Lucene search
+L
ExploitdbRecent

47904 matches found

exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•65 views

SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities

Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•33 views

Photos in Wifi 1.0.1 - Path Traversal

Document Title: =============== Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ===================================...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•53 views

BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BARCODEWIZ-v6.7-ACTIVEX-COMPONENT-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.barcodewiz.com Product: ============= BarcodeWiz ActiveX Control 6.7...

8.8CVSS8.8AI score0.03914EPSS
Exploits6
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•28 views

DiskBoss Enterprise 8.5.12 - Denial of Service

Exploit Title: DiskBoss Enterprise Server 8.5.12 - Denial of Service Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http:///www.diskboss.com/setups/diskbosssrvsetupv8.5.12.exe Version: v10.1.16 Category; Windows Remote DOS CVE: CVE-2017-15665 Author Homepage: www.unixawy.com...

7.5CVSS7.6AI score0.09145EPSS
Exploits5
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•36 views

VX Search Enterprise 10.1.12 - Denial of Service

Exploit Title: VX Search Enterprise Server v10.1.12 - Denial of Service Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http://www.vxsearch.com/setups/vxsearchsrvsetupv10.1.12.exe Version: v10.1.12 Category; Windows Remote DOS CVE: CVE-2017-15662 Author Homepage: www.unixawy.com...

7.5CVSS7.6AI score0.09145EPSS
Exploits5
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•27 views

Disk Pulse Enterprise 10.1.18 - Denial of Service

Exploit Title: Disk Pulse Enterprise Server v10.1.18 - DOS, Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http://www.diskpulse.com/setups/diskpulsesrvsetupv10.1.18.exe Version: v10.1.18 Category; Windows Remote DOS CVE: CVE-2017-15663 Author Twitter: @eln1x Description In Disk Pul...

7.5CVSS7AI score0.13176EPSS
Exploits8
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•48 views

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•131 views

Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration

Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE : CVE-2017-9554 Previously this was identified by the developer and the disclosur...

5.3CVSS5.7AI score0.75016EPSS
Exploits6
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•41 views

Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities

Synology Photostation Multiple Vulnerabilities Vendor: Synology Product: Synology Photostation Version: = 6.7.2-3429 Website: http://www.synology.com / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development Synology...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/08 12:0 a.m.•37 views

Sync Breeze Enterprise 10.1.16 - Denial of Service

Exploit Title: Sync Breeze Enterprise Server v10.1.16 - Denial of Service Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http://www.syncbreeze.com/setups/syncbreezesrvsetupv10.1.16.exe Version: v10.1.16 Category; Windows Remote DOS CVE: CVE-2017-15664 Author Twitter: @eln1x...

7.5CVSS7AI score0.09145EPSS
Exploits5
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•29 views

Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)

Linux/x86 - Reverse TCP 127.1.1.1:8888/TCP Shell /bin/sh + Null-Free Shellcode 67/69 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Reverse TCP Shell /bin/sh 127.1.1.1:8888/TCP Null-Free Shellcode 69 bytes Description: Smallest /bin/sh Reverse TCP ShellcodeNull Free, No...

7.1AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•62 views

gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...

9.8CVSS9.6AI score0.06946EPSS
Exploits6
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•21 views

GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow

Exploit Title: Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712 Date: 01-02-2018 Tested on Windows 8 64 bits Exploit Author: devcoinfet Contact: https://twitter.com/wabefet Software Link: http://www.getgosoft.com/getgodm/ Category: webapps Attack Type: Remote Impac...

7AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•329 views

Cisco IOS - Remote Code Execution

!/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco Systems on June 29th 2017 - Descriptio...

9CVSS8.7AI score0.70559EPSS
Exploits8
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•44 views

Ayukov NFTP FTP Client 2.0 - Remote Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ayukov NFTP FTP Client Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD...

9.8CVSS7.4AI score0.60328EPSS
Exploits16
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•41 views

Gespage 7.4.8 - SQL Injection

CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...

9.8CVSS9.7AI score0.1934EPSS
Exploits5
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•56 views

Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1389&desc=6 Windows maintains a DC cache in win32kbase!gpDispInfo-pdceFirst. If you create multiple windows from a shared class while switching between CSOWNDC and CSCLASSDC, you can cause cache list entries to maintain references ...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/05 12:0 a.m.•44 views

VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workstation ALSA Config File Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in VMware Workstation Pr...

7.8CVSS7.4AI score0.05413EPSS
Exploits11
exploitdb
exploitdb
•added 2018/01/04 12:0 a.m.•37 views

Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)

Linux/x86 - chmod 777 /etc/sudoers Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissio...

7.1AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/04 12:0 a.m.•55 views

Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WVBR0-25 User-Agent Command Execution', 'Description' = %q The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless...

10CVSS9.4AI score0.87929EPSS
Exploits9
exploitdb
exploitdb
•added 2018/01/04 12:0 a.m.•44 views

Xplico - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xplico Remote Code Execution', 'Description' = %q This module exploits command injection vulnerability. Unauthenticated users can register a new...

9CVSS8.8AI score0.80098EPSS
Exploits7
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•80 views

Multiple CPUs - 'Spectre' Information Disclosure

/ EDB Note: - https://spectreattack.com/ - https://spectreattack.com/spectre.pdf - https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html / include include include ifdef MSCVER include / for rdtscp and clflush / pragma optimize"gt",on else include / for rdtscp a...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•226 views

Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github: https://github.com/kkirsche/CVE-2017-10271 Exploit is based off of POC by Luffin fr...

7.5CVSS7.9AI score0.99993EPSS
Exploits45
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•55 views

WDMyCloud < 2.30.165 - Multiple Vulnerabilities

WDMyCloud Multiple Vulnerabilities Vendor: Western Digital Product: WDMyCloud Version: = 2.30.165 Website: https://www.wdc.com/products/network-attached-storage.html / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•38 views

D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access

DNS-320L ShareCenter Backdoor Vendor: D-Link Product: DNS-320L ShareCenter Version: = 1.06 -- Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 - Remote exp...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•52 views

EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection

Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018 CVE: CVE-2017-14960 Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable. SQL Injection Vulnerability: ============================== This...

7.5CVSS7.6AI score0.03737EPSS
Exploits5
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•30 views

Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation

""" Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720ENUDOWN33102010.rar Internet Security: http://www.kingsoft.co/downloads/kis/kis.rar Summary: ======== This vulnerability allows loc...

7AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/03 12:0 a.m.•50 views

WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection

Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/ Software Link: https://wordpress.org/plugins/smart-google-code-inserter/ Version: 3.4...

9.8CVSS9.5AI score0.91477EPSS
Exploits6
exploitdb
exploitdb
•added 2018/01/01 12:0 a.m.•47 views

HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution", 'Description' = %q This module exploits a remote command execution...

10CVSS7.4AI score0.7883EPSS
Exploits5
exploitdb
exploitdb
•added 2018/01/01 12:0 a.m.•42 views

Apple macOS - IOHIDSystem Kernel Read/Write

Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13...

7AI score
Exploits0
exploitdb
exploitdb
•added 2018/01/01 12:0 a.m.•43 views

Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP1000 'getchart' Shell via Command Injection v3.1-3.5-RC7", 'Description' = % This module exploits an OS Command Injection vulnerabilit...

9CVSS7.4AI score0.74556EPSS
Exploits7
exploitdb
exploitdb
•added 2018/01/01 12:0 a.m.•27 views

Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP1000 'ping' Shell via Command Injection up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/31 12:0 a.m.•28 views

PHP Melody 2.7.1 - 'playlist' SQL Injection

Exploit Title: PHP Melody v2.7.1 - SQL Injection Date: 30/12/2017 Exploit Author: Ahmad Mahfouz Contact: http://twitter.com/eln1x Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelodyorder.html Version: 2.7.1 Tested on: Mac OS SQL Injection Type: time-based blind...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/31 12:0 a.m.•25 views

D3DGear 5.00 Build 2175 - Buffer Overflow (PoC)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: D3DGear 5.00 Build 2175 - Buffer Overflow Date: 07-11-2017 Vulnerable Software: D3DGear 5.00 Build 2175 Vendor Homepage: http://www.d3dgear.com/ Version: 5.00 Build 2175 Software Link: http://www.d3dgear.com/products.htm Tested O...

7AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/29 12:0 a.m.•44 views

NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)

!/usr/bin/python Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor...

10CVSS9.5AI score0.39634EPSS
Exploits6
exploitdb
exploitdb
•added 2017/12/28 12:0 a.m.•45 views

ALLMediaServer 0.95 - Remote Buffer Overflow (Metasploit)

require 'msf/core' class Metasploit4 'ALLMediaServer 0.95 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of HTTP request. , 'License' = MSFLICENSE, 'Author' = 'Anurag...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•37 views

SysGauge Server 3.6.18 - Denial of Service

Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepage: www.unixawy.com Description: SysGauge Server...

7.5CVSS7.6AI score0.03818EPSS
Exploits4
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•29 views

Easy!Appointments 1.2.1 - Cross-Site Scripting

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities Vendor: Alex Tselegidis Product web page: http://www.easyappointments.org Affected version: 1.2.1 Summary: Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•49 views

Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader

PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does...

7AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•44 views

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE router which ...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•42 views

SAP BusinessObjects launch pad - Server-Side Request Forgery

Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack !/usr/bin/env python SAP BusinessObjects launch pad SSRF Timing Atta...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•43 views

ALLMediaServer 0.95 - Buffer Overflow (PoC)

Exploit Title: Buffer overflow in ALLPlayer ALLMediaServer 0.95 and earlier CVE: CVE-2017-17932 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.allmediaserver.org/ Category: webapps Attack Type: Remote Impact: Code execution...

10CVSS9.4AI score0.53597EPSS
Exploits10
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•37 views

DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)

Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork: inurl:/DesktopModules/DreamSlider/ CVE: Description DotNetNuke DreamSlider Module prior to version...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•52 views

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service

!/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•54 views

Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/27 12:0 a.m.•47 views

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/26 12:0 a.m.•102 views

COMTREND ADSL Router CT-5367 - Remote Code Execution

COMTREND ADSL Router CT-5367 - Remote Code Execution. Remote exploit for Hardware platform Exploit Title: Globalnet COMTREND ADSL Router CT-5367 Remote Code Execute Date: 11-12-2017 Exploit Author: TnMch Software Link : null Type : HardWare Risk of use : High Type to use : Remote 1. Description A...

0.3AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/26 12:0 a.m.•46 views

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...

7.4AI score
Exploits0
exploitdb
exploitdb
•added 2017/12/26 12:0 a.m.•72 views

Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection

Exploit Title: Joomla! Component JEXTN FAQ Pro 4.0.0 - SQL Injection Dork: N/A Date: 24.12.2017 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/faq/jextn-faq-pro/ Version: 4.0.0 Category: Webapps Tested on:...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
•added 2017/12/26 12:0 a.m.•515 views

Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution

import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "", ""+"".joinhtmlescapetable.getc, c for c in commandin+"" payload1 = " \...

7.5CVSS7.9AI score0.99993EPSS
Exploits45
Total number of security vulnerabilities47904