Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.251 views

POLR URL 2.3.0 - Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

9.3CVSS9.4AI score0.07164EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/05/17 12:0 a.m.251 views

Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)

Exploit Title: Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting XSS Date: May 11 2022 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: https://surveysparrow.com/ Software Link: https://surveysparrow.com/enterprise-survey-software/ Version: 2022 Tested on: Windows C...

5.4CVSS5.5AI score0.02324EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.251 views

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Takeover Date: 18/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 1. About -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.251 views

Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)

Exploit Title: Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Softwar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.251 views

OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)

Exploit Title: OpenCart 3.0.3.2 - Stored Cross Site Scripting Authenticated Date: 2020-06-01 Exploit Author: Kailash Bohara Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart UsersUsers and click on Action button on top...

5.4CVSS5.2AI score0.02671EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/04/14 12:0 a.m.251 views

WSO2 3.1.0 - Persistent Cross-Site Scripting

Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Date: 2020-04-13 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700 Technical Details &...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/08 12:0 a.m.251 views

EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow

Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND /...

10CVSS7AI score0.21965EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/29 12:0 a.m.251 views

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/20 12:0 a.m.251 views

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow

Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced...

2.1CVSS7AI score0.00641EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/03/25 12:0 a.m.251 views

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/16 12:0 a.m.251 views

Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/03/07 12:0 a.m.251 views

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- import urllib2 import httplib def exploiturl, cmd: payload = "%='multipart/form-data'." payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?" payload += "memberAccess=dm:" payload +=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/13 12:0 a.m.250 views

Windows File Explorer Windows 10 Pro x64 - TAR Extraction

import os import tarfile def main: filename = input"Enter your file name: " ipaddress = input"Enter IP EX: 192.168.1.162: " librarycontent = f""" \\ipaddress\IT """ libraryfilename = f"filename.library-ms" with openlibraryfilename, "w", encoding="utf-8" as f: f.writelibrarycontent tarname =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.250 views

ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Date: 2024-5-24 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.250 views

Online Piggery Management System v1.0 - unauthenticated file upload vulnerability

!/bin/bash Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability Date: July 12 2023 Exploit Author: 1337kid Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html Version: 1.0 Tested on: Ubuntu CVE :...

9.8CVSS9.7AI score0.23311EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.250 views

Prestashop 8.0.4 - CSV injection

Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.250 views

WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)

Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.250 views

Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection

Exploit Title: Osprey Pump Controller 1.0.1 - pseudonym Semi-blind Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/202...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/03 12:0 a.m.250 views

ERPGo SaaS 3.9 - CSV Injection

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Date: 18/01/2023 Exploit Author: Sajibe Kanti Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version: 3.9...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.250 views

WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection

Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection Date: 2022-04-11 Exploit Author: Mohsen Dehghani aka 0xProfessional Vendor Homepage: https://motopress.com/ Software Link: https://downloads.wordpress.org/plugin/motopress-hotel-booking-lite.4.2.4.zip Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.250 views

Dbltek GoIP - Local File Inclusion

Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/04 12:0 a.m.250 views

WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting XSS Authenticated Date: 02-02-2022 Exploit Author: Ahmet Serkan Ari Software Link: https://wordpress.org/plugins/ip2location-country-blocker/ Version: 2.26.7 Tested on: Linux CVE: N/A Thanks: Ceylan...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.250 views

Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)

Exploit Title: Movie Rating System 1.0 - Broken Access Control Admin Account Creation Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/04 12:0 a.m.250 views

Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Date: 2021-10-03 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.250 views

glFTPd 2.11a - Remote Denial of Service

Exploit Title: glFTPd 2.11a - Remote Denial of Service Date: 15/05/2021 Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/16 12:0 a.m.250 views

PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection

​ Exploit Title: PrestaShop ProductComments 4.2.0 - 'idproducts' Time Based Blind SQL Injection Date: 2020-12-15 Exploit Author: Frederic ADAM Author contact: [email protected] Vendor Homepage: https://www.prestashop.com Software Link: https://github.com/PrestaShop/productcomments Version: 4.2.0...

8.2CVSS7.4AI score0.12388EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.250 views

Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection

Exploit Title: Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection Date: 10-18-2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/01 12:0 a.m.250 views

Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow

Exploit Title: Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow Google Dork: Server: Mida eFramework Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://pro.sony Version: = 1.82.01 !/usr/bin/env python Sony IPELA Network Camera ftpclient.cgi Remote...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/11 12:0 a.m.250 views

Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection

Exploit Title: Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection Date: 2020-05-06 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/09/11 12:0 a.m.250 views

Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)

This third version features: Complete support for i386, x8664, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 i.e. functions on exploit code and libc can be referenced; Improved search and transition...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.249 views

Garage Management System 1.0 (categoriesName) - Stored XSS

Exploit Title: Garage Management System 1.0 categoriesName - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace, SC Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...

5.4CVSS7.4AI score0.0292EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.249 views

RosarioSIS 7.6 - SQL Injection

Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...

9.8CVSS9.7AI score0.23673EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.249 views

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

8.8CVSS7.1AI score0.03941EPSS
Exploits1
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.249 views

PHPJabbers Cleaning Business 1.0 - Reflected XSS

Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...

6.1CVSS4.9AI score0.05177EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/06/20 12:0 a.m.249 views

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Date: 2023-06-20 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1...

8.8CVSS7.5AI score0.02304EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.249 views

NVFLARE < 2.1.4 - Unsafe Deserialization due to Pickle

Exploit Title: NVFLARE 2.1.4 - Unsafe Deserialization due to Pickle Exploit Author: Elias Hohl Google Dork: N/A Date: 2022-06-21 Vendor Homepage: https://www.nvidia.com Software Link: https://github.com/NVIDIA/NVFlare Version: 2.1.4 Tested on: Ubuntu 20.04 CVE : CVE-2022-34668...

9.8CVSS7AI score0.08529EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.249 views

Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)

Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/08 12:0 a.m.249 views

Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation

Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/30 12:0 a.m.249 views

Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/22 12:0 a.m.249 views

Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Date: 22/09/2021 Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/17 12:0 a.m.249 views

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/02 12:0 a.m.249 views

Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure

Exploit Title: Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40382 There is an...

7.5CVSS7.7AI score0.22724EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.249 views

ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path

Exploit Title: ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2021-05-22 Vendor Homepage: https://www.acer.com Tested Version: 6.0.3008.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to discover...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/23 12:0 a.m.249 views

Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS

Exploit Title: Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS Exploit Author: Jitendra Kumar Tripathi Vendor Homepage: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.249 views

Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)

Exploit Title: Sentrifugo 3.2 - 'assets' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/21 12:0 a.m.249 views

BlackCat CMS 1.3.6 - Cross-Site Request Forgery

Exploit Title: BlackCat CMS 1.3.6 - Cross-Site Request Forgery Date: 2020-06-01 Exploit Author: Noth Vendor Homepage: https://github.com/BlackCatDevelopment/BlackCatCMS Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Version: v1.3.6 CVE : CVE-2020-25453 BlackCat CMS v1.3.6 has a...

8.8CVSS8.9AI score0.06281EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.249 views

Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)

Exploit Title: Port Forwarding Wizard 4.8.0 - Buffer Overflow SEH Exploit Author: Sarang Tumne Date: 2020-07-18 CVE ID: N/A Confirmed on release 4.8.0 and 4.5.0 Vendor: http://www.port-forwarding.net/ Tested on OS- Windows Vista Buffer overflow in upRedSun Port Forwarding Wizard 4.8.0 and earlier...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/08 12:0 a.m.249 views

SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)

Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.supermicro.com/ Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources Version: X10DRH-iT motherboards with BIOS 2.0a and...

9.3CVSS8.8AI score0.02296EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/06/05 12:0 a.m.249 views

Online-Exam-System 2015 - 'feedback' SQL Injection

Exploit Title: Online-Exam-System 2015 - 'feedback' SQL Injection Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on: Ubuntu CVE : N/A import requests,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.249 views

UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.uvnc.com/ Software Link : https://www.uvnc.com/component/jdownloads/send/0-/394-ultravnc-1240-x86-setup.html?Itemid=0 Tested Version:...

7.4AI score
Exploits0
Total number of security vulnerabilities5000