Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.24 views

Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

Linux/x86 - Read /etc/passwd Shellcode 62 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Linux/x86 - Read /etc/passwd Shellcode 62 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-polymorphing-shellcodes/ ; Twitter :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.65 views

Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery

Exploit Title: Fastweb FASTgate 0.00.47 CSRF Date: 09-05-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ Version: 0.00.47 CVE: CVE-2018-6023 I DESCRIPTION...

8.8CVSS8.8AI score0.02385EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.41 views

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu 17.10 CVE: CVE-2018-10580 1...

5.4CVSS5.5AI score0.01643EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.63 views

Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...

9CVSS6.7AI score0.67453EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.53 views

ModbusPal 1.6b - XML External Entity Injection

Exploit Title: ModbusPal XXE Injection + Date: 05-08-2018 + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Tested on: Ubuntu 16.04 with Java 1.8.0151...

5.5CVSS5.5AI score0.06018EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/10 12:0 a.m.78 views

Dell Touchpad - 'ApMsgFwd.exe' Denial of Service

/ Title: Dell Touchpad - ApMsgFwd.exe Denial Of Service Author: Souhail Hammou Vendor Homepage: https://www.alps.com/ Tested on : Alps Pointing-device Driver 10.1.101.207 CVE: CVE-2018-10828 / include include include / Details: ========== ApMsgFwd.exe belonging to Dell Touchpad, ALPS Touchpad...

5.5CVSS5.5AI score0.01396EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/05/09 12:0 a.m.30 views

Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)

Linux/x86 - Bind 9443/TCP Shell + fork + Null-Free Shellcode 113 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux x86 TCP Bind Shell + fork - 113 bytes NULL Free Author: Amine Kanane Student-ID: SLAE - 1203 Desc: Listen for a connection on Local Port 9443 and spawn a command shell Th...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/09 12:0 a.m.42 views

Microsoft Windows FxCop 10/12 - XML External Entity Injection

Exploit Title: Microsoft Windows FxCop 10/12 - XML External Entity Injection Date: 2018-03-15 Exploit Author: Debashis Pal Vendor Homepage: www.microsoft.com Version: Microsoft Windows "FxCop" v10-12 CVE : N/A Greetz: indoushka|Eduardo|Dirty0tis Security Issue: ================ FxCop is vulnerabl...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/09 12:0 a.m.26 views

Allok Video Splitter 3.1.12.17 - Denial of Service

Exploit Title: Allok Video Splitter 3.1.1217 Date: 2018-05-09 Exploit Author: Achilles Vendor Homepage: http://www.alloksoft.com/ Vulnerable Software: http://www.alloksoft.com/allokvsplitter.exe Tested on OS: Windows 7 64-bit DE Steps to reproduce: Copy the contents of the file Evil.txt and paste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/08 12:0 a.m.153 views

PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution', 'Description' = %q This module exploits a code injection vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/08 12:0 a.m.65 views

PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS import.php Authenticated CSV File Upload Code Execution', 'Description' = %q This module exploits an authenticated file upload remote cod...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/08 12:0 a.m.80 views

Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks readSessionVarsFromFile Session Corruption', 'Description' = %q This module exploits a chain of vulnerabilities in Palo Alto...

9.8CVSS7.4AI score0.9834EPSS
Exploits13
Exploit DB
Exploit DB
added 2018/05/08 12:0 a.m.60 views

FTPShell Client 6.7 - Buffer Overflow

-- coding: utf-8 -- Exploit Title: FTPShell Client 6.7 - Remote Buffer Overflow Date: 2018-01-03 Exploit Author: Sebastián Castro @r4wd3r Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/download.htm Version: 6.7 Tested on: Windows Server 2008 R2 x64,...

10CVSS9.6AI score0.69692EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/05/08 12:0 a.m.41 views

2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service

/ Exploit Title: 2345 Security Guard 3.7 - Denial of Service Date: 2018-05-08 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 Tested on: Windows 7 x86 CVE : CVE-2018-10809 BSOD caused of...

7.8CVSS7.7AI score0.01135EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.35 views

Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)

Linux/x86 - execve/bin/sh + NOT Encoded Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with NOT ; Date : May, 2018 ; Author : Nuno Freitas ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 27 bytes ; Tested on : i686 GNU/Linux section...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.49 views

GNU wget - Cookie Injection

GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to th...

6.5CVSS7AI score0.1704EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.68 views

DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH)

Exploit Title: DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow SEH Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://www.devicelock.com/freeware.html/ Version: 5.72 CVE : CVE-2018-10655 Security Issue: DeviceLock Plug and Play Auditor "DLPnpAuditor.exe" is...

7.8CVSS7.7AI score0.15551EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.20 views

HWiNFO 5.82-3410 - Denial of Service

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: HWiNFO 5.82-3410 - Denial of Service Date: 05-04-18 Vulnerable Software: HWiNFO 5.82-3410 Vendor Homepage: https://www.hwinfo.com/ Version: 5.82-3410 Software Link: https://www.hwinfo.com/files/hwi582.exe Tested On: Windows 7 x86...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.49 views

CSP MySQL User Manager 2.3.1 - Authentication Bypass

Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip Version:...

9.8CVSS9.7AI score0.05609EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/05/06 12:0 a.m.38 views

WordPress Plugin User Role Editor < 4.25 - Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress User Role Editor plugin prior to v4.25, is lacking an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/04 12:0 a.m.75 views

IceWarp Mail Server < 11.1.1 - Directory Traversal

Vendor: IceWarp http://www.icewarp.com Product: IceWarp Mail Server Version affected: 11.1.1 and below Product description: IceWarp WebMail provides web-based access to email, calendars, contacts, files and shared data from any computer with a browser and Internet connection. IceWarp Mail Server ...

7.8CVSS7.6AI score0.58302EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/04 12:0 a.m.66 views

Microsoft Windows WMI - Recieve Notification Exploit (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows WMI Recieve Notification Exploit', 'Description' = %q This module exploits an...

7.8CVSS7.6AI score0.24554EPSS
Exploits10
Exploit DB
Exploit DB
added 2018/05/04 12:0 a.m.93 views

Google Chrome V8 - Object Allocation Size Integer Overflow

There's an integer overflow in computing the required allocation size when instantiating a new javascript object. See the following code in objects.cc // static bool JSFunction::CalculateInstanceSizeForDerivedClass Handle function, InstanceType instancetype, int requestedembedderfields, int...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/04 12:0 a.m.36 views

WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting

Exploit Title: WF Cookie Consent - Authenticated Persistent Cross-Site Scripting Date: 23/04/2018 Exploit Author: B0UG Vendor Homepage: http://www.wunderfarm.com/ Software Link: https://en-gb.wordpress.org/plugins/wf-cookie-consent/ Version: Tested on version 1.1.3 older versions may also be...

6.1CVSS6.3AI score0.0641EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/05/03 12:0 a.m.45 views

JasperReports - (Authenticated) File Read

TIBCO’s JasperReports string = wrapper.getParameterValues"page" To: getResource @ DirResourceSet.java:101 file = new File/home/rhino/jasperreports...mcat/webapps/jasperserver,"/WEB-INF/jsp/modules/administer/adminImport.jsp" Due to a lack of input validation we found ourselves with the capability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/03 12:0 a.m.145 views

GPON Routers - Authentication Bypass / Command Injection

!/bin/bash echo "+ Sending the Command… " We send the commands with two modes backtick and semicolon ; because different models trigger on different devices curl -k -d "XWebPageName=diag&diagaction=ping&wanconlist=0&desthost=$2;$2&ipv=0" $1/GponForm/diagForm?images/ 2/dev/null 1/dev/null echo "+...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.38 views

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free

input:enabled content: urlfoo; padding-top: 0vmin .class4 -webkit-transform: scale1, 255; function jsfuzzer document.head.appendChildkg; var test = input.scrollHeight; ::ptr const /Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x8664+0xe0a06 1 0x3000e09d8...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.34 views

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow Date: 2018-05-02 Exploit Author: Marwan Shamel Software Link: https://downloads.tomsguide.com/MPEG-Easy-Burner,0301-10418.html Version: 1.7.11 Tested on: Windows 7 Enterprise SP1 32 bit Special thanks to my...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.48 views

LibreOffice/Open Office - '.odt' Information Disclosure

!/usr/bin/python Exploit Title: Malicious ODF File Creator Date: 1st May 2018 Exploit Author: Richard Davy Vendor Homepage: https://www.libreoffice.org/ Software Link: https://www.libreoffice.org/ Version: LibreOffice 6.0.3, OpenOffice 4.1.5 Tested on: Windows 10 Quick script/POC code to create a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.25 views

Call of Duty Modern Warefare 2 - Buffer Overflow

A few years ago, I became aware of a security issue in most Call of Duty games. Although I did not discover it myself, I thought it might be interesting to see what it could be used for. Without going into detail, this security issue allows users playing a Call of Duty match to cause a buffer...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.192 views

Exim < 4.90.1 - 'base64d' Remote Code Execution

!/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s = socket.createconnectionhost,port f = s.makefile'rw', bufsize=0 def p...

9.8CVSS9.6AI score0.82238EPSS
Exploits19
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.54 views

Adobe Reader PDF - Client Side Request Injection

% a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Pages...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.45 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service

What do you need to know? Tenable Research has discovered a critical remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. What's the attack vector? The vulnerability can be remotely exploited without authentication to execute arbitrary...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.26 views

Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit msfd Remote Code Execution via Browser', 'Description' = %q Metasploit's msfd-service makes it possible to get a msfconsole-like...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.365 views

xdebug < 2.5.5 - OS Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'xdebug Unauthenticated OS Command Execution', 'Description' = %q Module exploits a vulnerability in the eval command present in Xdebug versions...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.49 views

Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery

SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" lastest version. Product Download: Cockpit...

9.1CVSS9.3AI score0.08822EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.62 views

TBK DVR4104 / DVR4216 - Credentials Leak

-- coding: utf-8 -- import json import requests import argparse import tableprint as tp class Colors: BLUE = '\03394m' GREEN = '\03332m' RED = '\0330;31m' DEFAULT = '\0330m' ORANGE = '\03333m' WHITE = '\03397m' BOLD = '\0331m' BRCOLOUR = '\0331;37;40m' banner = ''' ..--.. ..... .-- ..... . .": "-...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.49 views

Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)

PoC command injection in BLE service of Norton Core Secure WiFi Router CVE-2018-5234 For more information read paper. To demonstrate the exploitation, we will use: - OS GNU/Linux; - Bluetooth dongle adapter; - BlueZ utility for testing Bluetooth connection. In order to use the script, we will nee...

8.3CVSS7.9AI score0.16711EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.49 views

Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit msfd Remote Code Execution', 'Description' = %q Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/01 12:0 a.m.38 views

WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site Scripting

Exploit Title: Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting Date: 2018-04-20 Exploit Author: B0UG Vendor Homepage: http://www.jameskoussertari.co.uk/ Software Link: https://en-gb.wordpress.org/plugins/responsive-cookie-consent/ Version: Teste...

5.4CVSS5.5AI score0.02855EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.110 views

Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root

Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Date: 4/17/2018 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.nagios.com/ Software Link:...

9.8CVSS9.3AI score0.64172EPSS
Exploits12
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.21 views

Navicat < 12.0.27 - Oracle Connection Overflow

!/usr/bin/python Title: Navicat Create new Oracle Connection paste contents of "navicatPOC.txt" into host field and test connection to trigger overflow. filename="navicatPOC.txt" junk = "A" 1502 nseh = "\x4C\x4C\x77\x04" seh= "\x75\x2a\x01\x10" nseh = "B" 4 seh = "C" 4 fill = "D" 4000 buffer = ju...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.36 views

WordPress Plugin Form Maker 1.12.20 - CSV Injection

Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version: 1.12.20 and before Category: Plugins and Extensions...

7.8CVSS7.7AI score0.04672EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.71 views

Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

/ ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would normally never send a message yourself to ReportCrash but the kernel would do it on your behalf whe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.34 views

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel | kOSKextLogIPCFlag, "Non-root kextutil doesn't need ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.47 views

Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free

define GNUSOURCE include include include include include include include include include include include include include include include include include include include struct sockaddrllc short sllcfamily; short sllcarphrd; unsigned char sllctest; unsigned char sllcxid; unsigned char sllcua;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.174 views

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution vulnerability exists within multiple subsystems of...

9.8CVSS9.9AI score0.99236EPSS
Exploits14
Exploit DB
Exploit DB
added 2018/04/26 12:0 a.m.41 views

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category: dos 1. www.shodan.io with title...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/26 12:0 a.m.51 views

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

6.1CVSS6.3AI score0.02564EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/04/26 12:0 a.m.32 views

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings Date: 2018-04-23 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version: 0.9.5 Tested on: php 5.6...

4.8CVSS5.1AI score0.01932EPSS
Exploits5
Total number of security vulnerabilities47904