Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.55 views

WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection

Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...

7.8CVSS7.9AI score0.05209EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.85 views

DIGISOL DG-BR4000NG - Cross-Site Scripting

Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Date: 2018-06-24 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta Basu Contact :...

6.1CVSS6.5AI score0.02293EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.41 views

KVM (Nested Virtualization) - L1 Guest Privilege Escalation

When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is enforced by hardware. However, for code running in L...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.75 views

Foxit Reader 9.0.1.1049 - Remote Code Execution

%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...

8.8CVSS7.8AI score0.64074EPSS
Exploits13
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.49 views

Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Summary: Ecessa's ShieldLink 60, 175, 600,12...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.100 views

Travel Agency 1.1 - 'cid' SQL Injection

Travel Agency 1.1 - 'cid' SQL Injection. Webapps exploit for PHP platform Exploit Title: Travel Agency 1.1 - 'cid' SQL Injection Data: 2018-06-23 Exploit Author: Ashkan Moghaddas Tested on: Windows - Linux Google Dork: N/A CVE: N/A Vulnerable Page: /add.city.php Vulnerable Source:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.62 views

AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Date: 2018-06-23 Exploit Author: Wadeek Vendor Homepage: https://www.asus.com/ Firmware Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC750GF/FWRTAC750GF30043806038.zip Firmware Version: 3.0.0.4.380.6038...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.88 views

DIGISOL DG-BR4000NG - Buffer Overflow (PoC)

Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Category Hardware Exploit Author Adipta Basu...

9.8CVSS7AI score0.10036EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.59 views

Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Exploit title: Ecessa WANWorx WVR-30 input type="hidden" nam...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/25 12:0 a.m.64 views

WordPress Plugin iThemes Security < 7.0.3 - SQL Injection

Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Date: 2018-06-25 Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link: https://wordpress.org/plugins/better-wp-security/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/22 12:0 a.m.80 views

QEMU Guest Agent 2.12.50 - Denial of Service

Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50 CVE : CVE-2018-12617 QEMU Guest Agent 2.12.5...

7.5CVSS8AI score0.25348EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/22 12:0 a.m.62 views

Opencart < 3.0.2.0 - Denial of Service

!/usr/bin/perl -w Opencart https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Tested store with added more than 1000 products todor@adamantium cartkiller torsocks perl killcart.pl example.com Opencart = 3.0.2.0 googlesitemap Remote Denial of Service resource exhaustion Connecting...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/22 12:0 a.m.254 views

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...

8.8CVSS8.8AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2018/06/22 12:0 a.m.56 views

GreenCMS 2.3.0603 - Information Disclosure

Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information Date: 2018-06-21 Exploit Author: vrsystem Vendor Homepage: https://github.com/GreenCMS/GreenCMS/ Software Link: https://github.com/GreenCMS/GreenCMS/ Version: GreenCMS 2.3.0603 Tested on: windows 7 CVE : CVE-2018-12604...

7.5CVSS7.6AI score0.13344EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/22 12:0 a.m.86 views

phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)

Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Google Dork:N/A Date: 21.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Version: 1.2.2 Tested on: Pardus / Debian Web Server CVE : N...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/21 12:0 a.m.70 views

Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution

Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB: https://support.emc.com/kb/521234 Github:...

10CVSS9.6AI score0.43287EPSS
Exploits12
Exploit DB
Exploit DB
added 2018/06/21 12:0 a.m.30 views

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)

The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Lin...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/21 12:0 a.m.51 views

Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution

Exploit Title: Dell EMC RecoverPoint &2 root@recoverpoint:/ id uid=0root gid=0root groups=0root root@recoverpoint:/...

10CVSS9.6AI score0.43287EPSS
Exploits12
Exploit DB
Exploit DB
added 2018/06/21 12:0 a.m.40 views

LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)

Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: users can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html Version: 3.7.0 CVE : CVE-2018-12602 A...

8.8CVSS8.8AI score0.03041EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/21 12:0 a.m.70 views

LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html Version: 3.7.0 CVE :...

8.8CVSS8.8AI score0.03626EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.100 views

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of...

7.2CVSS6.5AI score0.03553EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.138 views

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as...

7CVSS7.2AI score0.03181EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.53 views

Mirasys DVMS Workstation 5.12.6 - Path Traversal

Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6...

7.5CVSS7.6AI score0.078EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.44 views

NewMark CMS 2.1 - 'sec_id' SQL Injection

Exploit Title: NewMark CMS 2.1 - SQL Injection secid Google Dork: /catalog/?sectid= Date: 2018-06-20 Exploit Author: Berk Dusunur Vendor Homepage: https://nmark.ru/ Software Link: https://nmark.ru/razrabotka/korporativniy-sayt/ Version: v2.1 Tested on: Pardus CVE : N/A Prof Of Consept sec id...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.59 views

TP-Link TL-WA850RE - Remote Command Execution

!/usr/bin/env python Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Command Execution Date: 19/06/2018 Exploit Author: yoresongo - Advisability S.A.S Colombia www.advisability.co Vendor Homepage: https://www.tp-link.com/ Firmware Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.44 views

VideoInsight WebClient 5 - SQL Injection

Title: VideoInsight WebClient 5 - SQL Injection Date: 2018-05-06 Author: vosec Vendor Homepage: https://www.security.us.panasonic.com/ Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/ Version: 5 Tested on: Windows Server 2008 R2 CVE: N/A Description: This...

7.5CVSS7.2AI score0.02393EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.75 views

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11 CVE : CVE-2018-12327 Stack-based buffer...

9.8CVSS7.8AI score0.29037EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.218 views

Redis 5.0 - Denial of Service

Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the xgroupCommand function in tstream.c in...

7.5CVSS7.6AI score0.24182EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.100 views

Apache CouchDB < 2.1.0 - Remote Code Execution

Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...

10CVSS8.4AI score0.99838EPSS
Exploits21
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.70 views

IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)

require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in th...

7.5CVSS7.5AI score0.56318EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/06/20 12:0 a.m.50 views

MaDDash 2.0.2 - Directory Listing

Exploit Title: MaDDash 2.0.2 - Directory Listing Date: 2018-06-18 Vendor: perfSONAR Download Link: https://github.com/esnet/maddash/archive/master.zip Version: 2.0.2 Exploit Author: ManhNho CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525 Category: Webapps Tested on: Windows 7 ---...

5.3CVSS5.2AI score0.07224EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.27 views

Redatam Web Server < 7 - Directory Traversal

Exploit Title: Redatam Web Server R+SP WebUtilities Exception Error Number 401 Error Message File not found in folder C:\wamp\apps\redatam\redbin\ - blablabla Script directory /wamp/a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.53 views

Audiograbber 1.83 - Local Buffer Overflow (SEH)

Exploit Title: Audiograbber 1.83 - Local Buffer Overflow SEH Date: 2018-06-16 Exploit Author: Dennis 'dhn' Herrmann Vendor Homepage: https://www.audiograbber.org/ Version: 1.83 Tested on: Windows 7 SP1 x86 !/usr/bin/env python $Id: exploit.py,v 1.0 2018/06/16 13:25:59 dhn Exp $ Tested with Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.78 views

Microsoft COM for Windows - Privilege Escalation

Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...

8.8CVSS7.8AI score0.73185EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.201 views

Redis-cli < 5.0 - Buffer Overflow (PoC)

Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow in redis-cli of Redis version 3.2, 4....

8.4CVSS8.2AI score0.02678EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.64 views

Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)

Exploit Title: Joomla!Component jomres 9.11.2 - Cross site request forgery Date: 2018-06-15 Exploit Author: L0RD Vendor Homepage: https://www.jomres.net/ Software link: https://extensions.joomla.org/extension/jomres/ Software Download:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.116 views

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)

Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.52 views

Pale Moon Browser < 27.9.3 - Use After Free (PoC)

Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList';...

9.8CVSS9.7AI score0.09182EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/18 12:0 a.m.326 views

Nikto 2.1.6 - CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

10CVSS9.5AI score0.24727EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/15 12:0 a.m.61 views

Dimofinf CMS 3.0.0 - Cross-Site Scripting

Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-13 Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS" web-application. The vulnerability is located in t...

5.4CVSS7AI score0.0175EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/15 12:0 a.m.88 views

Soroush IM Desktop App 0.15 (beta) - Authentication Bypass

Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 1803 Security Issue: Attackers can unloc...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/15 12:0 a.m.73 views

OEcms 3.1 - Cross-Site Scripting

Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-15 Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. The vulnerability is locate...

5.4CVSS5.5AI score0.05634EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/14 12:0 a.m.63 views

Joomla! Component Ek Rishta 2.10 - SQL Injection

Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download: https://extensions.joomla.org/extension/ek-rishta/ CVE: CVE-2018-12254...

8.8CVSS8.8AI score0.02616EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/14 12:0 a.m.35 views

rtorrent 0.9.6 - Denial of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.213 views

glibc - 'realpath()' Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain root privileges on Linux systems by abusing a vulnerabili...

7.8CVSS8.9AI score0.13368EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.94 views

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01 Rockwell Automation RSLinx Classic...

7.8CVSS7.6AI score0.02755EPSS
Exploits7
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.303 views

DHCP Client - Command Injection 'DynoRoot' (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager...

7.9CVSS7.9AI score0.94457EPSS
Exploits14
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.44 views

MACCMS 10 - Cross-Site Request Forgery (Add User)

Exploit Title: MACCMSV10 CSRF vulnerability add admin account Date: 2018-06-11 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSRF vulnerability in maccmsv10,this...

8.8CVSS8.8AI score0.02975EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.36 views

Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload

Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMint More: Login required PoC In the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/13 12:0 a.m.64 views

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...

7AI score
Exploits0
Total number of security vulnerabilities47904