Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/08/10 12:0 a.m.110 views

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting

Exploit Title: Xss Zimbra Mail server Google Dork: Date: 2018/08/10 Exploit Author: Dinbar78 Vendor Homepage: https://www.zimbra.com/ Version: 8.6.0GA1153 build 20141215151110 bug 103609 or CVE-2016-3411 Payload: es. https:// zimbrasite/h/changepass?skin="alert'hacked';...

6.1CVSS6.6AI score0.03628EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/08/09 12:0 a.m.57 views

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Information Disclosure Date: 2018-08-09 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link: https://www.tp-link.com/download/Archer-C50V3.htmlFirmware...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/09 12:0 a.m.24 views

Soroush IM Desktop App 0.17.0 - Authentication Bypass

Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Date: 2018-08-08 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on: Windows 10 1803 and windows server 2016 14393 Securi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/09 12:0 a.m.42 views

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Remote Reboot Date: 2018-08-09 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link: https://www.tp-link.com/download/Archer-C50V3.htmlFirmware Firmware...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/09 12:0 a.m.32 views

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link: https://mikrotik.com/download Version: 6.29 - 6.42 Tested on: Metasploit...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/09 12:0 a.m.325 views

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

// A proof-of-concept exploit for CVE-2017-18344. // Includes KASLR and SMEP bypasses. No SMAP bypass. // No support for 1 GB pages or 5 level page tables. // Tested on Ubuntu xenial 4.4.0-116-generic and 4.13.0-38-generic // and on CentOS 7 3.10.0-862.9.1.el7.x8664. // // gcc pwn.c -o pwn // // ...

5.5CVSS6.9AI score0.03228EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/08/09 12:0 a.m.62 views

reSIProcate 1.10.2 - Heap Overflow

''' CVE ID: CVE-2018-12584 TIMELINE Bug report with test code sent to main reSIProcate developers: 2018-06-15 Patch created by Scott Godin: 2018-06-18 CVE ID assigned: 2018-06-19 Patch committed to reSIProcate repository: 2018-06-21 Advisory first published on website: 2018-06-22 Advisory sent to...

9.8CVSS8.7AI score0.24589EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/08 12:0 a.m.99 views

osTicket 1.10.1 - Arbitrary File Upload

Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details: osTicket application provides a...

9.8CVSS9.6AI score0.15977EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/08 12:0 a.m.39 views

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

Exploit Title:- TP-Link Wireless N Router WR840N - Denial of Service PoC Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version: TP-Link Wireless N Router WR840N Category: Hardware Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/08 12:0 a.m.56 views

iSmartViewPro 1.5 - 'Account' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'Account' Buffer Overflow Discovery by: Alan Joaquín Baeza Meza Discovery Date: 2018-08-07 Vendor Homepage: http://www.securimport.com/n/en/ Software Link: https://securimport.com/university/index.php/videovigilancia-ip/software/493-software-ismartviewpro-v1-5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/08 12:0 a.m.28 views

LG-Ericsson iPECS NMS 30M - Directory Traversal

Exploit Title: LG-Ericsson iPECS NMS 30M - Directory Traversal Shodon Dork: iPECS CM Exploit Author: Safak Aslan Software Link: www.ipecs.com Version: 30M-B.2Ia and 30M-2.3Gn Authentication Required: No Tested on: Linux CVE: N/A Description The directory traversal was detected on LG-Ericsson's...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/08 12:0 a.m.53 views

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow Author: Rodrigo Eduardo Rodriguez Discovery Date: 2018-08-07 Vendor Homepage: https://securimport.com/ Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/07 12:0 a.m.19 views

Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Request ForgeryAccount Hijacking Date: 2018-08-04 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Product Name: Monstra-dev Version: 3.0.4 Tested on: Windows 10 Firefox/Chrome CVE : N/A 1. Description CSRF vulnerability in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/07 12:0 a.m.45 views

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)

%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Exploit Title: Foxit Reader 9.0.1.1049 - Buffer Overflow ASLRDEP Date: 2018-08-04 Exploit Author: Manoj Ahuje Tested on: Windows 7 Pro x32 Software Link:...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/07 12:0 a.m.74 views

OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated)

Title: OpenEMR 5.0.1.3 - Remote Code Execution Authenticated Author: Cody Zacharias Date: 2018-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile: https://github.com/haccer/exploits/blob/master/OpenEMR-RCE/Dockerfile...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/07 12:0 a.m.48 views

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

Exploit Title : QNap QVR Client 5.0.3.23100 - Denial of Service PoC Discovery by : Rodrigo Eduardo Rodriguez Discovery Date : 2018-08-06 Vendor Homepage: http://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/Utility/QNewMon5.zip Tested Version : 5.0.3.23100...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.62 views

Monstra 3.0.4 - Cross-Site Scripting

Monstra 3.0.4 - Cross-Site Scripting. CVE-2018-14922. Webapps exploit for PHP platform Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting Date: 04-08-2018 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Software Link: https://github.com/monstra-cms/monstra Published In-...

6.1CVSS6.8AI score0.01952EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.37 views

Open-AudIT Community 2.2.6 - Cross-Site Scripting

Exploit Title: Open-AudIT Community 2.2.6 - Cross-Site Scripting Google Dork:NA Exploit Date: 2018-08-01 Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://opmantek.com/ Software Link:https://opmantek.com/network-tools-download/open-audit/ Affected Version: 2.2.6 Category: WebApps Tested on...

6.1CVSS6.3AI score0.40434EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.33 views

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Date: 2018-08-05 Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1109.exe Tested on: Windows 10 Home x...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.69 views

Subrion CMS 4.2.1 - Cross-Site Scripting

Exploit Title: Subrion CMS- 4.2.1 XSS Using component with known Vulnerability Date: 02-08-2018 Exploit Author: Zeel Chavda Vendor Homepage: https://subrion.org/ Software Link: https://subrion.org/download/ Version: 4.2.1 REQUIRED Tested on: Windows,FireFox CVE : CVE-2018-14840 Steps: - 1. Create...

6.1CVSS6.3AI score0.03666EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.33 views

Sitecore.Net 8.1 - Directory Traversal

Exploit Title: Sitecore.Net 8.1 - Directory Traversal Date: 2018-04-23 CVE: CVE-2018-7669 Researcher: Chris Moberly at The Missing Link Security Vendor: Sitecore Version: CMS - 8.1 and up earlier versions untested Authentication required: Yes An issue was discovered in Sitecore CMS that affects a...

7.8CVSS7.6AI score0.17482EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.44 views

LAMS < 3.1 - Cross-Site Scripting

Exploit Title: LAMS 3.1 - Cross-Site Scripting Date: 2018-08-05 Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application Platform: Java Version: = 3.1 CVE:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.46 views

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Cross-Site Request Forgery Add Admin Google Dork: Powered by onArcade v2.4.2 Date: 2018/August/4 Author: r3m0t3nu11Zero-way Software Link: "http://www.onarcade.com" Version: "Uptodate" the appilication is vulnerable to CSRF attack No CSRF token in place meaning that if an admin use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.27 views

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Exploit Title: AgataSoft Auto PingMaster 1.5 - Buffer Overflow SEH Date: 2018-08-03 Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: AgataSoft Auto PingMaster 1.5 Vendor Homepage: http://agatasoft.com/ Version: 1.5 Software Link : http://agatasoft.com/PingMaster.exe Tested Windows 7 SP1 x...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.59 views

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.35 views

CMS ISWEB 3.5.3 - Directory Traversal

Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/05 12:0 a.m.94 views

Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation

include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE driver memsetLPVOID0x000000001a000000, 0x11, 0x1000;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.39 views

Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting. CVE-2018-14082. Webapps exploit for PHP platform Exploit Title: Entrepreneur Job Portal Script 3.0.1- has Stored XSS via Search bar and Location Date: 14.07.2018 Site Titel : JOB SITE Job Portal Vendor Homepage:...

5.4CVSS5.7AI score0.00663EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.62 views

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)

Linux/x86 - Reverse TCP ::FFFF:192.168.1.5:4444/TCP Shell /bin/sh + Null-Free + IPv6 Shellcode 86 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - Reverse TCP shell IPv6 + Null Free Shellcode Author: Kartik Durg Shellcode Length: 86 BYTES Student-ID: SLAE-1233 Note...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.59 views

Basic B2B Script 2.0.0 - Cross-Site Scripting

Basic B2B Script 2.0.0 - Cross-Site Scripting. CVE-2018-14541. Webapps exploit for PHP platform Exploit Title: PHP Scripts Mall Basic B2B Script 2.0.0 has Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. Date: 20.07.2018 Site Titel : B2B Script Vendor...

5.4CVSS5.6AI score0.00663EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.35 views

Linux/ARM - Bind (4444/TCP) Shell +IPv6 Shellcode (128 Bytes)

Linux/ARM - Bind 4444/TCP Shell +IPv6 Shellcode 128 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - IPv6 4444/TCP Bind Shellcode 128 Bytes Date: 2018-07-25 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP...

Exploits0
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.24 views

cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal

There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request"; return; if !strcmpctx.qry.path, "info/packs" printpackinfo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.56 views

Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use...

9.8CVSS9.5AI score0.31809EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.138 views

Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Kernel UDP Fragmentation Offset UFO Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems...

7CVSS7.9AI score0.20797EPSS
Exploits19
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.43 views

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

9.8CVSS9.7AI score0.20695EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.40 views

PHP Template Store Script 3.0.6 - Cross-Site Scripting

Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name Date: 02.08.2018 Site Titel : Exclusive Scripts Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/ Category: Web Application Version: 3.0.6 Exploit...

5.4CVSS5.5AI score0.01604EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.29 views

Wedding Slideshow Studio 1.36 - Buffer Overflow

Exploit Title: Socumsoft Wedding Slideshow Studio 1.36 Date: 02.08.2018 Exploit Author: Achilles Vendor Homepage: http://www.socusoft.com Vulnerable Software: http://www.socusoft.com/down/wedding-slideshow-studio.exe Tested on OS: Windows 7 64-bit DE Steps to reproduce: Copy the contents of the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.20 views

TI Online Examination System v2 - Arbitrary File Download

Exploit Title: TI Online Examination System v2 - Arbitrary File Download Dork: N/A Date: 02.08.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 Version: 2.0 Category: Webapps Tested on: Kali linux Description : Th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.30 views

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting. CVE-2018-13256. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Chartered Accountant : Auditor Website 2.0.1 - Reflected , Stored XSS Date: 26.06.2018 Site Titel : Find your needs on Domain Name...

6.1CVSS6.1AI score0.01049EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.37 views

CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection

Title : CoSoSys Endpoint Protector - Authenticated Remote Root Command Injection Date : Vulnerability submitted in 01/12/2017 and published in 01/08/2018 Author : 0x09AL Tested on : Endpoint Protector 4.5.0.1 Software Link : https://www.endpointprotector.com/ Vulnerable Versions : Endpoint...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.26 views

Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation

Title: Imperva SecureSphere = v13 - Privilege Escalation Author: 0x09AL Date: 01/08/2018 Tested on: Imperva SecureSphere 11.5,12.0,13.0 Vendor: https://www.imperva.com/ Vulnerability Description There is a program named PCE.py which runs as root and starts a unix domain socket listener in...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.21 views

PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection

Exploit Title: FB Inboxer 1.2 - 'searchfield' SQL Injection Google Dork: N/A Date: 02.08.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/pageresponse-a-fb-inboxer-addon-facebook-auto-commentprivate-reply-likeshare-for-full-page/21486371 Version: 1.2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.47 views

SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SecureSphere v12.0.0.50 - SealMode Shell Escape root", 'Description' = %q This module exploits a vulnerability in SecureSphere cli to escape the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.47 views

Seq 4.2.476 - Authentication Bypass

Exploit Title: Seq 4.2.476 - Authentication Bypass Date: 2018-08-02 Exploit Author: Daniel Chactoura Vendor Homepage: https://getseq.net/ Software Link: https://getseq.net/Download/All Version: = 4.2.476 CVE : CVE-2018-8096 Post Reference:...

9.8CVSS9.6AI score0.5006EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.42 views

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

9.8CVSS9.6AI score0.20185EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.44 views

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Exploit Title: AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-02 Vendor Homepage: http://agatasoft.com/ Software Link : http://agatasoft.com/PingMaster.exe Tested Version: 1.5 Vulnerability Type: Denial of Service DoS Local...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.30 views

ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution

Exploit Title: ASUS DSL-N12EC1 1.1.2.3345 - Remote Command Execution Date: 2018-08-02 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.asus.com/ Software Link: https://www.asus.com/Networking/DSLN12EC1/HelpDeskBIOS/ Version: 1.1.2.3345 Tested on: 1.1.2.3345 GET...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.32 views

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)

input t...

8.8CVSS8.8AI score0.02513EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.87 views

Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation

/ Exploit Title: Solaris/OpenSolaris AVS kernel code execution Google Dork: if applicable Date: 24/7/2018 Exploit Author: mu-b Vendor Homepage: oracle.com Software Link: Version: Solaris 10, Solaris Sun Opensolaris include include include include include include include include include include...

7.8CVSS8AI score0.01693EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/08/01 12:0 a.m.47 views

Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)

Linux/ARM - Reverse ::1:4444/TCP Shell /bin/sh +IPv6 Shellcode 116 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - IPv6 ::1 4444/TCP Reverse Shellcode 116 Bytes Date: 2018-07-25 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi...

0.2AI score
Exploits0
Total number of security vulnerabilities47904