Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/06/04 12:0 a.m.50 views

CyberArk < 10 - Memory Disclosure

Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10...

5.3CVSS5.4AI score0.14116EPSS
Exploits12
Exploit DB
Exploit DB
added 2018/06/04 12:0 a.m.71 views

Brother HL Series Printers 1.15 - Cross-Site Scripting

Exploit Title: XSS at Brother HL series printers Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: Brother HL series printers. Tested on: Mozilla FireFox Reflected XSS Payload : "--!" Description : Starting searching for printers...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/04 12:0 a.m.33 views

EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting

Exploit Title: EMS Master Calendar alert'XSS'xyz...

6.1CVSS6.5AI score0.03474EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/04 12:0 a.m.50 views

Zip-n-Go 4.9 - Buffer Overflow (SEH)

!/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : http://mc1soft.com/index.shtml Vulnerable Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/04 12:0 a.m.57 views

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via Slui File Handler Hijack', 'Description' =...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/03 12:0 a.m.86 views

Smartshop 1 - 'id' SQL Injection

Exploit Title: Smartshop 1 - SQL Injection Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version: 1 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/03 12:0 a.m.85 views

GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)

Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11671 An issue was discovered in GreenCMS v2.3.0603...

8.8CVSS8.8AI score0.02513EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/03 12:0 a.m.85 views

GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution

Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue was discovered in GreenCMS v2.3.0603...

8.8CVSS8.8AI score0.02513EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/06/03 12:0 a.m.71 views

Smartshop 1 - Cross-Site Request Forgery

Exploit Title: Smartshop 1 - Cross site request forgery Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/01 12:0 a.m.136 views

Git < 2.17.1 - Remote Code Execution

Git Vendor Homepage: https://github.com/git/git CVE: CVE-2018-11235 Version: =2.17.1 Tested on Kali Linux P0C: Create two files: pwned.sh: the file which will contain our commands to be executed commit.sh the fole which contain a normal build with a bit of calls to our pwned.sh file add the...

7.8CVSS8.2AI score0.49188EPSS
Exploits10
Exploit DB
Exploit DB
added 2018/06/01 12:0 a.m.43 views

Epiphany 3.28.2.1 - Denial of Service

Summary: ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call, CVE-2018-11396 was assigned to this...

7.5CVSS7.7AI score0.01494EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.35 views

Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion

/ function optw, arr arr0 = 1.1; let res = w.event; arr0 = 2.3023e-320; return res; let arr = 1.1; for let i = 0; i ::EntrySimpleObjectSlotGetter 00007fffd5cf3d50 // w.event 000001a880001235 48ffd0 call rax 000001a880001238 488b8e30bdf0ff mov rcx,qword ptr rsi-0F42D0h 000001a88000123f f2480f10415...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.62 views

TAC Xenta 511/911 - Directory Traversal

Exploit Title: TAC Xenta 511 and 911 Credentials Disclosure Date: 25.05.2018 Exploit Author: Marek Cybul Vendor Homepage: https://download.schneider-electric.com/files?pFileName=TACXenta911SDS-XENTA911.pdf Version: 5.17 Schneider Electric TAC Xenta 911 and 511 PLCs Directory traversal in help...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.47 views

Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)

Linux/ARM - Egghunter + /bin/sh Shellcode 32 bytes. Shellcode exploit for ARM platform / Linux/ARM Raspberry Pi - Egghunter + /bin/sh Shellcode 32 bytes ------------------------------ // If your shellcode in higer address, use following egghunter. pi@raspberrypi: $ cat egghunter-higher.s .section...

Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.98 views

Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)

Linux/x86 - Bind 4444/TCP Shell Shellcode 105 bytes. Shellcode exploit for Linuxx86 platform / ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.53 views

Linux/x86 - EggHunter + access() Shellcode (38 bytes)

Linux/x86 - EggHunter + access Shellcode 38 bytes. Shellcode exploit for Linuxx86 platform / ; Filename: egghunter.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Blog post: https://codiceinsicuro.it/slae/ ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: This is the first stage...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.37 views

Grid Pro Big Data 1.0 - SQL Injection

Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.39 views

CSV Import &amp; Export 1.1.0 - SQL Injection / Cross-Site Scripting

Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Tested on: Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.44 views

PHP Dashboards NEW 5.5 - &#039;email&#039; SQL Injection

Exploit Title: PHP Dashboards NEW v5.5 - 'Login' SQL Injection Dork: N/A Date: 31.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: 5.5 Category: Webapps Tested on: Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/31 12:0 a.m.46 views

New STAR 2.1 - SQL Injection / Cross-Site Scripting

Exploit Title: New STAR 2.1 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/new-star-listen-youtube-music/7486113 Version: 2.1 Category: Webapps Tested on: Kali Linux Descripti...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.50 views

SearchBlox 8.6.6 - Cross-Site Request Forgery

Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windows CVE: CVE-2018-11538 1. DETAILS Using...

8.8CVSS8.8AI score0.12879EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.159 views

Procps-ng - Multiple Vulnerabilities

Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege...

9.8CVSS7AI score0.09081EPSS
Exploits11
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.95 views

Siemens SIMATIC S7-300 CPU - Remote Denial of Service

Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions. Tested on: Kali Linux CVE: CVE-2015-2177...

7.8CVSS6.5AI score0.34439EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.41 views

Yosoro 1.0.4 - Remote Code Execution

Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...

6.1CVSS6.3AI score0.04298EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.64 views

MachForm &lt; 4.2.3 - SQL Injection / Path Traversal / Upload Bypass

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...

9.8CVSS7.3AI score0.14764EPSS
Exploits7
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.67 views

Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...

9.8CVSS9.4AI score0.71242EPSS
Exploits10
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.46 views

MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting

Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-11532 1...

6.1CVSS6.3AI score0.02444EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.51 views

GNU Barcode 0.99 - Memory Leak

GNU Barcode 0.99 - Memory Leak Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Affected version: 0.99 Tested on: Ubuntu 16.04.4 Author: Gjoko 'LiquidWorm' Krstic Summary: GNU Barcode is a tool ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.53 views

NUUO NVRmini2 / NVRsolo - Arbitrary File Upload

Exploit Title: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Google Dork: intitle:NUUO Network Video Recorder Login Date: 2018-05-20 Exploit Author: M3@Pandas Vendor Homepage: http://www.nuuo.com Software Link: N/A Version: all Tested on: PHP Linux CVE : CVE-2018-11523...

9.8CVSS9.6AI score0.09926EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.48 views

Sitemakin SLAC 1.0 - &#039;my_item_search&#039; SQL Injection

Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...

9.8CVSS9.7AI score0.0328EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.224 views

Pivotal Spring Java Framework < 5.0 - Remote Code Execution

Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...

9.8CVSS0.4AI score0.77245EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.42 views

GNU Barcode 0.99 - Buffer Overflow

GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected version: 0.99 Summary: GNU Barcode is a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.35 views

Facebook Clone Script 1.0.5 - Cross-Site Request Forgery

Exploit Title: Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 Description : Facebook Clone Script 1.0.5 has csrf vulnerability which attacker ca...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.49 views

Facebook Clone Script 1.0.5 - &#039;search&#039; SQL Injection

Exploit Title: Facebook Clone Script 1.0.5 - 'search' SQL Injection Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 POC : SQLi : Parameter : search Type : Union based Payload : 1' UNION SELECT...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.65 views

IssueTrak 7.0 - SQL Injection

================ Exploit Title: SQL Injection Vulnerability in Issue Trak = 7.0 Possibly applicable up to version 9.7 Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; = 7.0 extremely likely; up to 9.7 very likely Google Dork: inurl:"IssueTrak" inurl:"asp" Discovered...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.42 views

Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)

Linux/x86 - Bind 5555/TCP Shell Shellcode 98 bytes. Shellcode exploit for Linuxx86 platform include include / ; Bind TCP Shellcode ; Copyright 2018, Luca Di Domenico ; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.48 views

Joomla! Component Full Social 1.1.0 - &#039;search_query&#039; SQL Injection

Exploit Title: Joomla! extension Full Social 1.1.0 - 'searchquery' SQL Injection Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extension/full-social/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 1.1.0 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.28 views

Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery

Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/joomocshop/ Vendor Homepage:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.42 views

WordPress Plugin Events Calendar - SQL Injection

Exploit Title: Wordpress Plugin Events Calendar - SQL Injection Dork: N/A Date: 2018-05-27 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-events-calendar-plugin/5025660 Version: 1.0 Category: Webapps Tested on: Kali linux Description : An...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.3576 views

TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass

Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.50 views

DomainMod 4.09.03 - &#039;sslpaid&#039; Cross-Site Scripting

Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod...

6.1CVSS6.3AI score0.02343EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.48 views

CloudMe Sync &lt; 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)

Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflow with DEP Bypass + CloudMe Target IP 192.168.12.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.35 views

Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)

log"--- trying kernel exploit --"; function mallocsz var backing = new Uint8Array0x10000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x10000+sz4; window.nogc.pushbacking; var ptr =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.56 views

Sony Playstation 4 (PS4) 5.07 - &#039;Jailbreak&#039; WebKit / &#039;bpf v2&#039; Kernel Loader

PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contai...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.62 views

Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery

Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/jcart-for-opencart/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.27 views

ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)

Exploit Title: ALFTP 5.31 - Local Buffer Overflow SEH Bypass Exploit Author: Gokul Babu Vendor Homepage: http://www.altools.com/downloads/alftp.aspx Vulnerable Software: http://advert.estsoft.com/?event=201001127730323 Tested on: Windows XP Professional SP3 -Version-2002 Steps to reproduce-1: eip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.53 views

DomainMod 4.09.03 - &#039;oid&#039; Cross-Site Scripting

Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.0...

5.4CVSS5.6AI score0.01796EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.48 views

wityCMS 0.6.1 - Cross-Site Scripting

Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...

4.8CVSS5.1AI score0.02178EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/27 12:0 a.m.73 views

Werewolf Online 0.8.8 - Information Disclosure

Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link: https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details Exploit Author: ManhNho Version...

7.5CVSS7.6AI score0.09161EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/27 12:0 a.m.58 views

Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dork : Use You Mind :D Email : [email protected] Video :...

7.4AI score
Exploits0
Total number of security vulnerabilities47904