Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.48 views

SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion

Exploit Title: SeoToaster Ecommerce 3.0.0 - Local File Inclusion Dork: N/A Date: 2019-01-17 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.seotoaster.com/shopping-cart/ Software Link: https://www.seotoaster.com/downloads/seotoaster.v3.0.0.zip Version: 3.0.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.41 views

VPN Browser+ 1.1.0.0 - Denial of Service (PoC)

Exploit Title: VPN Browser+ 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NFFFFS5Z2C7 Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a ne...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.122 views

phpTransformer 2016.9 - SQL Injection

Exploit Title: phpTransformer 2016.9 - SQL Injection Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release2016.9.zip Version: 2016.9 Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.92 views

Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free

/ The JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it's essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.123 views

phpTransformer 2016.9 - Directory Traversal

Exploit Title: phpTransformer 2016.9 - Directory Traversal Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release2016.9.zip Version: 2016.9 Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.34 views

Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion

/ In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties. For...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.226 views

Microsoft Edge Chakra - 'InitClass' Type Confusion

/ Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value; function main for let i = 0; i 2000; i++ let o = a: ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.43 views

FastTube 1.0.1.0 - Denial of Service (PoC)

Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new fi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/18 12:0 a.m.83 views

Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings

Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Date: 18/01/2019 Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage: https://www.joomla.org/ Affected Versions: Joomla versions 2.5.0 through 3.9.1 Tested on: Joomla 3.9.1 CVE :...

4.8CVSS5.3AI score0.035EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/17 12:0 a.m.103 views

Microsoft Windows CONTACT - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft .CONTACT File...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/17 12:0 a.m.60 views

Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation

Exploit Title: Check Point ZoneAlarm Local Privilege Escalation Date: 1/16/19 Exploit Author: Chris Anastasio Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/ Software Link: Vulnerable Versions included in repo Version: ZoneAlarm Free Antivirus + Firewall version: 15.3.064.1772...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/17 12:0 a.m.66 views

Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting

Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3 REQUIRED Tested on: Windows 10 CVE : CVE-2019-2413 POC:...

6.1CVSS6.8AI score0.06466EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.58 views

NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage: https://ntpsec.org/ Software Link:...

9.1CVSS9.5AI score0.66881EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.63 views

Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)

Exploit Title: Spotify 1.0.96.181 - "Proxy configuration" Denial of Service PoC Discovery by: Aaron V. Hernandez Discovery Date: 2019-01-15 Vendor Homepage: https://www.spotify.com Software Link: https://www.spotify.com/mx/download/windows/ Tested Version: 1.0.96.181 Vulnerability Type: Denial of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.112 views

Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset

history.pushState'', '', '/'...

10CVSS9.8AI score0.53612EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.108 views

Fortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure

/usr/bin/python3 """ CVE-2018-13374 Publicado por Julio Ureña PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo: python3 CVE-2018-13374.py -f https://FortiGateIP -u...

4.3CVSS5.1AI score0.38088EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.57 views

doorGets CMS 7.0 - Arbitrary File Download

Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link: https://netix.dl.sourceforge.net/project/doorgets-cms/doorGets%20CMS%20V7/doorGetsCMSV7.0.zip Version: 7.0 Category: Webapps...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.108 views

Roxy Fileman 1.4.5 - Arbitrary File Download

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php Version: 1.4.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.52 views

NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread2 Vendor Homepage: https://ntpsec.org/ Software Link:...

9.1CVSS9.5AI score0.45719EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.58 views

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free

/ The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collection via rope strings. As a result, it can lead to UaF. PoC: ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.98 views

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free

Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.187 views

Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main int argc, char argv int sock = 0, bytesread = 0, total = 0, functio...

9.8CVSS9.8AI score0.97107EPSS
Exploits15
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.76 views

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length

function main var ar = ; forlet i = 0; i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.43 views

NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC)

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-npe Vendor Homepage: https://ntpsec.org...

6.5CVSS6.8AI score0.14076EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.58 views

GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal

Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://www.gl-inet.com/ Software Link: https://www.gl-inet.com/products/gl-ar300m/ Version: Firmware version...

8.8CVSS7AI score0.12537EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.54 views

NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-oobwrite Vendor Homepage:...

6.5CVSS6.8AI score0.1371EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.72 views

Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation

Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: A number of Partial Trust Windows Runtime classes...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.77 views

blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'blueman setdhcphandler D-Bus Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a Python code...

8.4CVSS7.4AI score0.0634EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/01/16 12:0 a.m.63 views

ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution

Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage: https://www.mitel.com/ Version: 19.49.5200.0 and very likely many...

10CVSS7AI score0.19715EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/01/15 12:0 a.m.76 views

1Password < 7.0 - Denial of Service

Description The 1Password application 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/15 12:0 a.m.150 views

Microsoft Windows VCF - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product A VCF file is a...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/15 12:0 a.m.85 views

ownDMS 4.7 - SQL Injection

Exploit Title: ownDMS 4.7 - SQL Injection Dork: N/A Date: 2019-01-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.owndms.com/ Software Link: https://datapacket.dl.sourceforge.net/project/owndms/owndms47.zip Version: 4.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.62 views

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass

Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.80 views

Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation

Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure al...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.98 views

Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution Date: -...

9.8CVSS9.7AI score0.03903EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.73 views

AudioCode 400HD - Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

9CVSS8.8AI score0.6819EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.133 views

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The COM Desktop Broker doesn’t correctly check permissions...

10CVSS7.6AI score0.23425EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.61 views

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation

Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.85 views

Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation

Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary Summary: Performing an NTLM authentication to the same machine results in a network...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.90 views

Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation

/ Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version - 1.2.0.1000 - dokan1.sys Software package -...

7.8CVSS7.7AI score0.01594EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.60 views

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation

Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.121 views

i-doit CMDB 1.12 - Arbitrary File Download

Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.62 views

i-doit CMDB 1.12 - SQL Injection

Exploit Title: i-doit CMDB 1.12 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.109 views

Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection

Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link: https://codecanyon.net/item/live-call-support-widget-software-online-calling-web-application/22532799 Version: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.90 views

Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation

Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object doesn’t verify its caller correctly allowing one user to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.95 views

Modern POS 1.3 - Arbitrary File Download

Exploit Title: Modern POS 1.3 - Arbitrary File Download Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3 Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.79 views

Real Estate Custom Script 2.0 - SQL Injection

Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0 Category: Webapps Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.133 views

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4 Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.90 views

xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation

!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...

7.2CVSS7.1AI score0.2704EPSS
Exploits39
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.63 views

Horde Imp - 'imap_open' Remote Command Execution

Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Date: 10/01/2019 Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link: https://www.horde.org/download/imp Version: All...

7AI score
Exploits0
Total number of security vulnerabilities47904