Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/03/21 12:0 a.m.70 views

Rails 5.2.1 - Arbitrary File Content Disclosure

''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2,...

7.5CVSS8AI score0.98507EPSS
Exploits18
Exploit DB
Exploit DB
added 2019/03/21 12:0 a.m.62 views

DVD X Player 5.5.3 - '.plf' Buffer Overflow

!/usr/bin/env python Exploit Title: DVD X Player 5.5.3 Buffer Overflow Date: 20.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://www.dvd-x-player.com Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup-Standard.exe Version: 5.5.3.8 and above...

7.8CVSS7.7AI score0.04878EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/03/21 12:0 a.m.44 views

Netartmedia Vlog System - 'email' SQL Injection

Exploit Title: Netartmedia Vlog System - 'email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/vlogsystem/ Demo Site: https://www.phpscriptdemos.com/vlogs/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Request...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/21 12:0 a.m.29 views

uHotelBooking System - 'system_page' SQL Injection

Exploit Title: uHotelBooking System - 'systempage' SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.hotel-booking-script.com Demo Site: https://www.hotel-booking-script.com/demo/ Version: Lastest Tested on: Kali Linux CVE: N/A Description: uHotelBookin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.157 views

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery

Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-cross-site-request-forgery-csrf/ Vendor: ChinaMobile Category: Hardware Version:...

8.8CVSS8.8AI score0.03041EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.51 views

Netartmedia Deals Portal - 'Email' SQL Injection

Exploit Title: Netartmedia Deals Portal - 'Email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/dealsportal/ Demo Site: https://www.phpscriptdemos.com/deals/i Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC: SQLi -----...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.285 views

PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control

Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-incorrect-access-control/ Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-C...

8.8CVSS8.8AI score0.07526EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.44 views

Netartmedia PHP Business Directory 4.2 - SQL Injection

Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on: Kali Linux CVE: N/A ----- PoC SQLi ----- Request:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.45 views

Netartmedia PHP Dating Site - SQL Injection

Exploit Title: Netartmedia Php Dating Site - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Linux CVE: N/A Description: PHP Dating Site is ...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.245 views

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/propertyagency/ Demo Site: https://www.phpscriptdemos.com/agency/ Version: 4.0 Tested on: Kali Linux CVE: N/A Description:PHP Real...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.33 views

NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow

Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow Date: 2019-03-19 Vendor Homepage: http://netsharewatcher.nsauditor.com Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Exploit Author: Peyman Forouzan Tested Version: 1.5.8.0 Tested on: Windows XP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.43 views

Netartmedia Jobs Portal 6.1 - SQL Injection

Exploit Title: Netartmedia Jobs Portal 6.1 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/jobsportal/ Demo Site: https://www.ittjobs.com/ Version: 6.1 Tested on: Kali Linux CVE: N/A ----- PoC SQLi ----- Request:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.129 views

Netartmedia PHP Car Dealer - SQL Injection

Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali Linux CVE: N/A Description:The PHP Car Dealer...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/20 12:0 a.m.66 views

202CMS v10beta - Multiple SQL Injection

=========================================================================================== Exploit Title: 202CMS - 'loguser' SQL Inj. Dork: N/A Date: 20-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/b202cms/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.91 views

Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML

!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.48 views

Google Chrome < M73 - Double-Destruction Race in StoragePartitionService

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback from the same BindingSet, which...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.33 views

Netartmedia PHP Mall 4.1 - SQL Injection

Exploit Title: Netartmedia PHP Mall 4.1 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/mall/ Demo Site: https://www.phpscriptdemos.com/mall/ Version: 4.1 Tested on: Kali Linux CVE: N/A Description: PHP Mall is one of the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.51 views

Google Chrome < M73 - MidiManagerWin Use-After-Free

MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int, and there is no check that it hasn't overflowed, unlike i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.81 views

eNdonesia Portal 8.7 - Multiple Vulnerabilities

=========================================================================================== Exploit Title: eNdonesia Portal 'banners.php' SQL Inj. Dork: N/A Date: 19-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://www.endonesia.org/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.48 views

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting

Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Date: 3/8/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu 18.04 CVE: CVE-2019-9650 1. Description: This plugin...

6.1CVSS6.3AI score0.03393EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.74 views

Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject

Attached is a PoC file that bypasses Flash click2play in Microsoft Edge. This was tested on Windows 10 64bit v 1809 with the latest patches applied. The PoC currently loads a swf from wwwimages.adobe.com screenshot attached, but can load a swf from any domain and also the PoC itself can be hosted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.60 views

Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently. See the comment in the code: ExtensionsGuestViewMessageFilter::ExtensionsGuestViewMessageFilter DCHECKCURRENTLYONBrowserThread::IO; // This map is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.46 views

Advanced Host Monitor 11.92 beta - Local Buffer Overflow

!/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date: 2019-03-18 Author: Peyman Forouzan Tested Against: Winxp SP2...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.89 views

Gila CMS 1.9.1 - Cross-Site Scripting

Exploit Title: Gila CMS search Cross Site Scripting Google Dork: intext:"Powered By Gila CMS" Date: 11.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://gilacms.com Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip Demo Site: https://gilacms.com/demo/ Version:...

6.1CVSS6.6AI score0.02261EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.70 views

Microsoft VBScript - VbsErase Memory Corruption

r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.104 views

Google Chrome < M73 - FileSystemOperationRunner Use-After-Free

There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine whether OperationID // wrap-around is occurring in the wild...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.74 views

libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons

When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ and arithmetic comparisons LT, LE, GE, GT. Bitwise comparisons...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.129 views

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins ACL Bypass and Metaprogramming RCE', 'Description' = %q This module exploits a vulnerability in Jenkins dynamic routing to bypass the...

7.8AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.33 views

Netartmedia Real Estate Portal 5.0 - SQL Injection

Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/realestate/ Demo Site: https://www.phpscriptdemos.com/realestate/ Version: 5.0 Tested on: Kali Linux CVE: N/A Description: The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.48 views

Netartmedia Event Portal 2.0 - 'Email' SQL Injection

Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/eventportal/ Demo Site: https://www.phpscriptdemos.com/events/ Version: 2.0 Tested on: Kali Linux CVE: N/A Description: Event Portal ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/18 12:0 a.m.205 views

BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Powershell @deflater = nil...

7.8CVSS7.4AI score0.07488EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/03/18 12:0 a.m.84 views

TheCarProject 2 - Multiple SQL Injection

=========================================================================================== Exploit Title: TheCarProject v2 - 'manid' SQL Inj. Dork: N/A Date: 17-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://thecarproject.org/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/18 12:0 a.m.68 views

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service

Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit Date: 16.03.2019 Vendor Homepage:http://www.winavi.com Software Link: http://www.winavi.com/user/download/WinAVIiPod3GPMP4PSPConverter.exe Exploit Author: Achilles Tested Version: 4.4.2 Tested on: Windows XP SP3 EN Windows 7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/18 12:0 a.m.57 views

WinMPG Video Convert 9.3.5 - Denial of Service

Exploit Title: WinMPG Video Convert Local Dos Exploit Date: 15.03.2019 Vendor Homepage:http://www.winmpg.com Software Link: http://www.winmpg.com/down/WinMPGVideoConvert.zip Exploit Author: Achilles Tested Version: 9.3.5 and older ones Tested on: Windows XP SP3 EN 1.- Run python code :WinMPG.py 2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.57 views

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4.0 CVE : CVE-2014-10078,CVE-2014-10079 Description StoreGrid...

6.1CVSS5.5AI score0.08749EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.45 views

ICE HRM 23.0 - Multiple Vulnerabilities

=========================================================================================== Exploit Title: ICE HRM - ’ob’ SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link: https://sourceforge.net/projects/icehrm/ Version: v23.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.52 views

Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow

Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None !/usr/bin/python This script started from PWK, Chapter 6 I a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.204 views

NetData 1.13.0 - HTML Injection

Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage: https://my-netdata.io/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.38 views

Laundry CMS - Multiple Vulnerabilities

=========================================================================================== Exploit Title: Laundry CMS clothcode SQL Inj. Dork: N/A Date: 09-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://laundry.rpcits.co.in/ Software Link: https://sourceforge.net/projects/laundr...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.199 views

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/15 12:0 a.m.299 views

Moodle 3.4.1 - Remote Code Execution

php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure you're running a netcat listener on the...

8.8CVSS8.7AI score0.32234EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/14 12:0 a.m.96 views

Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)

history.pushState'', 't00t', 'index.php' input type="hidden" name="dbTableU...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/14 12:0 a.m.67 views

FTPGetter Standard 5.97.0.177 - Remote Code Execution

Exploit Title: FTPGetter Standard - v.5.97.0.177 Remote Code Execution Date: 05/03/2019 Exploit Author: https://github.com/w4fz5uck5 | @w4fz5uck5 Vendor Homepage: https://www.ftpgetter.com Software Link: https://www.ftpgetter.com/ftpgettersetup.exe Version: v.5.97.0.177 Tested on: Windows 7 x64 C...

9.8CVSS9.7AI score0.53093EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/03/14 12:0 a.m.67 views

Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution

""" Exploit Title: Apache UNO API RCE Date: 2018-09-18 Exploit Author: sud0woodo Vendor Homepage: https://www.apache.org/ Software Link: https://www.openoffice.org/api/ Version: LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 but really any version with the UNO API included Tested on: Ubuntu Mate...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/14 12:0 a.m.93 views

Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution

Exploit Title: Pegasus extrafields.php Plugin Remote Code Execution Date: 14 March 2019 Exploit Author: R3zk0n Vendor Homepage: https://www.wisdom.com.au/web/pegasus-cms Software Link: N/A Version: 1.0 Tested on: Linux CVE : N/A The Pegasus CMS is vulnerable to directory travaseral and Remote cod...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.244 views

elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...

9.8CVSS9.5AI score0.96633EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.75 views

Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal

Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Google Dork: N/A Date: 4/27/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link: http://www.coreftp.com/server/index.html Version: Firmware: CoreFTP Server FTP / SFTP Serv...

5.3CVSS5.3AI score0.1433EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.149 views

Microsoft Windows - '.reg' File / Dialog Box Message Spoofing

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt + ISR: ApparitionSec Vendor www.microsoft.com Product A file with the .reg file extension is a Registration file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.92 views

Apache Tika-server < 1.18 - Command Injection

Description: This is a PoC for remote command execution in Apache Tika-server. Versions Affected: Tika-server versions " print "Example: python CVE-2018-1335.py localhost 9998 calc.exe" else: host = sys.argv1 port = sys.argv2 cmd = sys.argv3 url = host+":"+strport+"/meta" headers =...

9.3CVSS8.1AI score0.93972EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/03/13 12:0 a.m.45 views

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953 Introduction pfSense® software is a free...

7.4AI score
Exploits0
Total number of security vulnerabilities47904