An attacker can exploit this issue to gain unauthorized access to the affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/11/21 12:0 a.m.270 views

BSDi 3.0/4.0 - 'rcvtty[mh]' Local Privilege Escalation

/ BSDi3.0/4.0rcvttymh local exploit, by [email protected]. this exploit is for the rcvtty of the mh package, which is setgid=4tty on BSDi. this exploit gives you egid/group=4tty access. example: ------------------------------------------------- bash-2.02$ id uid=101v9 gid=100user groups=100user...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.269 views

Ghost CMS 5.59.1 - Arbitrary File Read

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1, zipfile, tempfile Usag...

6.5CVSS7.4AI score0.57565EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.269 views

Apache Tomcat 10.1.39 - Denial of Service (DoS)

Exploit Title: Apache Tomcat 10.1.39 - Denial of Service DOS Author: Abdualhadi khalifa CVE: CVE-2025-31650 import httpx import asyncio import random import urllib.parse import sys import socket from colorama import init, Fore, Style init class TomcatKiller: def initself: self.successcount = 0...

7.5CVSS7.4AI score0.66933EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.269 views

MinIO < 2024-01-31T20-20-33Z - Privilege Escalation

Exploit Title: MinIO 2024-01-31T20-20-33Z - Privilege Escalation Date: 2024-04-11 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding RELEASE.2024-01-31T20-20-33Z Tested on: Windows 10 CVE : CVE-2024-24747 Required...

8.8CVSS8.7AI score0.34086EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.269 views

Bank Locker Management System - SQL Injection

Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Date: 12.09.2023 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.269 views

CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP...

6.5CVSS6.6AI score0.03345EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/10 12:0 a.m.269 views

Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated)

Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover Unauthenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/02 12:0 a.m.269 views

Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)

Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Date 30.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on:...

9.8CVSS9.6AI score0.46125EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/09/28 12:0 a.m.269 views

Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)

Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.269 views

Men Salon Management System 1.0 - Multiple Vulnerabilities

Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities Date: 2021-09-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql Version: 1.0 Tested on: Windows 10 - XAMPP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.269 views

ECOA Building Automation System - Weak Default Credentials

Exploit Title: ECOA Building Automation System - Weak Default Credentials Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Weak Default Credentials Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affecte...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.269 views

Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)

Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/22 12:0 a.m.269 views

RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...

5.4CVSS5.4AI score0.01773EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.269 views

Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)

Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting XSS Date: 15/04/2021 Exploit Author: Akash Chathoth Vendor Homepage: http://tileserver.org/ Software Link: https://github.com/maptiler/tileserver-gl Version: versions alertdocument.domain...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.269 views

Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'fileslist' Remote Stored XSS Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Remote Stored XSS Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.269 views

Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection

Exploit Title: Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/06 12:0 a.m.269 views

Newgen Correspondence Management System (corms) eGov 12.0 - IDOR

Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...

7.5CVSS7.7AI score0.10313EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.269 views

Bolt CMS 3.7.0 - Authenticated Remote Code Execution

Exploit Title: Bolt CMS 3.7.0 - Authenticated Remote Code Execution Date: 2020-04-05 Exploit Author: r3m0t3nu11 Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.x Tested on: Linux CVE : not-yet-0day !/usr/bin/python import requests import sys import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.268 views

Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure

Exploit Title: Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure Exploit Author: Yesith Alvarez Vendor Homepage: hhttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 CVE: CVE-2025-5777 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-5777/exploit.py impor...

9.3CVSS7.4AI score0.9987EPSS
Exploits18
Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.268 views

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Facebook Integration Page Name Field Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/...

5.4CVSS7.4AI score0.00872EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.268 views

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

Exploit Title: TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution RCE Date: 02.14.2023 Exploit Author: Andreas Finstad Vendor Homepage: https://titanftp.com/ Version: 2.0.1.2102 Tested on: Windows 2022 Server CVE : CVE-2023-22629 Exploit and description here: https://f20.be/blog/titanf...

8.8CVSS8.9AI score0.12322EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/23 12:0 a.m.268 views

WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.269 views

WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/27 12:0 a.m.268 views

COMMAX WebViewer ActiveX Control 2.1.4.5 - 'Commax_WebViewer.ocx' Buffer Overflow

Exploit Title: COMMAX WebViewer ActiveX Control 2.1.4.5 - 'CommaxWebViewer.ocx' Buffer Overflow Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX WebViewer ActiveX Control 2.1.4.5 CommaxWebViewer.ocx Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web pag...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/27 12:0 a.m.268 views

WordPress Plugin WPGraphQL 1.3.5 - Denial of Service

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.268 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download Unauthenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.268 views

LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Date: 18 Mars 2021 Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version:...

6.1CVSS6.6AI score0.09052EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/02/10 12:0 a.m.268 views

b2evolution 6.11.6 - 'plugin name' Stored XSS

Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS Date: 09/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...

4.8CVSS5.4AI score0.03537EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/21 12:0 a.m.268 views

Spotweb 1.4.9 - 'search' SQL Injection

Exploit Title: Spotweb 1.4.9 - 'search' SQL Injection Google Dork: N/A Date: 20 December 2020 Exploit Author: BouSalman Vendor Homepage: https://github.com/spotweb/spotweb Software Link: N/A Version: 1.4.9 Tested on: Ubuntu 18.04 CVE: CVE-2020-35545 GET...

9.8CVSS9.6AI score0.03803EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.268 views

SmartBlog 2.0.1 - 'id_post' Blind SQL injection

Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/06 12:0 a.m.268 views

Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution

Exploit Title: Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution Date: 2020-04-11 Exploit Author: Basim Alabdullah Vendor homepage: https://www.nagios.com Version: 5.6.12 Software link: https://www.nagios.com/downloads/nagios-xi/ Tested on: CentOS REDHAT 7.7.1908 core Authenticated Remote...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.268 views

YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3 Tested on: Linux/Windows CVE : CVE-2019-14430 The...

5.3CVSS5.6AI score0.02984EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/10/17 12:0 a.m.268 views

TP-Link WR940N - (Authenticated) Remote Code

import urllib2 import base64 import hashlib from optparse import import sys import urllibbanner = "\n" "WR940N Authenticated Remote Code Exploit\n" "This exploit will open a bind shell on the remote target\n" "The port is 31337, you can change that in the code if you wish\n" "This exploit require...

7.4AI score
Exploits0
Total number of security vulnerabilities5000