Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/07/19 12:0 a.m.41 views

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Date: 7/16/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-14392 1. Description: New Threads is a plugi...

6.1CVSS6.3AI score0.48557EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/07/19 12:0 a.m.43 views

WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting

Exploit Title: WordPress Plugin All In One Favicon = 4.6 - Authenticated Multiple XSS Persistent Date: 2018-07-10 Exploit Author: Javier Olmedo Website: https://hackpuntes.com/ Vendor Homepage: http://www.techotronic.de/ Software Link: https://wordpress.org/plugins/all-in-one-favicon/ Version/s:...

4.8CVSS5.1AI score0.02003EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/07/19 12:0 a.m.45 views

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors

getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0 destRect.y1; ifflipX swapdRect.x0, dRect.x1; swapsRect.x0, sRect.x1;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/18 12:0 a.m.46 views

Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection

Exploit Title: Smart SMS & Email Manager v3.3 - SQL Injection Google Dork: N/A Date: 17.07.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/smart-sms-email-manager-ssem/14817919 Version: 3.3 Tested on: Kali linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/18 12:0 a.m.35 views

FTP2FTP 1.0 - Arbitrary File Download

Exploit Title: FTP2FTP 1.0 - Arbitrary File Download Dork: N/A Date: 18.07.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ftp2ftp-server-to-server-file-transfer-php-script/21972395 Version: 1.0 Category: Webapps Tested on: Kali linux Description : The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/18 12:0 a.m.53 views

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Exploit Title: Open-AudIT Community - 2.1.1 - Cross Site Scripting Vulnerability Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://opmantek.com/ Software Link:http://dl-openaudit.opmantek.com/OAE-Win-x8664- release2.2.1.exe Affected Version: 2.1.1 Category: WebApps Tested on...

5.4CVSS5.5AI score0.01867EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/07/18 12:0 a.m.51 views

HomeMatic Zentrale CCU2 - Remote Code Execution

Exploit Title: HomeMatic Zentrale CCU2 Unauthenticated RCE Date: 16-07-2018 Software Link: https://www.homematic.com/ Exploit Author: Kacper Szurek - ESET Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube: https://www.youtube.com/c/KacperSzurek Category: remot...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/18 12:0 a.m.136 views

Modx Revolution < 2.6.4 - Remote Code Execution

Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload = 'ctx': 'web', 'cachefilename': '../../payload.php'...

7.2CVSS7.2AI score0.64088EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.38 views

Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)

Linux/x64 - Reverse ::1:1337/TCP + IPv6 + Password pwnd Shellcode 115 bytes. Shellcode exploit for Linuxx86-64 platform / ; Title : Reverse Shell IPv6 with Password - Shellcode ; Author : Hashim Jawad @ihack4falafel ; OS : Linux kali 4.15.0-kali2-amd64 1 SMP Debian 4.15.11-1kali1 2018-03-21 x8664...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.74 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 R...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.61 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.81 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.73 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 R...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.89 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 Re...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.70 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 R...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.45 views

Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Nanopool Claymore Dual Miner APIs RCE', 'Description' = %q This module takes advantage of miner remote...

7.5CVSS7.4AI score0.77297EPSS
Exploits7
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.66 views

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/17 12:0 a.m.42 views

QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "QNAP Q'Center changepasswd Command Execution", 'Description' = %q This module exploits a command injection vulnerability in the changepasswd API...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.41 views

Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)

Linux/ARM - Bind 1234/TCP Shell /bin/sh Shellcode 104 bytes. Shellcode exploit for ARM platform / Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.77 views

Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463 CVSS: HIGH...

9.8CVSS8.7AI score0.13849EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.54 views

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-ENTERPRISE-MODE-SITE-LIST-MANAGER-XXE.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ============= www.microsoft Product ===========...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.58 views

PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation

!/usr/bin/env python3 PrestaShop = 1.6.1.19 Privilege Escalation Charles Fol 2018-07-10 See https://ambionics.io/blog/prestashop-privilege-escalation The condition for this exploit to work is for an employee to have the same password as a customer. The exploit will yield a valid employee cookie f...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.51 views

VelotiSmart WiFi B-380 Camera - Directory Traversal

Title: Vulnerability in VelotiSmart Wifi - Directory Traversal Date: 12-07-2018 Scope: Directory Traversal Platforms: Unix Author: Miguel Mendez Z Vendor: VelotiSmart Version: B380 CVE: CVE-2018–14064 Vulnerability description ------------------------- - The vulnerability that affects the device ...

9.8CVSS7.4AI score0.3757EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.49 views

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

Exploit Title: Wordpress Plugin Job Manager v4.1.0 Stored Cross Site Scripting Google Dork: N/A Date: 2018-07-15 Exploit Author: Berk Dusunur & Selimcan Ozdemir Vendor Homepage: https://wpjobmanager.com Software Link: https://downloads.wordpress.org/plugin/wp-job-manager.latest-stable.zip Affecte...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.33 views

PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation

!/usr/bin/env python3 PrestaShop = 1.6.1.19 AES Rijndael / opensslencrypt Cookie Read Charles Fol See https://ambionics.io/blog/prestashop-privilege-escalation This POC will reveal the content of an employee's cookie. By modifying it one can read/write any PrestaShop cookie. It is a simple paddin...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.107 views

Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

/ Note: I am both sending this bug report to [email protected] and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix this. I noticed halfdog's old writeup at...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.33 views

macOS/iOS - JavaScript Injection Bug in OfficeImporter

QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code using OfficeImport and renders it using WebKit. The...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.101 views

Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery

Exploit Title: Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Date: 2018-07-§3 Exploit Author: Ahmethan-Gultekin - t4rkd3vilz Vendor Homepage: https://www.grundig.com/ Software Link: https://play.google.com/store/apps/details?id=arcelik Version: Before Smart Inter@ctive 3.0 Tested on:...

8.8CVSS8.9AI score0.03183EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.41 views

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Date: 2018-07-13 Shodan Dork: CLR-M20 Exploit Author: Safak Aslan Software Link: http://www.celalink.com Version: 2.7.1.6 CVE: 2018-15137 Authentication Required: No Tested on: Windows Vulnerability Description Due to the Via WebDAV...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.32 views

Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Manage Engine Exchange Reporter Plus Unauthenticated RCE', 'Description' = %q This module exploits a remote code execution vulnerability that...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.84 views

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: FW 01 - 01.01.1001 fixed version: FW 02 CVE...

8.8CVSS6.2AI score0.3014EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.65 views

Apache CouchDB - Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache CouchDB Arbitrary Command Execution', 'Description' = %q CouchDB administrative users can configure the database server via HTTPS. Some of...

10CVSS8.4AI score0.99838EPSS
Exploits21
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.90 views

Hadoop YARN ResourceManager - Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN ResourceManager Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.89 views

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' require 'msf/core/exploit/exe'...

7.8CVSS7.3AI score0.18696EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.47 views

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" memberName = "IsBl...

8.8CVSS8.8AI score0.06271EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.69 views

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version: =14.2.1 CVE number: CVE-2018-13981, CVE-2018-13980 impact: critical...

9.8CVSS6.5AI score0.17282EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.229 views

phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...

8.8CVSS7.4AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.83 views

QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. Advisory Information Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006 Advisory URL:...

9CVSS7.8AI score0.59215EPSS
Exploits12
Exploit DB
Exploit DB
added 2018/07/12 12:0 a.m.42 views

Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions

/ Here's a PoC: / function optstr for let i = 0; i .var s9.var = LdSlot s32s18l53.var s7.var = LdSlot s20s18l51.var s8.var = LdSlot s19s18l52.var s1Object.var = LdA 0x7FFFF47A0000 GlobalObjectObject.var s2.var = LdCAI4 0 0x0.i32 s3.var = LdCAI4 200 0xC8.i32 s4.var = LdCAI4 1 0x1.i32 s5String.var ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/12 12:0 a.m.28 views

Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes

/ It seems that this issue is similar to the issue 1429 MSRC 42111. It might need to refresh the page several times to observe a crash. PoC: / let arr = new Uint32Array1000; for let i = 0; i 0x1000000; i++ for let j = 0; j 1; j++ i--; i++; arri = 0x1234;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/12 12:0 a.m.31 views

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read

/ BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlagsExtraArg flag which...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/11 12:0 a.m.25 views

Awk to Perl 1.007-5 - Buffer Overflow (PoC)

Exploit Title: Awk to Perl 1.007-5 - Buffer Overflow PoC Author: Todor Donev Date: 2018-07-11 Software: Linux Awk to Perl Translator '/usr/bin/a2p' Version: 1.007-5 CVE: N/A Tested on: CentOS 6.9, Ubuntu 10 todor@adamantium $ python -c "print 'A' 2070" | a2p /dev/null Segmentation fault...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/11 12:0 a.m.71 views

Instagram-Clone Script 2.0 - Cross-Site Scripting

Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting Date: 2018-07-10 Exploit Author: L0RD Vendor Homepage: https://github.com/yTakkar/Instagram-clone Version: 2.0 CVE: CVE-2018-13849 Tested on: Kali linux POC : Persistent Cross site scripting : vulnerable file : editrequests.php...

6.1CVSS7AI score0.02273EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/07/11 12:0 a.m.38 views

Dicoogle PACS 2.5.0 - Directory Traversal

Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal Date: 2018-05-25 Software Link: http://www.dicoogle.com/home Version: Dicoogle PACS 2.5.0-201712291522 Category: webapps Tested on: Windows 2012 R2 Exploit Author: Carlos Avila Contact: http://twitter.com/badboynt 1. Description Dicoogle is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/11 12:0 a.m.77 views

IBM QRadar SIEM - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'IBM QRadar SIEM Unauthenticated Remote Code Execution', 'Description' = %q IBM QRadar SIEM has three vulnerabilities in th...

5.7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/11 12:0 a.m.79 views

JavaScript Core - Arbitrary Code Execution

// Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new Uint8Arrayconva; var floatarrmagic = new...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/10 12:0 a.m.66 views

Elektronischer Leitz-Ordner 10 - SQL Injection

Title: Elektronischer Leitz-Ordner 10 - SQL Injection Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Software: https://www.elo.com/en-de/ CVE: N/A Affected Products: ELOenterprise 10 ELO Access Manager = 10.17.120 ELOenterprise 9 ELO Access Manager = 9.17.120 ELOprofessional 10 E...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/10 12:0 a.m.1545 views

Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

/ Credit @bleidl, this is a slight modification to his original POC https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c For details on how the exploit works, please visit https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html Tested on Ubuntu 16.04 with th...

7.8CVSS7.8AI score0.30052EPSS
Exploits16
Exploit DB
Exploit DB
added 2018/07/10 12:0 a.m.46 views

D-Link DIR601 2.02 - Credential Disclosure

Exploit title: D-Link DIR601 2.02NA - Credential disclosure Date: 2018-07-10 Exploit Author: Richard Rogerson Vendor Homepage: http://ca.dlink.com/ Software Link: http://support.dlink.ca/ProductInfo.aspx?m=DIR-601 Version: = 2.02NA Tested on: D-Link DIR601 Firmware 2.02NA Contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/10 12:0 a.m.47 views

WolfSight CMS 3.2 - SQL Injection

Exploit Title: WolfSight CMS 3.2 - SQL Injection Google Dork: N/A Date: 2018-07-10 Exploit Author: Berk Dusunur & Zehra Karabiber Vendor Homepage: http://www.wolfsight.com Software Link: http://www.wolfsight.com Version: v3.2 Tested on: Parrot OS / WinApp Server CVE : N/A PoC Sql Injection...

7.4AI score
Exploits0
Total number of security vulnerabilities47904