Lucene search
+L
ExploitdbRecent

47904 matches found

exploitdb
exploitdb
added 2017/11/14 12:0 a.m.65 views

D-Link DIR-850L - OS Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'DIR-850L Unauthenticated OS Command Exec', 'Description' = %q This module leverages an unauthenticated credential disclosure...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/14 12:0 a.m.51 views

D-Link DIR-605L < 2.08 - Denial of Service

Exploit Title: D-Link DIR605L ROUTER=$1 if "$" -ne 1 ; then echo "usage: $0 " exit fi curl http://$ROUTER/Tools/...

7.8CVSS7AI score0.12098EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/13 12:0 a.m.41 views

Ulterius Server < 1.9.5.0 - Directory Traversal

Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d Version: 1.9.5.0 Tested on: Windows...

7.5CVSS7.6AI score0.91496EPSS
Exploits6
exploitdb
exploitdb
added 2017/11/13 12:0 a.m.45 views

Kirby CMS < 2.5.7 - Cross-Site Scripting

Exploit Title: KirbyCMS 2.5.7 Stored Cross Site Scripting Vendor Homepage: https://getkirby.com/ Software Link: https://getkirby.com/try Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform: PHP CVE:...

5.4CVSS5.5AI score0.02422EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/13 12:0 a.m.39 views

IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation

/ Exploit Title - IKARUS anti.virus Arbitrary Write Privilege Escalation Date - 13th November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.ikarussecurity.com/ Tested Version - 2.16.7 Driver Version - 0.18780.0.0 - ntguardx64.sys Tested on OS - 64bit Windows 7 and...

7.8CVSS7.7AI score0.01527EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/13 12:0 a.m.70 views

Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload

Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com Version: Web Viewer 1.0.0.193 on Samsung SRN-1670D Tested on: Web...

8.8CVSS8.7AI score0.30296EPSS
Exploits7
exploitdb
exploitdb
added 2017/11/11 12:0 a.m.58 views

Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)

Linux/x64 - Reverse TCP 127.0.0.1:4444/TCP Shell /bin/sh + Password 1234567 Shellcode 104 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2017/11/11 12:0 a.m.31 views

MyBB 1.8.13 - Cross-Site Scripting

Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which...

5.4CVSS5.5AI score0.01581EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/11 12:0 a.m.39 views

MyBB 1.8.13 - Remote Code Execution

Exploit Title: RCE in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn't require it in some special cases. The...

9.8CVSS9.7AI score0.05766EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/11 12:0 a.m.52 views

osCommerce 2.3.4.1 - Arbitrary File Upload

Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link: https://www.oscommerce.com/Products&Download=oscom234 Version: 2.3.4.1, 2.3.4 - Other...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/10 12:0 a.m.80 views

Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt + ISR: ApparitionSec Vendor: ======= www.symantec.com Product: =========== Symantec Endpoint...

7.1CVSS7AI score0.01687EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/09 12:0 a.m.6193 views

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Linux/x64 - Bind TCP 4444/TCP Shell /bin/sh + Password 1234567 Shellcode 136 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; cop...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2017/11/09 12:0 a.m.27 views

Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free

var e = new Error; var o = toString:function //alert'in toString'; e.name = 1; CollectGarbage; //reallocate forvar i=0;i !-- ========================================= This is a use-after-free in jscript!JsErrorToString that can lead to a heap overflow. The PoC above crashes in memcpy when...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/09 12:0 a.m.305 views

PHP 7.1.8 - Heap Buffer Overflow

Description: ------------ A heap out-of-bound read vulnerability in timelibmeridian can be triggered via wddxdeserialize or other vectors that call into this function on untrusted inputs. $ /php-7.1.8/sapi/cli/php --version PHP 7.1.8 cli built: Aug 9 2017 21:42:13 NTS Copyright c 1997-2017 The PH...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/09 12:0 a.m.42 views

Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/07 12:0 a.m.45 views

Ametys CMS 4.0.2 - Password Reset

Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented...

9.8CVSS9.7AI score0.07663EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/07 12:0 a.m.36 views

Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Xlight FTP Server x86/x64 - Buffer Overflow Crash PoC Date: 07-11-2017 Vulnerable Software: Xlight FTP Server v3.8.8.5 x86/x64 Vendor Homepage: http://www.xlightftpd.com/ Version: v3.8.8.5 x86/x64 Software Link:...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/07 12:0 a.m.59 views

ManageEngine Applications Manager 13 - SQL Injection

ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host: 192.168.1.190:9090 User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64;...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/07 12:0 a.m.79 views

pfSense 2.3.1_1 - Command Execution

Exploit Title: pfSense User Manager--Groups in the handling of the members parameter. This allows an authenticated WebGUI user with privileges for systemgroupmanager.php to execute commands in the context of the root user. 2. Proof of Concept 'ifconfig/usr/local/www/ifconfig.txt'...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/06 12:0 a.m.209 views

Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/05 12:0 a.m.53 views

Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt + ISR: ApparitionSec Vendor: ============= www.avaya.com Product: =========== Avaya IP Office IPO...

8.8CVSS7AI score0.10079EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/05 12:0 a.m.70 views

Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt + ISR: apparitionSec Vendor: ============= www.avaya.com Product: =========== Avaya IP Office IPO...

9.6CVSS9.5AI score0.09404EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/05 12:0 a.m.42 views

SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: SMPlayer 17.11.0 - '.m3u' Crash PoC Date: 05-11-2017 Vulnerable Software: SMPlayer v17.11.0 Vendor Homepage: http://www.smplayer.info Version: v17.11.0 Software Link: http://www.smplayer.info/en/downloads Tested On: Windows 7 x64...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/04 12:0 a.m.76 views

WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass

Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?srank=9...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/04 12:0 a.m.38 views

Actiontec C1000A Modem - Backdoor Account

Exploit Title: Actiontec C1000A backdoor account Google Dork: NA Date: 11/04/2017 Exploit Author: Joseph McDonagh Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us Software Link: N/A Hardware Version: Firmware CAC003-31.30L.86 Tested on: Linux CVE : NA The Actiontec C1000A Modem...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.57 views

Ladon Framework for Python 0.9.40 - XML External Entity Expansion

Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.49 views

GraphicsMagick - Memory Disclosure / Heap Overflow

'''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of source code in the base package or 1,225K including...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.18 views

Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting

Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.23 views

Jnes 1.0.2 - Stack Buffer Overflow

!/usr/bin/env python coding: utf-8 Exploit Title: Jnes Version 1.0.2 Stack Buffer Overflow Date: 3-11-2017 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: http://www.jabosoft.com/home Software Link: http://www.jabosoft.com/categories/3 Version: v1.0.2.15 Tested o...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.54 views

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link: https://wordpress.org/plugins/jtrt-responsive-tables/ Contact: http://twitter.com/lenonleite Website:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.27 views

Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting

Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied For. POC: 1. Access and go to the Radio URL...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.31 views

Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH)

!/usr/bin/python Title: Ipswitch WSFTP Professional Local Buffer Overflow SEH Author: Kevin McGuigan. Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: https://www.ipswitch.com Date: 03/11/2017 Version: 12.6.03 CVE: CVE-2017-16513 Tested on: Windows 7 32-bit Use scrip...

7.8CVSS7.7AI score0.02216EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/03 12:0 a.m.806 views

tnftp - 'savefile' Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...

7.5CVSS7.4AI score0.69115EPSS
Exploits8
exploitdb
exploitdb
added 2017/11/02 12:0 a.m.55 views

Debut Embedded HTTPd 1.20 - Denial of Service

Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedded http server contains a remotely exploitable...

7.8CVSS7.6AI score0.59386EPSS
Exploits7
exploitdb
exploitdb
added 2017/11/01 12:0 a.m.46 views

OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery

Exploit Title: OctoberCMS 1.0.426 - CSRF to Admin Account Takover Vendor Homepage: https://octobercms.com Software Link: https://octobercms.com/download Exploit Author: Zain Sabahat Website: https://about.me/ZainSabahat Category: webapps CVE: CVE-2017-16244 1. Description Cross-Site Request Forge...

8.8CVSS8.8AI score0.01976EPSS
Exploits5
exploitdb
exploitdb
added 2017/11/01 12:0 a.m.57 views

Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution

Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine VM. The VM includes software that emulates...

7.8CVSS7.8AI score0.77071EPSS
Exploits3
exploitdb
exploitdb
added 2017/11/01 12:0 a.m.41 views

Vir.IT eXplorer Anti-Virus 8.5.39 - 'VIAGLT64.SYS' Local Privilege Escalation

/ Exploit Title - Vir.IT eXplorer Anti-Virus Arbitrary Write Privilege Escalation Date - 1st November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.tgsoft.it Tested Version - 8.5.39 Driver Version - 1.0.0.11 - VIAGLT64.SYS Tested on OS - 64bit Windows 7 and Windows 10...

7.8CVSS7.7AI score0.01467EPSS
Exploits4
exploitdb
exploitdb
added 2017/11/01 12:0 a.m.31 views

Ingenious School Management System 2.3.0 - 'friend_index' SQL injection

Exploit Title: Ingenious School Management System 2.3.0 - SQL injection Date: 01.11.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo: http://iloveprograming.com/view/login.php Version: 2.3.0 Category:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/11/01 12:0 a.m.58 views

WhatsApp 2.17.52 - Memory Corruption

!/usr/bin/env python -- coding: utf-8 -- Found this and more exploits on my open source security project: http://www.exploitpack.com Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: 11 October 2017 Tested on: iPhone 5/6s iOS 10.3.3 and 11 Description:...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/10/31 12:0 a.m.103 views

ZyXEL PK5001Z Modem - Backdoor Account

Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux About: ZyXEL PK5001Z Modem is used by...

9CVSS8.8AI score0.12113EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.26 views

MyBuilder Clone 1.0 - 'subcategory' SQL Injection

Exploit Title: MyBuilder Clone 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.contractorscripts.com/ Software Link: http://order.contractorscripts.com/ Demo: http://demo.contractorscripts.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

9.8CVSS9.7AI score0.02066EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.38 views

Same Sex Dating Software Pro 1.0 - SQL Injection

Exploit Title: Same Sex Dating Software Pro 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/same-date-pro-same-sex-dating-software/4530959 Demo: http://www.ss.softdatepro.com/ Version: 1.0 Category: Webapps...

9.8CVSS9.6AI score0.02028EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.47 views

SoftDatepro Dating Social Network 1.3 - SQL Injection

Exploit Title: SoftDatepro Dating Social Network 1.3 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/softdatepro-build-your-own-dating-social-network/3650044 Demo: http://demo.softdatepro.com/ Version: 1.3 Category...

9.8CVSS9.6AI score0.02858EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.44 views

Adult Script Pro 2.2.4 - SQL Injection

Exploit Title: Adult Script Pro 2.2.4 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.adultscriptpro.com/ Software Link: http://www.adultscriptpro.com/order.html Demo: http://www.adultscriptpro.com/demo.html Version: 2.2.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

9.8CVSS9.7AI score0.02066EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.26 views

Sokial Social Network Script 1.0 - SQL Injection

Exploit Title: Sokial Social Network Script 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.sokial.net/ Software http://www.sokial.net/demonstrations-social-network.sk Demo: http://demo.sokial.net/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

9.8CVSS9.7AI score0.02858EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.59 views

Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection

Exploit Title: Vastal I-Tech Dating Zone 0.9.9 - 'productid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/dating-zone-the-dating-software.html Demo: http://datingzone.vastal.com/demo/ Version: 0.9.9 Category: Webapps Tested on:...

9.8CVSS9.7AI score0.0305EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.48 views

iStock Management System 1.0 - Arbitrary File Upload

Exploit Title: iStock Management System 1.0 - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/istock-management-system/20405084 Demo: http://project.ikodes.com/basicims/ Version: 1.0 Category: Webapps Tested on:...

9.8CVSS9.7AI score0.04933EPSS
Exploits3
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.36 views

ZeeBuddy 2x - 'groupid' SQL Injection

Exploit Title: ZeeBuddy 2x - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.zeescripts.com/ Software Link: http://www.zeebuddy.com/ Demo: http://www.zeebuddy.com/demo/ Version: 2x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-15976 Exploit Author: Ihsan...

9.8CVSS9.7AI score0.0305EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.38 views

Protected Links - SQL Injection

Username Password...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.28 views

AROX School ERP PHP Script - 'id' SQL Injection

Exploit Title: AROX School ERP PHP Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://arox.in/ Software Link: https://www.codester.com/items/4908/arox-school-erp-php-script Demo: http://erp1.arox.in/ Version: CVE-2017-15978 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
Total number of security vulnerabilities47904