Exploitdb - Page 148 of Exploitdb Vulnerabilities List | Vulners.com

ExploitdbRecent

Recent Most viewed

47885 matches found

Exploit DB•added 2018/05/22 12:0 a.m.•49 views

ERPnext 11 - Cross-Site Scripting

Exploit Title: ERPnext 11.x.x - Cross-Site Scripting Date: 2018-05-10 Exploit Author: Veerababu Penugonda Vendor Homepage: https://erpnext.com/ Software Link: https://demo.erpnext.com/ Version: Frappe ERPNext v11.x.x-develop Tested on: Mozilla Firefox quantum 60.1 , Ubuntu OS CVE : CVE-2018-11339...

6.1CVSS6.3AI score0.05584EPSS

Exploit DB•added 2018/05/22 12:0 a.m.•26 views

Zechat 1.5 - SQL Injection / Cross-Site Request Forgery

Exploit Title: Zechat 1.5 - 'hashtag' / 'v' SQL Injection / Cross site request forgery Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://bylancer.com Version: 1.5 Tested on: Kali linux...

Exploit DB•added 2018/05/22 12:0 a.m.•24 views

Feedy RSS News Ticker 2.0 - 'cat' SQL Injection

Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Kali linux PoC: SQLi: Parameter: cat Type:...

Exploit DB•added 2018/05/22 12:0 a.m.•22 views

NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps...

Exploit DB•added 2018/05/22 12:0 a.m.•57 views

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service

Exploit Title: Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1500 CPU all versions before V1.6 Tested on: Kali Linux CVE:...

7.1CVSS6.5AI score0.12884EPSS

Exploit DB•added 2018/05/22 12:0 a.m.•85 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family Versions: V2.X and V3.X. Tested on: Kali Linux CVE:...

4.3CVSS6.5AI score0.6804EPSS

Exploit DB•added 2018/05/22 12:0 a.m.•26 views

WebSocket Live Chat - Cross-Site Scripting

Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click setting icon and go to profile 2 Put this...

Exploit DB•added 2018/05/22 12:0 a.m.•134 views

Microsoft Windows - 'POP/MOV SS' Privilege Escalation

Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain hypervisors like VMWare, which discard the pending DB...

7.8CVSS7.3AI score0.24723EPSS

Exploit DB•added 2018/05/22 12:0 a.m.•457 views

Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET chocoboroot Privilege Escalation', 'Description' = %q This module exploits a race condition and use-after-free in the packetsetring...

7.8CVSS8.3AI score0.4799EPSS

Exploit DB•added 2018/05/22 12:0 a.m.•31 views

NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps...

Exploit DB•added 2018/05/22 12:0 a.m.•46 views

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

Exploit DB•added 2018/05/22 12:0 a.m.•24 views

Microsoft Edge Chakra JIT - Magic Value Type Confusion

/ BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex, JavascriptNumber::ToVarNoCheckdValue, GetScriptContext; return...

Exploit DB•added 2018/05/22 12:0 a.m.•18 views

iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/isocial-social-network-platform/21164041?srank=2 Version: 1.2.0 Tested on: Kali linux POC 1 : Cross-Site scripting: ...

Exploit DB•added 2018/05/22 12:0 a.m.•27 views

Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read

Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh -F /etc/passwd 127.0.0.1" exited...

Exploit DB•added 2018/05/22 12:0 a.m.•40 views

Nordex N149/4.0-4.5 - SQL Injection

Exploit Title: Nordex N149/4.0-4.5 Wind Turbine Web Server - SQL Injection Date: 21-05-2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.nordex-online.com Tested on: Windows Version: N149/4.0-4.5 Wind Turbine Category: webapps --- Proof Of Concept -------- Request POST /php/login.php...

Exploit DB•added 2018/05/22 12:0 a.m.•31 views

MakeMyTrip 7.2.4 - Information Disclosure

Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Date: 2018-05-21 Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on: Android v5.1 1. Description Android...

6.5CVSS6.6AI score0.04084EPSS

Exploit DB•added 2018/05/21 12:0 a.m.•36 views

R 3.4.4 - Local Buffer Overflow (DEP Bypass)

Exploit Title: R v3.4.4 - Local Buffer Overflow DEP Bypass Exploit Author: Hashim Jawad Exploit Date: 2018-05-21 Vendor Homepage: https://www.r-project.org/ Vulnerable Software: https://www.exploit-db.com/apps/a642a3de7b5c2602180e73f4c04b4fbd-R-3.4.4-win.exe Tested on OS: Microsoft Windows 7...

Exploit DB•added 2018/05/21 12:0 a.m.•20 views

Private Message PHP Script 2.0 - Cross-Site Scripting

Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows Description : Private Message PHP Script...

Exploit DB•added 2018/05/21 12:0 a.m.•30 views

Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities

Exploit Title: Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin panel Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

Exploit DB•added 2018/05/21 12:0 a.m.•73 views

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - Persistent cross site scripting Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?srank=1327 Version: 1.5 Tested on: Windows POC : 1...

Exploit DB•added 2018/05/21 12:0 a.m.•40 views

Teradek Cube 7.3.6 - Cross-Site Request Forgery

input type="submit"...

Exploit DB•added 2018/05/21 12:0 a.m.•40 views

Teradek Slice 7.3.15 - Cross-Site Request Forgery

...

Exploit DB•added 2018/05/21 12:0 a.m.•35 views

ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting

Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on: Windows CVE: CVE-2018-9163 1. DETAI...

5.4CVSS5.5AI score0.02437EPSS

Exploit DB•added 2018/05/21 12:0 a.m.•65 views

Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the rdspagecopyuser function in...

7.8CVSS8AI score0.02218EPSS

Exploit DB•added 2018/05/21 12:0 a.m.•24 views

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery

input type="hidden" name="pw2" value="P@ss...

Exploit DB•added 2018/05/21 12:0 a.m.•30 views

Superfood 1.0 - Multiple Vulnerabilities

Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

Exploit DB•added 2018/05/21 12:0 a.m.•29 views

Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities

Exploit Title: Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

Exploit DB•added 2018/05/21 12:0 a.m.•52 views

Schneider Electric PLCs - Cross-Site Request Forgery

Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC: 140NOE77111, 140NOE77101, 140NWM10000 Modicon M340 PLC...

6.8CVSS6.5AI score0.00365EPSS

Exploit DB•added 2018/05/21 12:0 a.m.•83 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery

Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-21 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family: All versions prior to V4.1.3 Tested on: Kali Linu...

Exploit DB•added 2018/05/21 12:0 a.m.•36 views

Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery

Teradek VidiU Pro 3.0.3 SSRF Vulnerability Vendor: Teradek, LLC Product web page: https://www.teradek.com Affected version: VidiU, VidiU Mini, VidiU Pro 3.0.3r32136 3.0.2r31225 2.4.10 Summary: The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web...

Exploit DB•added 2018/05/21 12:0 a.m.•21 views

Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent cross site scripting / Cross site request forgery Date: 2018-05-20 Dork: N/A Exploit Author: borna nematzadeh L0RD Vendor Homepage: https://www.codegrape.com/item/flippy-damnfacts-viral-fun-facts-sharing-script/36...

Exploit DB•added 2018/05/21 12:0 a.m.•39 views

GitBucket 4.23.1 - Remote Code Execution

Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description Abusing weak secret token and...

Exploit DB•added 2018/05/21 12:0 a.m.•186 views

Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution

Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557 lIlIIl=Unescape"%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uffff%u7fff%u0000%u0000"...

Exploit DB•added 2018/05/21 12:0 a.m.•28 views

Merge PACS 7.0 - Cross-Site Request Forgery

Exploit Title: Merge PACS 7.0 - Cross-Site Request Forgery Google Dork: - Date: 2018-05-21 Exploit Author: Safak Aslan Vendor Homepage: http://www.merge.com/ Version: Merge PACS 7.0 Tested on: Windows CVE: - 1. Proof of Concept history.pushState'', '', '/' Post Data: POST...

Exploit DB•added 2018/05/21 12:0 a.m.•32 views

Zenar Content Management System - Cross-Site Scripting

Exploit Title: Zenar Content Management System - Cross-Site Scripting Software Link: https://zenar.io/ Dork: N/A Author: Berk Dusunur Tested Website: http://demo.zenar.io Date: 2018-05-20 Category: Web App PoC GET Request: POST /zenario/ajax.php?methodcall=refreshPlugin&inIframe=true HTTP/1.1 Hos...

Exploit DB•added 2018/05/20 12:0 a.m.•51 views

mySCADA myPRO 7 - Hard-Coded Credentials

mySCADA myPRO 7 - Hard-Coded Credentials. CVE-2018-11311. Remote exploit for Multiple platform Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Date: 2018-05-19 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link:...

9.1CVSS9.5AI score0.36287EPSS

Exploit DB•added 2018/05/20 12:0 a.m.•37 views

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)

!/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflow Date: 2018-05-19 Author: Juan Prescotto Tested Against: Win7 Pro SP1...

Exploit DB•added 2018/05/20 12:0 a.m.•67 views

D-Link DSL-3782 - Authentication Bypass

Exploit Title: D-Link DSL 3782 - Authentication Bypass Vendor Homepage: https://eu.dlink.com Version: A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-8898 Date: 20/05/2018 Description The web panel ...

9.8CVSS9.6AI score0.17028EPSS

Exploit DB•added 2018/05/20 12:0 a.m.•44 views

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Date: 2018-05-18 Exploit Author: Sina Kheirkhah || [email protected] Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Vendor...

Exploit DB•added 2018/05/18 12:0 a.m.•27 views

SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion

Title: SAP B2B / B2C CRM 2.x 4.x - Local File Inclusion Application:SAP B2B OR B2C is CRM Versions Affected: SAP B2B OR B2C is CRM 2.x 3.x and 4.x with Bakend R/3 to icssb2b Vendor URL: http://SAP.com Bugs: SAP LFI in B2B OR B2C CRM Sent: 2018-05-03 Reported: 2018-05-03 Date of Public Advisory:...

Exploit DB•added 2018/05/18 12:0 a.m.•178 views

Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a heap-out-of-bounds write in the packetsetring function in...

7.8CVSS8.1AI score0.87EPSS

Exploit DB•added 2018/05/18 12:0 a.m.•45 views

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

/ Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instaed of the control flow. This may lead to incorrectly remove the bound checks. In the following code, currentBlock's block number is 4...

Exploit DB•added 2018/05/18 12:0 a.m.•30 views

Prime95 29.4b8 - Stack Buffer Overflow (SEH)

Exploit Title: Prime95 Local Buffer Overflow SEH Date: 13-4-2018 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: https://www.mersenne.org/ Software Link: https://www.mersenne.org/download/download Version: 29.4b8 Tested on: Windows 10 Pro x64 SPANISH Windows 7 Ho...

Exploit DB•added 2018/05/18 12:0 a.m.•71 views

HPE iMC 7.3 - Remote Code Execution (Metasploit)

Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: http://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535 Versio...

9CVSS8.1AI score0.47184EPSS

Exploit DB•added 2018/05/18 12:0 a.m.•18 views

Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting Date: 2018-05-17 Exploit Author: Berk Dusunur Vendor Homepage: https://monstra.org Software Link: https://monstra.org Version: before 3.0.4 Tested on: Pardus / Win10 AppServer Proof Of Concept Monstra is a modern and lightweight Content...

Exploit DB•added 2018/05/18 12:0 a.m.•20 views

Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/healwire-online-pharmacy/16423338?srank=1499 Version: 3.0 Tested on: windows POC 1 : Cross site scripting :...

Exploit DB•added 2018/05/18 12:0 a.m.•37 views

SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure

Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Sent: 2016-12-15 Reported: 2016-12-15 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 23445...

Exploit DB•added 2018/05/18 12:0 a.m.•32 views

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

Exploit Title: Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Date: 2018-05-18 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/classifieds-multipurpose-portal-infinity-market/16572285?srank=1520 Version: 1.6.2 Tested on: Kali linux Description : CSRF...

Exploit DB•added 2018/05/18 12:0 a.m.•35 views

Cisco SA520W Security Appliance - Path Traversal

Title: Cisco SA520W Security Appliance - Path Traversal Author: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.cisco.com/ About Product: =============== Cisco SA 500 Series Security Appliances are designed for businesses with few...

Exploit DB•added 2018/05/18 12:0 a.m.•126 views

DynoRoot DHCP Client - Command Injection

Exploit Title: DynoRoot DHCP - Client Command Injection Date: 2018-05-18 Exploit Author: Kevin Kirsche Exploit Repository: https://github.com/kkirsche/CVE-2018-1111 Exploit Discoverer: Felix Wilhelm Vendor Homepage: https://www.redhat.com/ Version: RHEL 6.x / 7.x and CentOS 6.x/7.x Tested on:...

7.9CVSS7.9AI score0.88233EPSS

Total number of security vulnerabilities47885