Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.267 views

Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection in sellvehicle.php Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0913 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...

8.8CVSS8.9AI score0.01635EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.267 views

Unified Remote 3.13.0 - Remote Code Execution (RCE)

Exploit Title: Unified Remote 3.13.0 - Remote Code Execution RCE Google Dork: NA Date: 03/03/2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download/windows Version: 3.13.0 Current Tested on: Windows CVE : NA Due to the u...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/23 12:0 a.m.267 views

WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.268 views

WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/27 12:0 a.m.267 views

WordPress Plugin WPGraphQL 1.3.5 - Denial of Service

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.267 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download Unauthenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.267 views

LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Date: 18 Mars 2021 Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version:...

6.1CVSS6.6AI score0.09052EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/11 12:0 a.m.267 views

OpenCart 3.0.36 - ATO via Cross Site Request Forgery

Exploit Title: OpenCart 3.0.36 - ATO via Cross Site Request Forgery Date: 01-09-2021 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/27 12:0 a.m.267 views

Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)

Exploit Title: Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service PoC Exploit Author : ZwX Exploit Date: 2019-11-26 Vendor Homepage : https://www.microsoft.com/ Link Software : https://www.microsoft.com/en-us/download/details.aspx?id=681 Tested on OS: Windows 7 Proof of Concept PoC:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/13 12:0 a.m.267 views

Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting

Exploit Title: Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-11-11 Exploit Author: Luis Stefan Vendor Homepage: https://www.technicolor.com/ Software Link: N/A Version: TC7300.B0 - STFA.51.20 Tested on: macOS Mojave and Catalina CVE : !/usr/bin/env...

5.4CVSS5.8AI score0.0084EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.267 views

WordPress Core 4.6 - Remote Code Execution

!/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // WordPress 4.6 - Remote Code Execution RCE PoC Exploit CVE-2016-10033 wordpress-rce-exploit.sh ver. 1.0 Discovered and coded by Dawid Golunski @dawidgolunski...

9.8CVSS7AI score0.99714EPSS
Exploits58
Exploit DB
Exploit DB
added 2016/05/09 12:0 a.m.267 views

Microsoft Windows 7 - 'WebDAV' Local Privilege Escalation (MS16-016) (2)

Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this exploit from shell connection, not a remote desktop, the result will...

7.8CVSS7.6AI score0.23383EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/03/19 12:0 a.m.266 views

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting XSS Authenticated Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version: 3.2.41.10.26 Tested on: Window Server 2016 1. Login to web application 2. Click on Entire...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.266 views

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Vendor: Royal Apps GmbH Web page: https://www.royalapps.com Affected version: 6.0.1.1000 macOS Summary: Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems with different protocols...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/28 12:0 a.m.266 views

BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...

7.2CVSS7AI score0.44002EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.266 views

Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload

Exploit Title: Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/download-from-files Date: 10/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/download-from-files/ Version: spacehen www.github.com/spacehen" def...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/30 12:0 a.m.266 views

rConfig 3.9.3 - Authenticated Remote Code Execution

Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...

9CVSS8.7AI score0.71635EPSS
Exploits13
Exploit DB
Exploit DB
added 2020/01/14 12:0 a.m.266 views

VPN unlimited 6.1 - Unquoted Service Path

Exploit Title: VPN unlimited 6.1 - Unquoted Service Path Date: 2020-1-13 Exploit Author: Amin Rawah Vendor Homepage: https://www.vpnunlimitedapp.com Version: 6.1 Tested on: Windows 10 64bit C:\Users\Aminsc qc VPNUnlimitedService SC QueryServiceConfig SUCCESS SERVICENAME: VPNUnlimitedService TYPE ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/09 12:0 a.m.266 views

Online Appointment - SQL Injection

Exploit Title: Online Appointment SQL Injection Data: 07.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/23 12:0 a.m.266 views

Joomla! Component vBizz 1.0.7 - Remote Code Execution

Exploit Title: Joomla! Component vBizz 1.0.7 - Remote Code Execution Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/ Version: 1.0.7 Category: Webapps Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.265 views

Zabbix 7.0.0 - SQL Injection

Exploit Title: Zabbix 7.0.0 - SQL Injection Date: 06/12/2024 Exploit Author: Leandro Dias Barata @m4nb4 Vendor Homepage: https://www.zabbix.com/ Software Link: https://support.zabbix.com/browse/ZBX-25623 Version: 6.0.0 - 6.0.31 / 6.0.32rc1 6.4.0 - 6.4.16 / 6.4.17rc1 7.0.0 Tested on: Kali Linux...

9.9CVSS7.4AI score0.78831EPSS
Exploits13
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.265 views

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...

8.8CVSS8.9AI score0.04898EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/03/28 12:0 a.m.265 views

X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)

Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Date: 24/10/2022 Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580...

9.8CVSS9.6AI score0.10573EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.265 views

Online Enrollment Management System 1.0 - Authentication Bypass

Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/03 12:0 a.m.265 views

Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)

Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.265 views

WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Himamshu Dilip Kulkarni Software Link: https://wordpress.org/plugins/rss-for-yandex-turbo/ Version: 1.29 Tested on: Windows Steps to reproduce vulnerability: 1. Install...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.265 views

Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com !/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/09 12:0 a.m.265 views

Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2019-12-06 Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Version: 1.0 Software Link: http://download.yachtcontrol.nl/klant/Software/ &...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.265 views

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/13 12:0 a.m.265 views

SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)

SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint access control system, Time and Attendance, Electric...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/24 12:0 a.m.265 views

OpenSSH 3.x - Challenge-Response Buffer Overflow (1)

source: https://www.securityfocus.com/bid/5093/info The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to the OpenSSH SSH2 challenge-response mechanism. They...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.264 views

OpenPanel 0.3.4 - Incorrect Access Control

Exploit Title: OpenPanel 0.3.4 - Incorrect Access Control Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53582 GET /files/../...

7.5CVSS7.7AI score0.03148EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/04/03 12:0 a.m.264 views

Computer Laboratory Management System v1.0 - Multiple-SQLi

Title: Computer Laboratory Management System v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 03/28/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.264 views

Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

Exploit Title: Wordpress Plugin - Membership For WooCommerce Resultz Uploader Uploaded ?PHP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.264 views

WordPress adivaha Travel Plugin 2.3 - SQL Injection

Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.264 views

Art Gallery Management System Project in PHP v 1.0 - SQL injection

Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection Date: 31-01-2023 Exploit Author: Yogesh Verma Vendor Homepage: https://y0gesh-verma.github.io/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/,...

9.8CVSS9.7AI score0.03684EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/03 12:0 a.m.264 views

GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 11 Jun 2022 Application: GLPI Cartography...

9.8CVSS9.8AI score0.07746EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.264 views

CSZ CMS 1.3.0 - 'Multiple' Blind SQLi

Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Date: 2021-04-22 Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.264 views

Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure Exploit Author: LiquidWorm Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/18 12:0 a.m.264 views

WorkTime 10.20 Build 4967 - Unquoted Service Path

Exploit Title: WorkTime 10.20 Build 4967 - Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.worktime.com/ Software Link: https://www.worktime.com/download/worktimecorporate.exe Tested Version: 10.20 Build Build 4967 Vulnerability Type: Unquoted Servi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/21 12:0 a.m.264 views

KevinLAB BEMS 1.0 - Undocumented Backdoor Account

Exploit Title: KevinLAB BEMS 1.0 - Undocumented Backdoor Account Date: 05.07.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kevinlab.com Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Management System Summary:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/06 12:0 a.m.264 views

Black Box Kvm Extender 3.4.31307 - Local File Inclusion

Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion Date: 05.07.2021 Exploit Author: Ferhat Çil Vendor Homepage: http://www.blackbox.com/ Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm Version: 3.4.31307 Category: Webapps Tested on: Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.264 views

htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor Homepage: https://www.htmly.com/ Software Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 !/usr/bin/python3 from selenium import webdriver from...

5.4CVSS5.7AI score0.01898EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.264 views

Baby Care System 1.0 - 'Post title' Stored XSS

Exploit Title: Baby Care System 1.0 - 'Post title' Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.264 views

Online Discussion Forum Site 1.0 - XSS in Messaging System

Exploit Title: Online Discussion Forum Site 1.0 - XSS in Messaging System Google Dork: N/A Date: 2020-10-17 Exploit Author: j5oh Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.264 views

Cayin Signage Media Player 3.0 - Remote Command Injection (root)

Title: Cayin Signage Media Player 3.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.264 views

WebKit - Universal XSS Using Cached Pages

VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.264 views

macOS 18.7.0 Kernel - Local Privilege Escalation

macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.264 views

NoviSmart CMS - SQL injection

Exploit Title: NoviSmart CMS SQL injection Date: 23.7.2019. Exploit Author: n1x MS-WEB Vendor Homepage: http://www.novismart.com/ Version: Every version CVE : CWE-89 Vulnerable parameter: Referer HTTP Header field GET Request GET / HTTP/1.1 Referer:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.263 views

Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)

Titles: Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting XSS Author: nu11secur1ty Date: 2025-07-18 Vendor: Microsoft Software: Microsoft Edge Browser Reference: https://www.cve.org/CVERecord?id=CVE-2015-6176 !/usr/bin/python nu11secur1ty CVE-2015-6176 import http.server import...

4.3CVSS7.4AI score0.10826EPSS
Exploits2
Total number of security vulnerabilities5000