Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.29 views

PHP Dashboards 4.5 - 'email' SQL Injection

Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5 Category: Webapps Tested on: Kali linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.25 views

FTPShell Server 6.80 - Denial of Service

Exploit Title: FTPShell Server 6.80 - Local Denial of Service Exploit Author: Hashim Jawad Date: 2018-05-23 Vendor Homepage: http://www.ftpshell.com/ Vulnerable Software: http://www.ftpshell.com/downloadserver.htm Tested on: Windows 7 Enterprise - SP1 x86 Steps to reproduce: under FTP user accoun...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.40 views

SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change

Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Shodan Dork: SDT-CW3B1 Date: 2018-05-23 Exploit Author: Safak Aslan Vendor Homepage: http://telesquare.co.kr/ Version: SKT CW3B1 sw version 1.2.0 Tested on: Windows CVE: - Class: Unauthorized Admin Credential Change...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.27 views

Mcard Mobile Card Selling Platform 1 - SQL Injection

Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC 1 : Attacker can bypass admin panel...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.51 views

WordPress Plugin Peugeot Music - Arbitrary File Upload

Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ Date: 2018-05-23 Exploit Author: Mr.7z Vendor Homepage: - Software Link: - Version: 1.0 Tested on: Windows 10 64bit Home Edition Exploit:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.29 views

Honeywell Scada System - Information Disclosure

Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.54 views

PHP Dashboards 4.5 - SQL Injection

Exploit Title: PHP Dashboards 4.5 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: v4.5 Category: Webapps Tested on: Kali linux Description: PHP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.23 views

Mobile Card Selling Platform 1 - Cross-Site Request Forgery

Exploit Title: Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC : CSRF POC document.forms0.submit;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.20 views

MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 -...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.35 views

MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 - seventh...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.29 views

MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.28 views

MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection

Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 - seventh update Category...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.22 views

EasyService Billing 1.0 - 'p1' SQL Injection

Exploit Title: EasyService Billing 1.0 - 'customer-new-s.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.27 views

EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting

Exploit Title: EasyService Billing 1.0 - 'template.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.37 views

MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-smart-reports-online-report-generator-with-existing-data/16836503 Version: 1.0 Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.88 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family Versions: V2.X and V3.X. Tested on: Kali Linux CVE:...

4.3CVSS6.5AI score0.2095EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.43 views

Nordex N149/4.0-4.5 - SQL Injection

Exploit Title: Nordex N149/4.0-4.5 Wind Turbine Web Server - SQL Injection Date: 21-05-2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.nordex-online.com Tested on: Windows Version: N149/4.0-4.5 Wind Turbine Category: webapps --- Proof Of Concept -------- Request POST /php/login.php...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.50 views

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.31 views

Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read

Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh -F /etc/passwd 127.0.0.1" exited...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.41 views

Zechat 1.5 - SQL Injection / Cross-Site Request Forgery

Exploit Title: Zechat 1.5 - 'hashtag' / 'v' SQL Injection / Cross site request forgery Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://bylancer.com Version: 1.5 Tested on: Kali linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.71 views

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass

/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.52 views

ERPnext 11 - Cross-Site Scripting

Exploit Title: ERPnext 11.x.x - Cross-Site Scripting Date: 2018-05-10 Exploit Author: Veerababu Penugonda Vendor Homepage: https://erpnext.com/ Software Link: https://demo.erpnext.com/ Version: Frappe ERPNext v11.x.x-develop Tested on: Mozilla Firefox quantum 60.1 , Ubuntu OS CVE : CVE-2018-11339...

6.1CVSS6.3AI score0.03975EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.25 views

Microsoft Edge Chakra JIT - Magic Value Type Confusion

/ BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex, JavascriptNumber::ToVarNoCheckdValue, GetScriptContext; return...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.33 views

MakeMyTrip 7.2.4 - Information Disclosure

Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Date: 2018-05-21 Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on: Android v5.1 1. Description Android...

6.5CVSS6.6AI score0.04133EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.28 views

WebSocket Live Chat - Cross-Site Scripting

Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click setting icon and go to profile 2 Put this...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.33 views

NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.27 views

Feedy RSS News Ticker 2.0 - 'cat' SQL Injection

Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Kali linux PoC: SQLi: Parameter: cat Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.16 views

Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting

Exploit Title: Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Version: 1.4 / fourth update Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.27 views

Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting

Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.138 views

Microsoft Windows - 'POP/MOV SS' Privilege Escalation

Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain hypervisors like VMWare, which discard the pending DB...

7.8CVSS7.3AI score0.18696EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.537 views

Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET chocoboroot Privilege Escalation', 'Description' = %q This module exploits a race condition and use-after-free in the packetsetring...

7.8CVSS8.3AI score0.11127EPSS
Exploits16
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.21 views

iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/isocial-social-network-platform/21164041?srank=2 Version: 1.2.0 Tested on: Kali linux POC 1 : Cross-Site scripting: ...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.33 views

NewsBee CMS 1.4 - 'download.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.24 views

NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.61 views

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service

Exploit Title: Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1500 CPU all versions before V1.6 Tested on: Kali Linux CVE:...

7.1CVSS6.5AI score0.09696EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.67 views

Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the rdspagecopyuser function in...

7.8CVSS8AI score0.11217EPSS
Exploits16
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.86 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery

Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-21 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family: All versions prior to V4.1.3 Tested on: Kali Linu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.75 views

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - Persistent cross site scripting Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?srank=1327 Version: 1.5 Tested on: Windows POC : 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.31 views

Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities

Exploit Title: Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.57 views

Schneider Electric PLCs - Cross-Site Request Forgery

Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC: 140NOE77111, 140NOE77101, 140NWM10000 Modicon M340 PLC...

6.8CVSS6.5AI score0.0596EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.42 views

Teradek Slice 7.3.15 - Cross-Site Request Forgery

...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.37 views

R 3.4.4 - Local Buffer Overflow (DEP Bypass)

Exploit Title: R v3.4.4 - Local Buffer Overflow DEP Bypass Exploit Author: Hashim Jawad Exploit Date: 2018-05-21 Vendor Homepage: https://www.r-project.org/ Vulnerable Software: https://www.exploit-db.com/apps/a642a3de7b5c2602180e73f4c04b4fbd-R-3.4.4-win.exe Tested on OS: Microsoft Windows 7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.26 views

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery

input type="hidden" name="pw2" value="P@ss...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.41 views

Teradek Cube 7.3.6 - Cross-Site Request Forgery

input type="submit"...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.38 views

Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery

Teradek VidiU Pro 3.0.3 SSRF Vulnerability Vendor: Teradek, LLC Product web page: https://www.teradek.com Affected version: VidiU, VidiU Mini, VidiU Pro 3.0.3r32136 3.0.2r31225 2.4.10 Summary: The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.33 views

Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities

Exploit Title: Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin panel Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.31 views

Merge PACS 7.0 - Cross-Site Request Forgery

Exploit Title: Merge PACS 7.0 - Cross-Site Request Forgery Google Dork: - Date: 2018-05-21 Exploit Author: Safak Aslan Vendor Homepage: http://www.merge.com/ Version: Merge PACS 7.0 Tested on: Windows CVE: - 1. Proof of Concept history.pushState'', '', '/' Post Data: POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.41 views

GitBucket 4.23.1 - Remote Code Execution

Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description Abusing weak secret token and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.39 views

ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting

Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on: Windows CVE: CVE-2018-9163 1. DETAI...

5.4CVSS5.5AI score0.04994EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.23 views

Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent cross site scripting / Cross site request forgery Date: 2018-05-20 Dork: N/A Exploit Author: borna nematzadeh L0RD Vendor Homepage: https://www.codegrape.com/item/flippy-damnfacts-viral-fun-facts-sharing-script/36...

7AI score
Exploits0
Total number of security vulnerabilities47904