Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•77 views

Canon LBP6030w - Authentication Bypass

Canon LBP6030w - Authentication Bypass. CVE-2018-12049. Webapps exploit for Hardware platform Exploit Title: Canon LBP6030w - Authentication Bypass Date: 2018-06-07 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP6030w Severity: High Leads to full System Manager Mode...

10CVSS9.7AI score0.05182EPSS
Exploits6
Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•56 views

Joomla! Component EkRishta 2.10 - 'username' SQL Injection

Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•44 views

Canon PrintMe EFI - Cross-Site Scripting

Title: Canon PrintMe EFI - Cross-Site Scripting Date: 9.6.2018-06-09 Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

6.1CVSS6.3AI score0.02469EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•39 views

WordPress Plugin Google Map < 4.0.4 - SQL Injection

Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE ANALYSEEXTRACTVALUE4242,CONCAT0x42,BENCHMARK42000000,MD50x42424242,42 SQL injection...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•81 views

OX App Suite 7.8.4 - Multiple Vulnerabilities

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.3-rev30, 7.8.2-rev3...

8.8CVSS5.7AI score0.08387EPSS
Exploits8
Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•41 views

WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection

Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body: entryid=ExploitCodeHere&wpnonce=xxx&action=ufblgetentrydetailaction Disclosure Timeline 2018/06/01 Vulnerabilities...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/12 12:0 a.m.•34 views

Canon LBP7110Cw - Authentication Bypass

Canon LBP7110Cw - Authentication Bypass. CVE-2018-12048. Webapps exploit for Hardware platform Exploit Title: Canon LBP7110Cw - Authentication Bypass Date: 2018-06-07 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP7110Cw CVE: CVE-2018-12049 Severity: High Leads to fu...

10CVSS9.7AI score0.05182EPSS
Exploits6
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•25 views

Schools Alert Management Script - Arbitrary File Deletion

Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

7.5CVSS7.6AI score0.11037EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•37 views

WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection

Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET /wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc original GET...

9.8CVSS9.6AI score0.0533EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•27 views

Joomla! Component EkRishta 2.10 - 'cid' SQL Injection

Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection Dork: N/A Date: 08.06.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extension/ek-rishta/ Version: 2.10 Tested on: WiN7x64/ video : https://youtu.be/UWGFVUU9AU0 Exploit Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•29 views

Schools Alert Management Script - SQL Injection

Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

9.8CVSS9.7AI score0.0328EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•28 views

Event Manager Admin panel - 'events_new.php' SQL injection

Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Tested on: windows 10 1...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•28 views

Schools Alert Management Script - Arbitrary File Read

Exploit Title: Schools Alert Management Script - Arbitrary File Read Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

7.5CVSS7.6AI score0.39391EPSS
Exploits4
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•42 views

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)

Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. , 'License' = MSFLICENSE, 'Author' = 'Dhiraj Mishra'...

7.5CVSS8.2AI score0.69016EPSS
Exploits10
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•42 views

Siaberry 1.2.2 - Command Injection

Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage. The device is intended to give...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•36 views

Schools Alert Management Script - 'get_sec.php' SQL Injection

Exploit Title: Schools Alert Management Script - 'getsec.php' SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

9.8CVSS9.7AI score0.04695EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•33 views

userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting

Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page !/usr/bin/perl use strict; use LWP::UserAgent;...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/11 12:0 a.m.•26 views

userSpice 4.3.24 - Username Enumeration

Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if lensys.argv != 3: print 'Usage:',...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•37 views

Google Chrome - Integer Overflow when Processing WebAssembly Locals

/ When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•33 views

WebKit - WebAssembly Compilation Info Leak

arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the function createSourceBufferFromValue copies the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•75 views

TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt + ISR: Apparition Security Greetz: indoushka|Eduardo|Dirty0tis Vendor: =============...

4.4CVSS5.6AI score0.01362EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•43 views

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access

There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed from the incoming packet header. If the incoming frame is of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•221 views

XiongMai uc-httpd 1.0.0 - Buffer Overflow

Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on TCP/81 CVE ID: CVE-2018-10088 DISCLAIMER: Thi...

10CVSS9.6AI score0.40386EPSS
Exploits8
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•76 views

Splunk < 7.0.1 - Information Disclosure

Exploit Title: Splunk 7.0.1 - Information Disclosure Date: 2018-05-23 Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows information disclosure by appending...

5.3CVSS5.3AI score0.98371EPSS
Exploits7
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•49 views

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access

There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporalidx = info.gof-temporalidxgofidx; ... for sizet l = 0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•28 views

WebKit - Use-After-Free when Resuming Generator

!-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state = this.@generatorState; and set by calling: generator.@generatorState...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•48 views

Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)

Linux/ARM - Egghunter 0x50905090 + execve'/bin/sh' Shellcode 60 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Memsafe egghunter 0x50905090 + execve"/bin/sh". Null free shellcode 60 bytes Date: 2018-06-06 Tested: armv7l Raspberry Pi v3 and armv6l Raspberry Pi Zero W Author: rtmcx ...

Exploits0
Exploit DB
Exploit DB
•added 2018/06/08 12:0 a.m.•40 views

Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service

Title: Gnome Web/Epiphany Browser libephymain.so in GNOME WEB/Epiphany PoC: b1tch3z = window.open"https://www.google.com", "bl1ngbl1ng", "width=250,height=250"; b1tch3z.document.write"ua b1tch3z"; // https://github.com/undergroundagency // https://github.com/ldpreload Video PoC:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/07 12:0 a.m.•32 views

WampServer 3.0.6 - Cross-Site Request Forgery

Exploit Title: WampServer 3.0.6 - Cross-Site Request Forgery Date: 2018-06-11 Exploit Author: L0RD Software Link: https://ufile.io/gpqh9 Vendor Homepage: http://www.wampserver.com/en/ Version: 3.0.6 - 64bit Tested on: Win 10 Description : An issue was discovered in WampServer 3.0.6 which allows a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/07 12:0 a.m.•24 views

WordPress Plugin Form Maker 1.12.24 - SQL Injection

Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update released The easiest way to reproduce the SQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/07 12:0 a.m.•32 views

WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection

Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way to reproduce the SQL injection...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/07 12:0 a.m.•33 views

Ftp Server 1.32 - Credential Disclosure

Exploit Title: Ftp Server 1.32 - Credential Disclosure Date: 2018-05-29 Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobile Apps Tested on: Android 4.4 Descriptio...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/07 12:0 a.m.•44 views

Monstra CMS < 3.0.4 - Cross-Site Scripting (1)

Title: Monstra CMS www.target.com' url = input'Target : ' print' Required admin's PHPSESSID.' PHPSESSID = input'PHPSESSID : ' pagename = input'Pagename : ' script = input'Script : ' target = 'http://' + url + '/admin/index.php?id=pages&action=addpage' cookie = 'PHPSESSID':PHPSESSID data =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/06 12:0 a.m.•78 views

Canon MF210/MF220 - Authenticaton Bypass

Canon MF210/MF220 - Authenticaton Bypass. CVE-2018-11711. Webapps exploit for Hardware platform Exploit Title: Incorrect Access Control in Canon MF210 & MF220 Series Date: 4.6.2018 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Software Link: Website Version: MF210 & MF20 Series...

10CVSS9.7AI score0.05262EPSS
Exploits3
Exploit DB
Exploit DB
•added 2018/06/06 12:0 a.m.•931 views

Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass

Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass. CVE-2018-11692. Webapps exploit for Hardware platform Exploit Title: Incorrect Access Control in Canon LBP6650, LBP3370, LBP3460, LBP7750C Date: 3.6.2018 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Software Link:...

10CVSS9.7AI score0.04574EPSS
Exploits4
Exploit DB
Exploit DB
•added 2018/06/06 12:0 a.m.•39 views

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver

/ nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro forks a child which give the nvAccelerator a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/06 12:0 a.m.•35 views

Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist

/ getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: / Allocate a target buffer for attribute results. Note that since we won't ever copy out more than the caller...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/06 12:0 a.m.•212 views

PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow

Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if tmplinetmplinelen - 1 == '\n' --tmplinelen; if...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/06 12:0 a.m.•48 views

XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP

mptcpusrconnectx is the handler for the connectx syscall for the APMULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AFINET or AFINET6: // verify salen for AFINET: if dst-safamily == AFINET && dst-salen !=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•43 views

10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafelx Date: 2018-06-05 Vendor Homepage: https://www.10-strike.com/ Vulnerable Software:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•36 views

10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)

Exploit Title : 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - ihack4falafel Vendor Homepage : https://www.10-strike.com/ Vulnerable Software: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe Tested on : Windows ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•64 views

WebKitGTK+ < 2.21.3 - Crash (PoC)

Title: WebKitGTK+ win = window.open"sleeponesecond.php", "WIN"; window.open"https://www.paypal.com", "WIN"; win.document.execCommand'Stop'; win.document.write"Spoofed URL"; win.document.close; Backtrace using fedora 27: 0 WTF::StringImpl::rawHash at...

7.5CVSS8.2AI score0.69016EPSS
Exploits10
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•53 views

MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting

Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting Date: 6/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=842 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-11715 1. Description: Creates a page...

5.4CVSS5.8AI score0.01683EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•60 views

Clone2GO Video converter 2.8.2 - Buffer Overflow

!/usr/bin/python ---------------------------------------------------------------------------------------------------------------------- Exploit Title : Clone 2 GO Video converter 2.8.2 Unicode Buffer Overflow Remote Code Execution Exploit Author : Gokul Babu Organisation : Arridae Infosec P.V Ltd...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•26 views

Pagekit < 1.0.13 - Cross-Site Scripting Code Generator

Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/ |||/ / || Author : DEEPIN2Junseo Lee''' print' enter...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•132 views

WebKit - not_number defineProperties UAF (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF vulnerability in WebKit's JavaScriptCore library. , 'Licens...

7.1CVSS7AI score0.33353EPSS
Exploits7
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•66 views

Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption

ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode which normally contains a list of blocks instead,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•39 views

Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)

Exploit Title : Jenkins mailer plugin \ '+table'covermessage'+'' s = smtplib.SMTPtable'smtpserver' s.starttls s.logintable'lid', table'lpw' s.sendmailmsg'From', msg'To', msg.asstring def urlset : url = strinput"Jenkins Server's UR...

8CVSS8.1AI score0.06773EPSS
Exploits5
Exploit DB
Exploit DB
•added 2018/06/05 12:0 a.m.•24 views

10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Scanner 3.0 - Local Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafel Date: 2018-06-05 Vendor Homepage: https://www.10-strike.com/ Vulnerable Software: https://www.10-strike.com/network-scanner/network-scanner.exe Tested on: Windows XP Professional ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2018/06/04 12:0 a.m.•71 views

Brother HL Series Printers 1.15 - Cross-Site Scripting

Exploit Title: XSS at Brother HL series printers Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: Brother HL series printers. Tested on: Mozilla FireFox Reflected XSS Payload : "--!" Description : Starting searching for printers...

7AI score
Exploits0
Total number of security vulnerabilities47904