Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2021/02/16 12:0 a.m.254 views

BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Date: 16-02-2021 Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.254 views

pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

5.4CVSS5.6AI score0.09282EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/02/17 12:0 a.m.254 views

SOPlanning 1.45 - 'users' SQL Injection

Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The SOPlannin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.254 views

School ERP System 1.0 - Cross Site Request Forgery (Add Admin)

Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link: https://sourceforge.net/projects/school-erp-ultimate/files/ Version ERP-Ultimate CVE:...

6.5CVSS6.5AI score0.01102EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/01/02 12:0 a.m.254 views

Hospital Management System 4.0 - Persistent Cross-Site Scripting

Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on: Windows CVE :...

6.1CVSS6.6AI score0.0552EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.254 views

Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

We have encountered a Windows kernel crash in nt!MiOffsetToProtos while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.254 views

DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection

Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection Date: 2019-09-19 Exploit Author: n1x MS-WEB Vendor Homepage: http://www.digit-rs.com/ Product Homepage: http://digit-rs.com/centris.html Version: Every version CVE : N/A Vulnerable parameters: datum1, datum2, KID, PID POST REQUEST POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/06 12:0 a.m.254 views

Monstra CMS - Remote Code Execution

Monstra CMS - Remote Code Execution. CVE-2017-18048. Webapps exploit for PHP platform Vulnerabilities Summary The following advisory describes a vulnerability found in Monstra CMS. Monstra is “a modern and lightweight Content Management System. It is Easy to install, upgrade and use.” The...

8.8CVSS9AI score0.63355EPSS
Exploits6
Exploit DB
Exploit DB
added 2009/11/13 12:0 a.m.254 views

Samba 3.0.10 < 3.3.5 - Format String / Security Bypass

The following proof of concept is available: smb: \ put aa%3Fbb...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.253 views

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

Exploit Title: ABB Cylon Aspect 3.08.02 deployStart.php Unauthenticated Command Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

10CVSS7AI score0.02073EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.253 views

TinyWebGallery v2.5 - Remote Code Execution (RCE)

Exploit Title: TinyWebGallery v2.5 - Remote Code Execution RCE Application: TinyWebGallery Version: v2.5 Bugs: RCE Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023 Author: Mirabbas...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.253 views

eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection Authenticated Date: 16/05/2023 Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31702 Step of...

7.2CVSS7.1AI score0.04312EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.253 views

LDAP Tool Box Self Service Password v1.5.2 - Account takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.253 views

Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Cyclos 4.14.7 - DOM Based Cross-Site Scripting XSS Date: 18/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31674 Description: Cyclos 4 PRO...

6.1CVSS6.5AI score0.03837EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.253 views

Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Date: 11/03/2022 Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.253 views

Cloudflare WARP 1.4 - Unquoted Service Path

Exploit Title: Cloudflare WARP 1.4 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.cloudflare.com/ Software Link: https://developers.cloudflare.com/warp-client/get-started/windows/ Version: 1.4.107 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.253 views

Cab Management System 1.0 - 'id' SQLi (Authenticated)

Exploit Title: Cab Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali linux Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.253 views

Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.253 views

Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection

Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Google Dork: Powered by Virtual Airlines Manager v2.6.2 Date: 2021-12-30 Exploit Author: Milad Karimi Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-release...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.253 views

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/20 12:0 a.m.253 views

Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.253 views

Small CRM 3.0 - 'Authentication Bypass' SQL Injection

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Date: 12/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/10 12:0 a.m.253 views

TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path

Exploit Title: TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/tftpbbv4retailx64.exe Tested Version: 4.3.0.1465...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.253 views

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

9CVSS8.7AI score0.17772EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/11/12 12:0 a.m.253 views

RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path

Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Google Dork: N/A Date: 2019-11-11 Exploit Author: chuyreds Vendor Homepage:https://www.realtek.com/en/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/14 12:0 a.m.253 views

Ajenti 2.1.31 - Remote Code Execution

Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details ------- Ajenti is a web control panel written in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/22 12:0 a.m.253 views

BlueStacks 4.80.0.1060 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: BlueStacks 4.80.0.1060 - Denial of Service PoC Date: 21/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.bluestacks.com Software: https://www.bluestacks.com/download.html?utmcampaign=bluestacks-4-en Version: 4.80.0.1060 Tested on: Windows 10 Proof ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/02 12:0 a.m.253 views

Dahua Generation 2/3 - Backdoor Access

!/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua / OEM units, where...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/03/11 12:0 a.m.253 views

ElasticSearch - Remote Code Execution

!/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set editing-mode vi' version = "20150309.1" def banner: print...

9.8CVSS9.5AI score0.99906EPSS
Exploits19
Exploit DB
Exploit DB
added 2006/04/01 12:0 a.m.253 views

ISP Site Man - 'admin_login.asp' SQL Injection

source: https://www.securityfocus.com/bid/17347/info Site Man is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.252 views

PHPJabbers Service Booking Script 1.0 - Reflected XSS

Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/service-booking-script/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...

6.1CVSS5AI score0.05177EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.252 views

Music Gallery Site v1.0 - SQL Injection on page view_music_details.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page viewmusicdetails.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0961 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com...

9.8CVSS9.7AI score0.01883EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.252 views

Music Gallery Site v1.0 - SQL Injection on music_list.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on musiclist.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link:...

9.8CVSS6.9AI score0.01785EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.252 views

HospitalRun 1.0.0-beta - Local Root Exploit for macOS

Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/02 12:0 a.m.252 views

WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting XSS Authenticated Date: 30-10-2021 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://domaincheckplugin.com/ Software Link:...

6.1CVSS6.5AI score0.12857EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/01/25 12:0 a.m.253 views

Online Project Time Management System 1.0 - Multiple Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.252 views

Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)

Exploit Title: Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Softwar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.252 views

Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)

Exploit Title: Projeqtor v9.3.1 - Stored Cross Site Scripting XSS Exploit Author: Oscar Gutierrez m4xp0w3r Date: January 4, 2021 Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/16 12:0 a.m.252 views

CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)

Exploit Title: CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting XSS Date: 13/08/2021 Exploit Author: Dinesh Mohanty Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.1081 Tested on: CentOS 7 and 8 Description: Multiple Stored Cross Site...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/19 12:0 a.m.252 views

Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass

Exploit Title: Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass Date: 2021-02-18 Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13877/online-exam-timer.html Tested On: Windows 10 Pro 10.0.18363 N...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.252 views

Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting

Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting Exploit Author: Chiragh Arora Hardware Model: Tenda AC5 AC1200 Firmware version: V15.03.06.47multi Tested on: Kali Linux CVE ID: CVE-2021-3186 Date: 25.01.2021 Steps to Reproduce - - Navigate to the Tend...

5.4CVSS6.4AI score0.02506EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/10/11 12:0 a.m.252 views

Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting

Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Date: 2019-10-03 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : CVE-2019–17411 PoC 1:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/22 12:0 a.m.252 views

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

8.8CVSS8.8AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2016/12/23 12:0 a.m.252 views

Freepbx < 2.11.1.5 - Remote Code Execution

Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ Trixbox/freepbx/elastix/pbxinflash/ Tested on: Cento...

10CVSS9.6AI score0.4299EPSS
Exploits4
Exploit DB
Exploit DB
added 2005/05/05 12:0 a.m.252 views

MidiCart PHP - 'Item_Show.php?Code_No' SQL Injection

source: https://www.securityfocus.com/bid/13515/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/07/02 12:0 a.m.251 views

Moodle 4.4.0 - Authenticated Remote Code Execution

Exploit Title: Moodle 4.4.0 - Authenticated Remote Code Execution Exploit Author: Likhith Appalaneni Vendor Homepage: https://moodle.org Software Link: https://github.com/moodle/moodle/releases/tag/v4.4.0 Tested Version: Moodle 4.4.0 Affected versions: 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4....

8.1CVSS8.1AI score0.83343EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.251 views

flatCore 1.5.5 - Arbitrary File Upload

Exploit Title: flatCore 1.5.5 - Arbitrary File Upload Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: 1.5.5 Tested on: Ubuntu Windows CVE : CVE-2019-10652 PoC: 1 1. Access the...

7.2CVSS7.1AI score0.0709EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/08/24 12:0 a.m.251 views

HughesNet HT2000W Satellite Modem - Password Reset

Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Date: 7/16/24 Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib re...

9.8CVSS7AI score0.99983EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/10 12:0 a.m.251 views

BrainyCP V1.0 - Remote Code Execution

Exploit Title: BrainyCP V1.0 - Remote Code Execution Date: 2023-04-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://brainycp.io Demo: https://demo.brainycp.io Tested on: Kali Linux CVE : N/A import requests credentials url = input"URL: " username = input"Username: " password =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.251 views

Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation

Exploit Title: Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit Author : TOUHAMI KASBAOUI Vendor Homepage : https://www.forcepoint.com/ Software: Stonesoft VPN Windows Version : 6.2.0 / 6.8.0 Tested on : Windows 10 CVE : N/A Description local privilege escalation vertical...

7.4AI score
Exploits0
Total number of security vulnerabilities5000