Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2020/03/24 12:0 a.m.231 views

UliCMS 2020.1 - Persistent Cross-Site Scripting

Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows CVE : CVE-2020-12704 Vulnerability : Stored...

6.1CVSS6.4AI score0.01186EPSS
Exploits1
Exploit DB
Exploit DB
added 2019/10/16 12:0 a.m.231 views

X.Org X Server 1.20.4 - Local Stack Overflow

Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow Date: 2019-10-16 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://www.x.org/ Version: = 1.20.4 Tested on: Linux CVE: CVE-2019-17624 !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar X.Org X Server...

7.8CVSS7.9AI score0.03694EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/07/12 12:0 a.m.231 views

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/ Tested on: Linux CVE : 2019-13491 Poc...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2016/09/22 12:0 a.m.231 views

Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities

SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been developed as well but will not be released for now. Blog:...

9.8CVSS7.9AI score0.46801EPSS
Exploits7
Exploit DB
Exploit DB
added 2010/06/09 12:0 a.m.231 views

Adobe Flash / Reader - Live Malware

Exploit-DB Note - Live POC originally found at http://qoop.org/security/poc/cve-2010-1297/ File is malicious! Taken from the wild! Beware! To decrypt the file: openssl aes-256-cbc -d -a -in adobe-0day-2010-1297.tar.enc -out adobe-0day-2010-1297.tar Password is "edb" without the quotes. NOTE: This...

9.3CVSS7AI score0.82365EPSS
Exploits22
Exploit DB
Exploit DB
added 2026/04/08 12:0 a.m.230 views

SQLite 3.50.1 - Heap Overflow

Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.sqlite.org Software Link: https://www.sqlite.org/download.html Version: SQLite 3.50....

7.7CVSS6.5AI score0.73495EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.230 views

WordPress adivaha Travel Plugin 2.3 - Reflected XSS

Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.230 views

Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.230 views

PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

Exploit Title: PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting XSS Application: PodcastGenerator Version: v3.2.9 Bugs: Stored Xss Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found: 14-05-2023...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.230 views

Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.230 views

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...

6.1CVSS6.6AI score0.0189EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/12 12:0 a.m.230 views

Orchard Core RC1 - Persistent Cross-Site Scripting

Exploit Title: Orchard Core RC1 - Persistent Cross-Site Scripting Google Dork: "Orchardcms" Date: 2020-05-07 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: http://www.orchardcore.net/ Software Link: https://github.com/OrchardCMS/OrchardCore Version: RC1 Tested on: Windows CVE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/06 12:0 a.m.230 views

Small CRM 2.0 - Authentication Bypass

Exploit Title: Small CRM 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: V2.0 Tested on: Windows CVE : N/A Description: There is a SQL injection...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/16 12:0 a.m.230 views

OpenBSD 6.x - Dynamic Loader Privilege Escalation

Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...

7.8CVSS7.8AI score0.03522EPSS
Exploits12
Exploit DB
Exploit DB
added 2019/12/04 12:0 a.m.230 views

OwnCloud 8.1.8 - Username Disclosure

Exploit Title: OwnCloud 8.1.8 - Username Disclosure Exploit Author : Daniel Moreno Exploit Date: 2019-11-29 Vendor Homepage : https://owncloud.org/ Link Software : https://ftp.icm.edu.pl/packages/owncloud/ old version. Download at your own risk Tested on OS: CentOS PoC: 1. Create an account in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/01 12:0 a.m.230 views

Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Date: 01.08.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/25 12:0 a.m.230 views

GreenCMS 2.x - SQL Injection

Exploit Title: Green CMS 2.x - SQL Injection Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/11/02 12:0 a.m.230 views

Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel

Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading is the only requirement. This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures,...

4.7CVSS6.4AI score0.03418EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/03/03 12:0 a.m.230 views

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)

Linux/x86-64 - Polymorphic Setuid0 & Execve/bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/12 12:0 a.m.230 views

Microsoft Windows Server - Code Execution (MS08-067)

/ MS08-067 Remote Stack Overflow Vulnerability Exploit Author: Polymorphours Email: [email protected] Homepage:http://www.whitecell.org Date: 2008-10-28 / include "stdafx.h" include include include include pragma commentlib, "mpr" pragma commentlib, "Rpcrt4" pragma commentlib, "ws232"...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.229 views

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Exploit Title: Screen SFT DAB 600/C - Unauthenticated Information Disclosure userManager.cgx Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/28 12:0 a.m.229 views

WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/ultimate-maps-by-supsystic/ Version: 1.2.4 Tested on: Windows 10 CVE: CVE-2021-24274 1. Description: The plugin did not sanitize the t...

6.1CVSS6.3AI score0.17638EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/09/28 12:0 a.m.229 views

WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.14 Tested on: Windows 10 CVE: CVE-2021-24276 1. Description: The Contact Form by Supsystic...

6.1CVSS6.3AI score0.16044EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/07/28 12:0 a.m.229 views

Event Registration System with QR Code 1.0 - Authentication Bypass

Exploit Title: Event Registration System with QR Code 1.0 - Authentication Bypass & RCE Exploit Author: Javier Olmedo Date: 27/07/2021 Vendor: Sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/event0.zip Affected Version: 1.0 Category: WebApps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/19 12:0 a.m.229 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection Authenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.229 views

Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server Unauthenticated Command Injection Vulnerability', 'Description' = %q This module exploits an unauthenticated command injection...

10CVSS7AI score0.87987EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/12/21 12:0 a.m.229 views

Point of Sale System 1.0 - Multiple Stored XSS

Exploit Title: Point of Sale System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-18 Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/28 12:0 a.m.229 views

Outlook Password Recovery 2.10 - Denial of Service

Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2015/06/10 12:0 a.m.229 views

GeoVision (GeoHttpServer) Webcams - Remote File Disclosure

!/usr/bin/python import os import sys import socket import binascii ''' Title : GeoVision GeoHttpServer WebCams Remote File Disclosure Exploit CVE-ID : none Product : GeoVision System : GeoHttpServer Affected : 8.3.3.0 may be more Impact : Critical Remote : Yes Website link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/11/07 12:0 a.m.229 views

MiniShare 1.4.1 - Remote Buffer Overflow (1)

/ MiniShare ---- EXTRA ---- Update the JMP ESP if you need. A wrong offset will crash minishare. Code tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English Others MiniShare's versions aren't tested. Tip: If it crashes for you , try to play with Sleep... ---...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.228 views

MiniCMS 1.1 - Cross Site Scripting (XSS)

Exploit Title: MiniCMS 1.1 - Cross Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link: https://github.com/bg5sbk/MiniCMS Version: 1.10 Tested on: Ubuntu Windows CVE : CVE-2018-1000638 PoC: GET...

6.1CVSS6.4AI score0.02191EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/03/28 12:0 a.m.228 views

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Exploit Title: Progress Telerik Report Server 2024 Q1 10.0.24.305 - Authentication Bypass Fofa Dork: title="Telerik Report Server" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4358 Vendor Homepage: https://www.telerik.com/report-server Software...

9.8CVSS9.7AI score0.97482EPSS
Exploits14
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.228 views

PimpMyLog v1.7.14 - Improper access control

Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.228 views

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.228 views

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.228 views

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2023-04-05 Vendor : https://www.eset.com Version : 16.0.26.0 Tested on OS: Microsoft Windows 11 pro x64 PoC : ============== C:\sc qc ekrn SC QueryServiceConfig SUCCE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.228 views

Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path

Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path Discovery by: Johto Robbie Discovery Date: May 12, 2021 Tested Version: 2.52.13001.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 Home Step to discover Unquoted Service Path: Go to Start and ty...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/02 12:0 a.m.228 views

Dolibarr ERP 14.0.1 - Privilege Escalation

Exploit Title: Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Date: April 8, 2021 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.dolibarr.org/ Affected Version: = 14.0.1 Patch: https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d Summary: Using the below...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.228 views

Projectsend r1295 - 'name' Stored XSS

Exploit Title: Projectsend r1295 - 'name' Stored XSS Date: 30.08.2021 Exploit Author: Abdullah Kala Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/387/ Version: r1295 Tested on: Ubuntu 18.04 Description: Firstly add client group. After uploading...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/18 12:0 a.m.228 views

Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS

Exploit Title: Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-18 Vendor Homepage: https://xeroneit.net/ Software Link: https://xeroneit.net/portfolio/library-management-system-lms Affected Version: Version 3.1 Tested on: Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.228 views

Online Course Registration 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/18 12:0 a.m.228 views

Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection

Exploit Title: Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection Exploit Author: jul10l1r4 Julio Lira Google Dork: N/A Date: 2020-05-16 Vendor Homepage: https://mikrotik.com Software Link: https://mikrotik.com/download Version: = 1.2.3 Tested on: Debian 10 buster CVE: 2020-13118...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/30 12:0 a.m.228 views

Zen Load Balancer 3.10.1 - Remote Code Execution

Exploit Title: Zen Load Balancer 3.10.1 - Remote Code Execution Google Dork: no Date: 2020-03-28 Exploit Author: Cody Sixteen Vendor Homepage: https://code610.blogspot.com Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Versio...

9CVSS7AI score0.03415EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/02/17 12:0 a.m.228 views

SOPlanning 1.45 - Cross-Site Request Forgery (Add User)

Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/05 12:0 a.m.228 views

Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path

Exploit Title: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path Date: 2019-11-09 Exploit Author: Diego Armando Buztamante Rico Vendor Homepage: www.bluestacks.com Software Link: www.bluestacks.com Version: 2.4.44.62.57 Tested on: Windows 8.1 Pro CVE: NA Description...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/29 12:0 a.m.228 views

Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path

Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.228 views

SeedDMS versions < 5.1.11 - Remote Command Execution

Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now go to...

7.5CVSS7.8AI score0.11696EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.228 views

phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...

8.8CVSS7.4AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2012/05/11 12:0 a.m.228 views

PHP 5.4.3 (Windows x86 Polish) - Code Execution

// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.228 views

MiniShare 1.4.1 - Remote Buffer Overflow (Metasploit)

$Id: minisharegetoverflow.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.5CVSS7AI score0.71908EPSS
Exploits9
Total number of security vulnerabilities5000