Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.80 views

Modern POS 1.3 - SQL Injection

Exploit Title: Modern POS 1.3 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.73 views

Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection

Exploit Title: Craigs CMS 1.0.2 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/craigs-cms-directory-listing-theme/22431565 Version: 1.0.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.79 views

Real Estate Custom Script 2.0 - SQL Injection

Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0 Category: Webapps Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.60 views

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation

Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.90 views

Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation

/ Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version - 1.2.0.1000 - dokan1.sys Software package -...

7.8CVSS7.7AI score0.01594EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.112 views

Job Portal Platform 1.0 - SQL Injection

Exploit Title: Job Portal 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/job-portal-platform-a-complete-job-portal-website/21916934 Version: 1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.87 views

Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation

Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary Summary: Performing an NTLM authentication to the same machine results in a network...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.134 views

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4 Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.90 views

Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation

Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object doesn’t verify its caller correctly allowing one user to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.133 views

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The COM Desktop Broker doesn’t correctly check permissions...

10CVSS7.6AI score0.23425EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.73 views

AudioCode 400HD - Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

9CVSS8.8AI score0.6819EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.80 views

Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation

Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure al...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.63 views

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass

Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.98 views

Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution Date: -...

9.8CVSS9.7AI score0.03903EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/13 12:0 a.m.50 views

S-nail < 14.8.16 - Local Privilege Escalation

!/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling /var/tmp/.privget.c ... . Adding /var/tmp/.snail.s...

7CVSS7.1AI score0.01015EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/13 12:0 a.m.41 views

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)

!/bin/bash SUroot - Local root exploit for Serv-U FTP Server versions prior to 15.1.7 CVE-2019-12181 Bash variant of Guy Levin's Serv-U FTP Server exploit: - https://github.com/guywhataguy/CVE-2019-12181 --- user@debian-9-6-0-x64-xfce:/Desktop$ ./SUroot Launching Serv-U ... sh: 1: : Permission...

8.8CVSS9AI score0.65981EPSS
Exploits13
Exploit DB
Exploit DB
added 2019/01/12 12:0 a.m.33 views

ASAN/SUID - Local Privilege Escalation

!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.42 views

Adapt Inventory Management System 1.0 - SQL Injection

Exploit Title: Adapt Inventory Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.adaptinventory.com/ Software Link: https://codecanyon.net/item/adapt-inventory-management-system/22838514 Version: 1.0 Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.46 views

Joomla! Component JoomProject 1.1.3.2 - Information Disclosure

Exploit Title: Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomprojec...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.47 views

Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Code Blocks 17.12 - Local Buffer Overflow SEHUnicode Date: 01-10-2019 Vulnerable Software: Code Blocks 17.12 Vendor Homepage: http://www.codeblocks.org/ Version: 17.12 Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.33 views

Paint Studio 2.17 - Denial of Service (PoC)

Exploit Title: Paint Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpaintstudioinstall.exe Version: 2.17 Category: Dos Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.289 views

Joomla! Component JoomCRM 1.1.1 - SQL Injection

Exploit Title: Joomla! Component JoomCRM 1.1.1 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/ Version: 1.1.1 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.47 views

Liquid Studio 2.17 - Denial of Service (PoC)

Exploit Title: Liquid Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbliquidstudioinstall.exe Version: 2.17 Category: Dos Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.36 views

Pixel Studio 2.17 - Denial of Service (PoC)

Exploit Title: Pixel Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudioinstall.exe Version: 2.17 Category: Dos Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.196 views

Blob Studio 2.17 - Denial of Service (PoC)

Exploit Title: Blob Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudioinstall.exe Version: 2.17 Category: Dos Tested on: WiN7x64/KaLiLinuXx...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.40 views

Selfie Studio 2.17 - Denial of Service (PoC)

Exploit Title: Selfie Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbselfiestudioinstall.exe Version: 2.17 Category: Dos Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.42 views

Tree Studio 2.17 - Denial of Service (PoC)

Exploit Title: Tree Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbtreestudioinstall.exe Version: 2.17 Category: Dos Tested on: WiN7x64/KaLiLinuXx...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.45 views

Luminance Studio 2.17 - Denial of Service (PoC)

Exploit Title: Luminance Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbluminancestudioinstall.exe Version: 2.17 Category: Dos Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/11 12:0 a.m.19589 views

OpenSSH SCP Client - Write Arbitrary Files

''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 We have nicknamed this...

6.8CVSS6.8AI score0.58204EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.52 views

doitX 1.0 - 'search' SQL Injection

Exploit Title: doitX 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://mybizcms.com/ Software Link: https://codecanyon.net/item/doitx/23041037 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.73 views

eBrigade ERP 4.5 - Arbitrary File Download

!/usr/bin/python import mechanize, sys, cookielib, requests import colorama, urllib, re, random, urllib2 import wget from colorama import Fore from tqdm import tqdm from pathlib import Path def bannerche: print ''' @-------------------------------------------------------------@ | eBrigade ERP "...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.66 views

Architectural 1.0 - 'email' SQL Injection

Exploit Title: Architectural Cms 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/architectural-multipage-theme-admin-panel/20968597 Version: 1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.55 views

RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass Date: 01-09-2018 Vulnerable Software: RGui 3.5.0 Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.84 views

PEAR Archive_Tar < 1.4.4 - PHP Object Injection

PEAR ArchiveTar temptarname will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible. Steps to reproduce object injection and arbitrary file deletion: 1. Make sure that PHP & PEAR are installed. 2. Download vulnerable PEAR...

8.8CVSS8.4AI score0.19207EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.53 views

OpenSource ERP 6.3.1. - SQL Injection

Exploit Title: OpenSource ERP SQL Injection Date: 10.01.2019 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.nelson-it.ch Software Link: http://sourceforge.net/projects/opensourceerp/files/Windows/erp6.3.1.exe/download Version: v6.3.1 Tested on: Windows CVE-2019-5893...

9.8CVSS9.6AI score0.2471EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.57 views

eBrigade ERP 4.5 - SQL Injection

Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4.5 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.55 views

Shield CMS 2.2 - 'email' SQL Injection

Exploit Title: SHIELD - Freelancer Content Management System 2.2 - SQL Injection / CSRF Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/shield-content-management-system/18833498 Version: 2.2 Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.54 views

Matrix MLM Script 1.0 - Information Disclosure

Exploit Title: Matrix MLM Script 1.0 - Information Leakage Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link: https://codecanyon.net/item/mlmpro-multistage-forced-matrix-mlm-script/23050292 Version: 1.0 Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.59 views

Event Calendar 3.7.4 - 'id' SQL Injection

Exploit Title: Event Calendar 3.7.4 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-calendar-phpmysql-plugin/19246267 Version: 3.7.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.56 views

MLMPro 1.0 - SQL Injection

Exploit Title: Matrix MLM Script 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link: https://codecanyon.net/item/mlmpro-multistage-forced-matrix-mlm-script/23050292 Version: 1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/10 12:0 a.m.61 views

Event Locations 1.0.1 - 'id' SQL Injection

Exploit Title: Event Locations 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679 Version: 1.0.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.291 views

Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sharepoint-ruby' class MetasploitModule 'DOS Vulnerability in SharePoint 2016 Server', 'Description' = %q A vulnerability in Microsoft SharePoint Server could...

7.5CVSS7.9AI score0.25745EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.50 views

BlogEngine 3.3 - XML External Entity Injection

XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage: https://blogengine.io/ Vulnerability: XML Extern...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.287 views

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)

function main var vArr = new Array; var bigArray = new Array0x20000000; vArr0 = String.prototype.toLowerCase.callbigArray; vArr1 = String.prototype.toLowerCase.callbigArray; vArr2 = String.prototype.toLowerCase.callbigArray;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.55 views

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/ Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.72 views

polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork

/ When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt being shown to the user, asking the user to confirm the action by enteri...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.91 views

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...

6.1CVSS6.5AI score0.01897EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.84 views

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion

Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/08 12:0 a.m.45 views

Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection

Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Version: v8.0.4 Category: Webapps Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/08 12:0 a.m.54 views

CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation

!/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage: https://davidtavarez.github.io/ Software Link:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904