Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/01/08 12:0 a.m.45 views

Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection

Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Version: v8.0.4 Category: Webapps Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.41 views

All in One Video Downloader 1.2 - (Authenticated) SQL Injection

Exploit Title: All in One Video Downloader 1.2 - SQL Injection Google Dork: "developed by Niche Office" Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://nicheoffice.web.tr/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.48 views

Embed Video Scripts - Persistent Cross-Site Scripting

Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.43 views

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Date : 10/12/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows Server 2016 Standard x64 CVE : CVE-2018-18435 Description: ============ KioWa...

7.8CVSS7.7AI score0.01375EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.39 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery

input type="hidden" name="...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.44 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection

function submitRequest...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.135 views

WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.56 views

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference

function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.45 views

phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: phpMoAdmin 1.1.5 - MongoDB GUI | Multiple Vulnerabilities Date: 03.01.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmoadmin.com Software Link: http://www.phpmoadmin.com/file/phpmoadmin.zip Version: 1.1.5 Introduction phpMoAdmin - MongoDB GUI MongoDB administration...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.58 views

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting

Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Date: 21/12/2018 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-CN Firmware: W2001EN-00...

6.1CVSS6.3AI score0.04822EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.88 views

MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting

Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Date: 12/31/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-3501 1. Description: OUGC Awards...

4.8CVSS5.1AI score0.02353EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.71 views

Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)

Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Date: 01/07/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version: 21.210.09.00.158 Tested on: Windows 10 x64 CVE: CVE-2014-5395 Note: The...

6.8CVSS6.5AI score0.00922EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.52 views

Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-04 Vendor Homepage: https://www.foscam.es/ Software Link : https://www.foscam.es/descarga/FoscamVMS1.1.4.9.zip Tested Version: 1.1.4.9 Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.40 views

MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection

Exploit Title: MyT-PM 1.5.1 - 'Chargegrouptotal' SQL Injection Date: 03.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://manageyourteam.net/ Software Link: https://sourceforge.net/projects/myt/ Version: v1.5.1 Category: Webapps Tested on: WAMPP @Win Software description: MyT Mana...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.84 views

Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal

====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525,...

9.8CVSS8.5AI score0.73056EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.46 views

SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)

Exploit Title: SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-04 Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested Version: 2.4.2 Vulnerability Type: Denial of Service Do...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.58 views

Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data

Exploit Title: Ajera Timesheets = 9.10.16 - Deserialization of untrusted data Date: 2019-01-03 Exploit Author: Anthony Cole Vendor Homepage: https://www.deltek.com/en/products/project-erp/ajera Version: = 9.10.16 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Tested on:...

8.8CVSS8.8AI score0.10269EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.44 views

BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)

Exploit Title: BlueAuditor 1.7.2.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-04 Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/blueauditorsetup.exe Tested Version: 1.7.2.0 Vulnerability Type: Denial of Service DoS Loca...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.134 views

Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.51 views

LayerBB 1.1.1 - Persistent Cross-Site Scripting

Exploit Title: LayerBB 1.1.1 - Cross-Site Scripting Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=26 Version: 1.1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-17997 1. Description: LayerBB is a free open-source...

6.1CVSS6.3AI score0.0358EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/04 12:0 a.m.71 views

Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)

!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.polkit.sh Compiling... Creating...

7CVSS7.3AI score0.07611EPSS
Exploits24
Exploit DB
Exploit DB
added 2019/01/04 12:0 a.m.83 views

Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)

!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47165.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses dbus service technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.dbus.sh Compiling... Creating...

7CVSS7.3AI score0.07611EPSS
Exploits24
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.75 views

Hashicorp Consul - Remote Command Execution via Services API (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Services API", 'Description' = %q This module exploits Hashicorp Consul's services API to gain remo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.44 views

NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)

Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-12-27 Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested Version: 3.0.0.0 Vulnerability Type: Denial of Service DoS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.98 views

Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = %q This module exploits a feature of Hashicorp Consul named rexec. ,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.31 views

WebKit JSC - 'AbstractValue::set' Use-After-Free

indexingType; mtype = speculationFromStructurestructure.get; mvalue = JSValue; checkConsistency; assertIsRegisteredgraph; It works out marrayModes using structure-indexingType instead of structure-indexingMode. As structure-indexingType masks out the CopyOnWrite flag, which indicates that the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.35 views

WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write

/ bool JSArray::shiftCountWithArrayStorageVM& vm, unsigned startIndex, unsigned count, ArrayStorage storage unsigned oldLength = storage-length; RELEASEASSERTcount hasHoles && this-structurevm-holesMustForwardToPrototypevm, this || hasSparseMap || shouldUseSlowPutindexingType return false; if...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.43 views

EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)

Exploit Title: EZ CD Audio Converter 8.0.7 - Denial of Service PoC Date: 2018-12-30 Exploit Author: Achilles Vendor Homepage: https://www.poikosoft.com/ Software Link : https://download.poikosoft.com/ezcdaudioconvertersetupx64.exe Exploit Author: Achilles Tested Version: 8.0.7 64-bit Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.48 views

WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection

Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Date: 2018-12-28 Software Link: https://wordpress.org/plugins/adicons/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.2 Category: webapps SQL Injection File: addIcon.php Vulnerable code:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.68 views

Vtiger CRM 7.1.0 - Remote Code Execution

Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Date: 2018-12-27 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link: https://sourceforge.net/projects/vtigercrm/files/latest/download Version: v7.1.0 Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.86 views

Ayukov NFTP FTP Client 2.0 - Buffer Overflow

Exploit Title: Ayukov NFTP FTP Client 2.0 - Buffer Overflow Date: 2018-12-29 Exploit Author: Uday Mittal Vendor Homepage: http://www.ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/src/nftp-1.72.zip Version : below 2.0 Tested on: Microsoft Windows XP SP3 CVE: CVE-2017-15222 EIP Location:...

9.8CVSS9.5AI score0.60328EPSS
Exploits16
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.45 views

Frog CMS 0.9.5 - Cross-Site Scripting

Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Date: 2018-12-25 Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under /install/index.php is that the Database name...

5.4CVSS5.5AI score0.01677EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.107 views

NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)

Exploit Title: NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service PoC Author: Luis Martinez Date: 2018-12-27 Vendor Homepage: www.nsauditor.com Software Link : http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Tested Version: 1.6.5.0 Vulnerability Type: Denial of Service D...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.31 views

Microsoft Windows - Windows Error Reporting Local Privilege Escalation

Make sure to copy the file report.wer found in the folder PoC-Files in the same folder as the executable before running it... I guess I could have included it as a resource in the exe.. but whatever. Example: "angrypolarbearbug.exe c:\windows\system32\drivers\pci.sys" This will overwrite pci.sys...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/30 12:0 a.m.55 views

VMware Workstation/Player < 12.5.5 - Local Privilege Escalation

!/bin/bash VMware Workstation Local Privilege Escalation exploit CVE-2017-4915 - https://www.vmware.com/security/advisories/VMSA-2017-0009.html - https://www.exploit-db.com/exploits/42045/ Affects: - VMware Workstation Player "$VMDIR/$RANDSTR.c" include include include include include include...

7.8CVSS7.8AI score0.05413EPSS
Exploits11
Exploit DB
Exploit DB
added 2018/12/30 12:0 a.m.36 views

Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation

!/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in code execution as root. By default, the first user created o...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/29 12:0 a.m.424 views

Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation

/ chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offsets have been tested on Ubuntu / Linux Mint. vroom vroom ============================== user@ubuntu:$ una...

7.8CVSS8.2AI score0.11127EPSS
Exploits16
Exploit DB
Exploit DB
added 2018/12/29 12:0 a.m.271 views

Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)

// A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on: // - Ubuntu trusty 4.4.0 kernels // - Ubuntu xenial 4.4.0 and 4.8.0 kernels // - Linux Mint rosa 4.4.0 kernels // - Linux Mint sarah 4.8.0 kernels // - Zorin OS 12.1...

7CVSS7.9AI score0.20797EPSS
Exploits19
Exploit DB
Exploit DB
added 2018/12/29 12:0 a.m.126 views

Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

// A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on Ubuntu / Linux Mint: // - 4.8.0-34-generic // - 4.8.0-36-generic // - 4.8.0-39-generic // - 4.8.0-41-generic // - 4.8.0-42-generic // - 4.8.0-44-generic // - 4.8.0-45-generic //...

7.8CVSS8.2AI score0.17827EPSS
Exploits17
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.380 views

bludit Pages Editor 3.0.0 - Arbitrary File Upload

Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Date: 2018-10-02 Google Dork: N/A Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST /admin/ajax/upload-files HTTP/1.1 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.39 views

ShareAlarmPro 2.1.4 - Denial of Service (PoC)

Exploit Title:ShareAlarmPro 2.1.4 - Denial of Service PoC Date: 2018-12-25 Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://sharealarm.nsauditor.com/downloads/sharealarmprosetup.exe Contact: https://twitter.com/T3jv1l Version:ShareAlarmPro 2.1.4 Tested on: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.42 views

NetShareWatcher 1.5.8 - Denial of Service (PoC)

Exploit Title: NetShareWatcher 1.5.8 - Denial of Service PoC Date: 2018-12-25 Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Contact: https://twitter.com/T3jv1l Version: NetShareWatcher 1.5.8 Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.68 views

Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)

Exploit Title: Terminal Services Manager 3.1 - Buffer Overflow SEH Date: 2018-12-25 Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: Terminal Services Manager 3.1 Vendor Homepage: https://lizardsystems.com Version: 3.1 Software Link: https://lizardsystems.com/download/tsmanagersetup.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.62 views

Product Key Explorer 4.0.9 - Denial of Service (PoC)

Exploit Title: Product Key Explorer 4.0.9 - Denial of Service PoC Date: 2018-12-25 Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Contact: https://twitter.com/T3jv1l Version: Product Key Explorer 4.0.9...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.68 views

Iperius Backup 5.8.1 - Buffer Overflow (SEH)

Exploit Title: Iperius Backup 5.8.1 - Buffer Overflow SEH Date: 2018-12-26 Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: Iperius Backup 5.8.1 Vendor Homepage: https://www.iperiusbackup.com Version: 5.8.1 Local Buffer Overflow SEH Unicode Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.185 views

Craft CMS 3.0.25 - Cross-Site Scripting

Exploit Title: Craft CMS 3.0.25 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-20 Exploit Author: Raif Berkay Dincel Contact: www.raifberkaydincel.com More Details 1 : https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html More Details 2 :...

4.8CVSS5.1AI score0.03702EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.69 views

MAGIX Music Editor 3.1 - Buffer Overflow (SEH)

Exploit Title: MAGIX Music Editor 3.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Date: 2018-12-24 Vulnerable Software: MAGIX Music Editor 3.1 Vendor Homepage: https://www.magix.com/us/ Version: 3.1 Software Link: https://www.magix.com/us/music/mp3-deluxe/ Music Editor Software is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.87 views

WordPress Plugin Audio Record 1.0 - Arbitrary File Upload

Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in record upload process allowing arbitrary...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/27 12:0 a.m.67 views

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload

Exploit Title: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/baggage-freight/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.1.0 Category: webapps Unrestricted file upload for unahtorized...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/12/24 12:0 a.m.43 views

FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection

Exploit Title: FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Google Dork: N/A Date: 2018-12-22 Exploit Author: Sainadh Jamalpur Vendor Homepage: http://frontaccounting.com/ Software Link: https://sourceforge.net/projects/frontaccounting/ Version: 2.4.5 Tested on: XAMPP version 3.2.2 in Windo...

7.4AI score
Exploits0
Total number of security vulnerabilities47904