Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/05/18 12:0 a.m.259 views

online Chatting System 1.0 - 'id' SQL Injection

Exploit Title: online Chatting System 1.0 - 'id' SQL Injection Google Dork: N/A Date: 2020-05-17 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14224/online-chatting-system-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/21 12:0 a.m.259 views

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Date: 2020-04-21 Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck...

8.8CVSS8.8AI score0.01802EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.259 views

UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC)

Exploit Title: UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.uvnc.com/ Software Link : https://www.uvnc.com/component/jdownloads/send/0-/394-ultravnc-1240-x86-setup.html?Itemid=0 Tested Version: 1.2.4.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/30 12:0 a.m.259 views

Microsoft UPnP - Local Privilege Elevation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' require 'msf/core/exploit/exe'...

7.8CVSS9AI score0.2995EPSS
Exploits25
Exploit DB
Exploit DB
added 2019/11/05 12:0 a.m.259 views

Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path

Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path Date: 2019-11-04 Exploit Author: Samuel DiazL Vendor Homepage: https://www.network-inventory-advisor.com/ Software Link: https://www.network-inventory-advisor.com/download.html Version: 5.0.26.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.259 views

Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the "post" Table

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/07 12:0 a.m.259 views

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)

/ OF version r00t VERY PRIV8 spabam Version: v3.0.4 Requirements: libssl-dev apt-get install libssl-dev Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena irc.brasnet.org Note: if required, host ptrace and replace wget target /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/23 12:0 a.m.259 views

Joomla! Component VMap 1.9.6 - SQL Injection

Exploit Title: Joomla! Component VMap 1.9.6 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/vmap/ Version: 1.9.6 Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/06/02 12:0 a.m.259 views

Golden FTP Server 4.70 - PASS Stack Buffer Overflow (Metasploit)

$Id: goldenftppassbof.rb 12812 2011-06-02 01:10:22Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/05/05 12:0 a.m.259 views

MidiCart PHP - 'Item_List.php?MainGroup' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13518/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/28 12:0 a.m.258 views

Adobe ColdFusion 2023.6 - Remote File Read

Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...

7.4CVSS7.5AI score0.98514EPSS
Exploits7
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.258 views

FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

Exploit Title: FoF Pretty Mail 1.1.2 - Local File Inclusion LFI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extensi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.258 views

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART3.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/12 12:0 a.m.258 views

OSGi v3.7.2 (and below) Console - RCE

!/usr/bin/python Exploit Title: OSGi v3.7.2 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.258 views

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Date: 15/5/2023 Exploit Author: Momen Eldawakhly Cyber Guy at Samurai Digital Security Ltd Vendor Homepage: https://pnpscada.com/ Version: PnPSCADA cross platforms: v2.x Tested on: Unix CVE : CVE-2023-1934 Proof-of-Concept:...

9.8CVSS7.8AI score0.08079EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.258 views

Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.258 views

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Exploit Title: Gin Markdown Editor v0.7.4 Electron - Arbitrary Code Execution Date: 2023-04-24 Exploit Author: 8bitsec CVE: CVE-2023-31873 Vendor Homepage: https://github.com/mariuskueng/gin Software Link: https://github.com/mariuskueng/gin Version: 0.7.4 Tested on: Mac OS 13 Release Date:...

7.8CVSS7.8AI score0.01349EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/02 12:0 a.m.258 views

PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.259 views

FortiRecorder 6.4.3 - Denial of Service

Exploit Title: FortiRecorder 6.4.3 - Denial of Service Google Dork: N/A Date: 13/03/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder Version: 6.4.3 and below && 6.0.11...

7.5CVSS7.6AI score0.0723EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.258 views

Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection

Exploit Title: Osprey Pump Controller 1.0.1 - userName Blind Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mira...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.258 views

Employee Task Management System v1.0 - Broken Authentication

Exploit Title: Employee Task Management System v1.0 - Broken Authentication Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0905 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.5CVSS7.6AI score0.03189EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/14 12:0 a.m.258 views

VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path

Exploit Title: VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path Date: 11/03/2022 Exploit Author: Faisal Alasmari Vendor Homepage: https://www.vive.com/ Software Link: https://developer.vive.com/resources/downloads/ Version: 1.0.0.4 Tested: Windows 10 x64 C:\Users\Usersc qc "VIVE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.258 views

HMA VPN 5.3 - Unquoted Service Path

Exploit Title: HMA VPN 5.3 - Unquoted Service Path Date: 18/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.hidemyass.com/ Software Link: https://www.hidemyass.com/en-us/downloads Version: 5.3.5913.0 Tested: Windows 10 Pro x64 es C:\Users\saudhsc qc HmaProVpn SC QueryServiceConf...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.258 views

Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/26 12:0 a.m.258 views

Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)

Exploit Title: Leawo Prof. Media 11.0.0.1 - Denial of Service DoS PoC Date: 25.07.2021 Vendor Homepage:https://www.leawo.org Software Link: https://www.leawo.org/downloads/total-media-converter-ultimate.html Exploit Author: Achilles Tested Version: 11.0.0.1 Tested on: Windows 7 x64 1.- Run python...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/23 12:0 a.m.258 views

WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting XSS Date: 23/07/2021 Exploit Author: Vikas Srivastava Software Link: https://wordpress.org/plugins/simple-post/ Version: 1.1 Category: Web Application Tested on Mac How to Reproduce this Vulnerability: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/03 12:0 a.m.258 views

CHIYU IoT Devices - 'Telnet' Authentication Bypass

Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware...

9.8CVSS9.7AI score0.35714EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.258 views

Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path

Exploit Title: Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-11-07 Vendor : Magic Utilities Pty Version : 64-bit 2.20 Vendor Homepage : https://magicutilities.net/magic-mouse/home Tested on OS: Windows 10 Home Analyze PoC ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.258 views

pfSense 2.4.4-p3 - Cross-Site Request Forgery

Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...

8.8CVSS8.8AI score0.54541EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/10 12:0 a.m.258 views

Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution

Exploit Title: Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution Date: 2020-07-06 Exploit Author: SpicyItalian Vendor Homepage: https://www.arubanetworks.com/products/security/network-access-control/ Version: ClearPass 6.7.x prior to 6.7.13-HF, ClearPass 6.8.x prior ...

10CVSS9.6AI score0.64596EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/05/19 12:0 a.m.258 views

Submitty 20.04.01 - Persistent Cross-Site Scripting

Exploit Title: Submitty 20.04.01 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: humblelad Vendor Homepage: http://submitty.org/ Software Link: https://github.com/Submitty/Submitty/releases Version: 20.04.01 Tested on: Mac Os Catalina CVE : CVE-2020-12882 Description: Submitty...

5.4CVSS5.8AI score0.01203EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/04/08 12:0 a.m.258 views

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Exploit Title: Amcrest Dahua NVR Camera IP2M-841 - Denial of Service PoC Date: 2020-04-07 Exploit Author: Jacob Baines Vendor Homepage: https://amcrest.com/ Software Link: https://amcrest.com/firmwaredownloads Version: Many different versions due to number of Dahua/Amcrest/etc devices affected...

8.8CVSS8.8AI score0.35643EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/01/07 12:0 a.m.258 views

piSignage 2.6.4 - Directory Traversal

Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...

4.3CVSS4.7AI score0.0879EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/10/16 12:0 a.m.258 views

Solaris xscreensaver 11.4 - Privilege Escalation

Exploit Title: Solaris xscreensaver 11.4 - Privilege Escalation Date: 2019-10-16 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/technetwork/server-storage/solaris11/ Version: Solaris 11.x Tested on: Solaris 11.4 and 11.3 X86 CVE: N/A !/bin/sh raptorxscreensaver - Solaris 11....

8.8CVSS9AI score0.13399EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/10/14 12:0 a.m.258 views

Kirona-DRS 5.5.3.5 - Information Disclosure

Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...

6.1CVSS5.8AI score0.49236EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.258 views

freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow

Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow Date: 2019-09-01 Author: Chet Manly Software Link: https://download.cnet.com/FreeFTP/3000-21604-10047242.html Version: 1.0.8 CVE: N/A from ftplib import FTP buf = "" buf += "\x89\xe1\xdb\xdf\xd9\x71\xf4\x5e\x56\x59\x49\x49\x49" buf +=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/02 12:0 a.m.258 views

Maran PHP Shop - 'prod.php' SQL Injection

Maran PHP Shop prod.php cat SQL Injection Vulnerability url: http://www.maran.pamil-visions.com/maranshop.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/20 12:0 a.m.258 views

MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2)

/ $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with root privileges very bad idea!, slightly modified to work with new...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2004/10/17 12:0 a.m.258 views

ProFTPd 1.2.10 - Remote Users Enumeration

/ Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at the ProFTPd login procedure. There ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/26 12:0 a.m.257 views

GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure

Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...

5.1CVSS9.5AI score0.01278EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.257 views

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion LFI Date: 2025-07-09 Exploit Author: Imraan Khan Lich-Sec Vendor Homepage: https://wss.com/ Software Link: https://client.protop.co.za/ Version: v4.4.2-2024-11-27 Tested on: Ubuntu 22.04 / Linux CVE: CVE-2025-44177...

8.2CVSS9.6AI score0.04173EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.257 views

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.257 views

PHPJabbers Night Club Booking 1.0 - Reflected XSS

Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulat...

6.1CVSS7AI score0.05109EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.257 views

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...

6.8CVSS5.7AI score0.01711EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.257 views

WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS6.5AI score0.10703EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.257 views

Hostel Management System 2.1 - Cross Site Scripting (XSS)

Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Date: 26/12/2021 Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/23 12:0 a.m.257 views

Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control

Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...

7.5CVSS7.6AI score0.48417EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/03 12:0 a.m.257 views

PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution

Exploit Title: PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Date: 23 may 2021 Exploit Author: flast101 Vendor Homepage: https://www.php.net/ Software Link: - https://hub.docker.com/r/phpdaily/php - https://github.com/phpdaily/php Version: 8.1.0-dev Tested on: Ubuntu 20.04 References: -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.257 views

Moodle 3.10.3 - 'url' Persistent Cross Site Scripting

Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting Date: 22/04/2021 Exploit Author: UVision Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org Version: 3.10.3 Tested on: Debian/Windows 10 By having the role of a teacher or an administrator or a manag...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.257 views

Joplin 1.2.6 - 'link' Cross Site Scripting

Exploit Title: Joplin 1.2.6 - 'link' Cross Site Scripting Date: 2020-09-21 Exploit Author: Philip Holbrook @fhlipZero Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/tag/v1.2.6 Version: 1.2.6 Tested on: Windows / Mac CVE : CVE-2020-28249...

6.1CVSS6.3AI score0.03027EPSS
Exploits3
Total number of security vulnerabilities5000