Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.31 views

Simple Online Hotel Reservation System - SQL Injection

Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/ Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.75 views

Joomla! Component J2Store < 3.3.7 - SQL Injection

Exploit Title: J2Store Plugin for Joomla! 3.3.6 - SQL Injection Date: 19/02/2019 Author: Andrei Conache Twitter: @andreiconache Contact: andrei.conacheatprotonmail.com Software Link: https://www.j2store.org Version: 3.x-3.3.6 Tested on: Linux CVE: CVE-2019-9184 1. Description: J2Store is the most...

9.8CVSS9.6AI score0.0898EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.29 views

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/ Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.115 views

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

!/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm method of GPON ONT. We can also exploit this issue aft...

9.8CVSS9.6AI score0.92887EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.40 views

TransMac 12.3 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service PoC Date: 27/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.acutesystems.com/ Software Link: https://www.acutesystems.com/tmac/tmsetup.exe Version: 12.3 Tested on: Windows 10 Proof of Concept: 1.- R...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.80 views

Usermin 1.750 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.74 views

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)

Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/ Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.275 views

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/28 12:0 a.m.52 views

WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service

Exploit Title: Buffer overflow Date: 27-02-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375 References: https://nvd.nist.gov/vuln/detail/CVE-2019-83...

9.8CVSS9.3AI score0.16113EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/02/27 12:0 a.m.546 views

PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write

&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...

8.8CVSS9AI score0.64265EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.187 views

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution

!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...

8.8CVSS8.2AI score0.98428EPSS
Exploits17
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.45 views

News Website Script 2.0.5 - SQL Injection

Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link : https://www.phpscriptsmall.com/product/news-website-script/ Tested Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.90 views

zzzphp CMS 1.6.1 - Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

7.2CVSS7.2AI score0.31421EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.46 views

Advance Gift Shop Pro Script 2.0.3 - SQL Injection

Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 21, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link : https://www.phpscriptsmall.com/product/gifts-shop/ Tested Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.54 views

Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)

Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Google Dork: N/A Date: 2019-02-24 Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1 Tested on: Windows XP CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.130 views

Drupal < 8.6.9 - REST Module Remote Code Execution

!/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce https://twitter.com/jcran/status/1099206271901798400 Sample usage: $ python...

8.1CVSS8.3AI score0.91919EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.249 views

PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection

Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/23 12:0 a.m.1304 views

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution

Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short raises an exception if a string is provided for a value...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.85 views

Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Authenticated SQL Server SQLi', 'Description' = %q The Nuuo Central Management Server allows an authenticated user to que...

8.8CVSS7.4AI score0.60791EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.73 views

Teracue ENC-400 - Command Injection / Missing Authentication

Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they are not all resolved with the latest version of the...

10CVSS7.8AI score0.15362EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.111 views

Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...

7.8CVSS7AI score0.08951EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.102 views

Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution

Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...

9.8CVSS9.6AI score0.10001EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.246 views

WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

/ https://github.com/WebKit/webkit/blob/3fff8c40c665a09de5e3ede46fc35908f69353c3/Source/JavaScriptCore/runtime/Lookup.hL392 if value.attributes & PropertyAttribute::PropertyCallback JSValue result = value.lazyPropertyCallbackvm, &thisObj; thisObj.putDirectvm, propertyName, result,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/22 12:0 a.m.80 views

WinRAR 5.61 - Path Traversal

!/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below targetfilename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Sta...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.83 views

RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)

Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Category: Local Contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.117 views

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection

Exploit Title: C4G Basic Laboratory Information System BLIS 3.4 - Multiples SQL Injection Date: 01/31/2019 Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php Version: C4G Basic Laboratory Information System v3.4 Exploit Author: Carlos Avila Category: webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.60 views

AirDrop 2.0 - Denial of Service (DoS)

include include include include include include include include include include include // // Author: Marcelo Vázquez aka s4vitar // AirDrop 2.0 Remote Denial of Service DoS // // Exploit Title: AirDrop 2.0 Remote Denial of Service DoS // Date: 2019-02-21 // Exploit Author: Marcelo Vázquez aka...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.472 views

Memu Play 6.0.7 - Privilege Escalation

Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.59 views

ScreenStream 3.0.15 - Denial of Service

!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ScreenStream 3.0.15 Remote Denial of Service DoS Exploit Title: ScreenStream 3.0.15 Remote Denial of Service DoS Date: 2019-02-21 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: http://mobzapp.com/mirroring/index.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.53 views

Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)

-- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudiox64lin-deb?format=raw Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.53 views

EI-Tube 3 - SQL Injection

Exploit Title: PHP EI-Tube Script - Sql Injection Date: 2019-02-21 Exploit Author: Meisam Monsef - [email protected] Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks : Alireza Noorkazemi - A-H - Akhzari...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.272 views

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can be found here: https://www.youtube.com/watch?v=CxyOtsNVgFg A Tenable Research...

7.5CVSS7.6AI score0.15697EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/02/21 12:0 a.m.55 views

Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max Version .0a Tested on: Win XP SP3 CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.536 views

Belkin Wemo UPnP - Remote Code Execution (Metasploit)

V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.55 views

WinRAR 5.61 - '.lng' Denial of Service

Exploit Title: WinRAR 5.61 - Denial of Service Author: Kağan Çapar Discovery Date: 2019-02-20 Software Link: https://win-rar.com/predownload.html?spV=true&subD=true&f=wrar561tr.exe Vendor Homepage : https://www.win-rar.com Tested Version: 5.61 32 Bit Tested on OS: Windows 10 Education 64 Bit Step...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.78 views

Android Kernel < 4.8 - ptrace seccomp Filter Bypass

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.72 views

FaceTime - Texture Processing Memory Corruption

There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. thread 7, stop reason = EXCBADACCESS code=EXCI386GPFLT frame 0: 0x00007fff56baaa92 CoreVideoCVMetalTextureBacking::releaseBackingUsage + 20 fra...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.59 views

HotelDruid 2.3 - Cross-Site Scripting

=========================================================================================== Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection CVE: CVE-2019-8937 Date: 18-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ Software Link:...

6.1CVSS6.5AI score0.1068EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.86 views

MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL. $ gdb -q --args...

7.5CVSS4.2AI score0.03182EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/02/20 12:0 a.m.34 views

FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)

Exploit Title: FTPShell Server 6.83 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-20 Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/downloadserver.htm Tested Version: 6.83 Tested on: Windows 7 x64 Service Pack 1 Steps to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.54 views

Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting

Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://zuz.host/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.440 views

Listing Hub CMS 1.0 - 'pages.php id' SQL Injection

Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.172 views

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)

In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by Grape. However, the next problem is how to execute code? By diving into Grape implementation on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.56 views

eDirectory - SQL Injection

Exploit Title: Admin auth bypass, SQLi and File Disclosure Google Dork: no defacers please ! Date: March 2019 reported to vendor without response :D Exploit Author: Efren Diaz Author contact: https://twitter.com/elefr3n Vendor Homepage: https://www.edirectory.com/ Software Link: not available...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.51 views

Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection

Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 19, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.24 views

Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC)

Exploit Title: Valentina Studio 9.0.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: https://valentina-db.com/en/ Software Link: https://valentina-db.com/en/developer/database/download-valentina-database-adk Tested Version: 9.0.4 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.41 views

BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)

Exploit Title: BulletProof FTP Server 2019.0.0.50 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.41 views

NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC)

Exploit Title: NetSetMan 4.7.1 'Workgroup' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-17 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows 10 Single Language x64 / Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.82 views

Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection

Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/19 12:0 a.m.75 views

Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting

!-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc Software Link: https://www.ma...

6.1CVSS5.6AI score0.11817EPSS
Exploits8
Total number of security vulnerabilities47904