Lucene search
+L
ExploitdbRecent

47904 matches found

exploitdb
exploitdb
added 2017/10/30 12:0 a.m.31 views

US Zip Codes Database - 'state' SQL Injection

Exploit Title: US Zip Codes Database Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://rowindex.com/ Software Link: https://www.codester.com/items/4898/us-zip-codes-database-php-script Demo: http://rowindex.com/demo/ Version: N/A Category: Webapps Tested on:...

9.8CVSS7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.31 views

Newspaper 1.0 - SQL Injection

Exploit Title: Newspaper Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-fully-responsive-magazine-cms/19493325 Demo: http://demo.geniusocean.com/newspaper/ Version: 1.0 Category:...

9.8CVSS9.6AI score0.0259EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.38 views

tPanel 2009 - Authentication Bypass

Exploit Title: tPanel 2009 - Authentication Bypass Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.datacomponents.net/ Software Link: http://www.datacomponents.net/products/hosting/tpanel/ Demo: http://demo.datacomponents.net/tpanel/ Version: 2009 Category: Webapps Tested on:...

9.8CVSS7AI score0.03696EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.37 views

CPA Lead Reward Script - SQL Injection

...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.37 views

Fake Magazine Cover Script - SQL Injection

Exploit Title: Fake Magazine Cover Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.websitescripts.org/ Software Link: http://www.websitescripts.org/website-scripts/fake-magazine-cover-script/prod81.html Demo: http://websitescripts.org/demo/magazinecoverscript/ Versio...

9.8CVSS9.7AI score0.0198EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.38 views

Php Inventory - Arbitrary File Upload

Exploit Title: Php Inventory & Invoice Management System - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://savsofteproducts.com/ Software Link: http://www.phpinventory.com/ Demo: http://phpinventory.com/phpinventorydemo/ Version: N/A Category: Webapps Tested on:...

9.8CVSS9.7AI score0.07677EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.42 views

PG All Share Video 1.0 - SQL Injection

Exploit Title: PG All Share Video 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

9.8CVSS9.7AI score0.02066EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.37 views

News 1.0 - SQL Injection

Exploit Title: News Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/news-dynamic-newspaper-magazine-and-blog-cms-script/19656143 Demo: http://demo.geniusocean.com/news/ Version: 1.0 Category:...

9.8CVSS9.6AI score0.0259EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.34 views

Nice PHP FAQ Script - 'nice_theme' SQL Injection

Exploit Title: Nice PHP FAQ Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/demophpscript-PHP-FAQ-Script-Knowledgebase-Script.htm Demo: http://www.nicephpscripts.com/scripts/faqscript/ Version: N/A Category:...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.58 views

Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection

Exploit Title: Vastal I-Tech Agent Zone - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/agent-zone-real-estate-script.html Demo: http://agentzone.vastal.com/demo/ Version: N/A Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.39 views

Website Broker Script - 'status_id' SQL Injection

Exploit Title: Website Broker Script - 'statusid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/UwCG4464436/php-scripts/website-broker-script Demo:...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.37 views

PHP CityPortal 2.0 - SQL Injection

Exploit Title: PHP CityPortal 2.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpcityportal.com/ Software Link: http://www.phpcityportal.com/index.php Demo: http://phpcityportal.com/demo Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-15970...

9.8CVSS9.7AI score0.02204EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.35 views

CmsLite 1.4 - 'S' SQL Injection

Exploit Title: Creative Management System - CMS Lite 1.4 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://bekirk.co.uk/ Software Link: https://codecanyon.net/item/creative-management-system-cms-lite/15297597 Demo: http://demo.bekirk.co.uk/ Version: 1.4 Category: Webapps Tested o...

9.8CVSS7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.36 views

MyMagazine 1.0 - 'id' SQL Injection

Exploit Title: MyMagazine Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-bootstrap-newspaper-magazine-and-blog-cms-script/19620468 Demo: http://demo.geniusocean.com/mymagazine/...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.46 views

Online Exam Test Application - 'sort' SQL Injection

Exploit Title: Online Exam Test Application - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/1z2e4672468/php-scripts/online-exam-test-application Demo: http://198.38.86.159/onlineexamboard/ Version: N/...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.54 views

D-Park Pro 1.0 - SQL Injection

Username: Password:...

9.8CVSS9.7AI score0.02148EPSS
Exploits3
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.25 views

iProject Management System 1.0 - 'ID' SQL Injection

Exploit Title: iProject Management System 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/iproject-management-system/20483358 Demo: http://project.ikodes.com/ikpms/ Version: 1.0 Category: Webapps Tested on:...

9.8CVSS9.7AI score0.02148EPSS
Exploits3
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.59 views

Mailing List Manager Pro 3.0 - SQL Injection

Exploit Title: Mailing List Manager Pro 3.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.vote-pro.com/ Software Link: http://www.mailing-manager.com/demo.html Demo: http://www.mailing-manager.com/demo-gold/ Version: 3.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

9.8CVSS9.7AI score0.02066EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.43 views

Joomla! Component NS Download Shop 2.2.6 - 'id' SQL Injection

Exploit Title: Joomla! Component NS Download Shop 2.2.6 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://nswd.co/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/paid-downloads/ns-downloadshop/ Demo: https://ds.nswd.co/ Version: 2.2.6 Category:...

9.8CVSS9.7AI score0.03398EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.29 views

Joomla! Component Zh YandexMap 6.1.1.0 - 'placemarklistid' SQL Injection

Exploit Title: Joomla! Component Zh YandexMap 6.1.1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://zhuk.cc/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/zh-yandexmap/ Demo: http://joomla.zhuk.cc/index.php Version: 6.1.1.0...

9.8CVSS9.7AI score0.03398EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.29 views

Basic B2B Script - SQL Injection

Exploit Title: Basic B2B Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/nC3F4570353/php-scripts/basic-b2b-script Demo: http://readymadeb2bscript.com/product/entrepreneur/ Version: N/A Category...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.52 views

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.32 views

Shareet - 'photo' SQL Injection

Exploit Title: Shareet - Photo Sharing Social Network - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://odallated.com/ Software Link: https://www.codester.com/items/4910/shareet-photo-sharing-social-network Demo: https://odallated.com/shareet/demo/ Version: N/A Category: Webapps...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.44 views

Zomato Clone Script - 'resid' SQL Injection

Exploit Title: Zomato Clone Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script Demo: http://jhinstitute.com/demo/foodpanda/ Version: N/A Category: Webap...

9.8CVSS9.7AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.104 views

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure

!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' Oracle Java Web Start JNLP XML...

7.1CVSS8.2AI score0.08794EPSS
Exploits6
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.31 views

Ingenious 2.3.0 - Arbitrary File Upload

Exploit Title: Ingenious School Management System 2.3.0 - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo: http://iloveprograming.com/view/login.php Version: N/...

8.8CVSS8.9AI score0.03947EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.48 views

iTech Gigs Script 1.21 - SQL Injection

Exploit Title: iTech Gigs Script 1.21 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Demo: http://gigs.itechscripts.com/ Version: 1.21 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-1596...

9.8CVSS9.7AI score0.02066EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.46 views

Article Directory Script 3.0 - 'id' SQL Injection

Exploit Title: Article Directory Script 3.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.yourarticlesdirectory.com/ Software Link: http://www.yourarticlesdirectory.com/ Demo: http://www.yourarticlesdirectory.com/livedemo.php Version: 3.0 Category: Webapps Tested on:...

9.8CVSS9.6AI score0.02148EPSS
Exploits3
exploitdb
exploitdb
added 2017/10/30 12:0 a.m.39 views

Job Board Script - 'nice_theme' SQL Injection

Exploit Title: Job Board Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/jobboardscript.htm Demo: http://www.nicephpscripts.com/scripts/faqscript/ Version: N/A Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...

9.8CVSS9.7AI score0.02148EPSS
Exploits3
exploitdb
exploitdb
added 2017/10/28 12:0 a.m.32 views

Uniview - Remote Command Execution / Export Config (PoC)

STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config http://IP:PORT/cgi-bin/main-cgi?json="cmd":255,"szUserName":"","u32UserLoginHandle":-1 -tcpdump- check active capture...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/28 12:0 a.m.33 views

PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)

Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE : 2017-15727 1. Description In phpMyFAQ befo...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/28 12:0 a.m.68 views

PHP Melody 2.6.1 - SQL Injection

Author : Venkat Rajgor + Email : [email protected] + Vulnerability : SQL injection E-mail ID : [email protected] Download : http://www.phpsugar.com Web : http://www.phpsugar.com Price : $39 USD Vulnerable parameter: http://x.x.x.x/playlists.php?playlist= Application : PHPSUGAR PHP Melody...

7AI score
Exploits0
exploitdb
exploitdb
added 2017/10/28 12:0 a.m.70 views

MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation

Exploit Title: Privilege escalation MitraStar routers Date: 28-10-2017 Exploit Author: j0lama Vendor Homepage: http://www.mitrastar.com/ Provider Homepage: https://www.movistar.com/ Models affected: MitraStar DSL-100HN-T1 and MitraStar GPT-2541GNAC HGU Software versions: ES113WJY0b16 DSL-100HN-T1...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/27 12:0 a.m.61 views

phpMyFAQ 2.9.8 - Cross-Site Request Forgery

Exploit Title: phpMyFAQ 2.9.8 CSRF Vulnerability Date: 27-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE : 2017-15730 1. Description In phpMyFAQ before...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/27 12:0 a.m.88 views

Tizen Studio 1.3 Smart Development Bridge < 2.3.2 - Buffer Overflow (PoC)

Exploit Title: Smart Development Bridge =2.3.2 part of Tizen Studio 1.3 Windows x86/x64 - Buffer Overflow PoC Date: 22.10.17 Exploit Author: Marcin Kopec Vendor Homepage: https://developer.tizen.org/ Software Link: https://developer.tizen.org/development/tizen-studio/download Version: 2.3.0, 2.3....

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/27 12:0 a.m.35 views

Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)

/ Sync Breeze Enterprise BOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team / define WINSOCKDEPRECATEDNOWARNINGS define DEFAULTBUFLEN 512 include include include include DWORD SendRequestchar request, int requestsize WSADATA wsa; SOCKET s; struct sockaddrin server; char...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/26 12:0 a.m.60 views

HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow

Exploit-CVE-2017-6008 The CVE-2017-6008 is a vulnerability in the HitmanPro scan that allows privilege escalation by exploiting a kernel pool buffer overflow. The exploits here use the Quota Process Pointer Overwrite attack as described in the Tarjei Mandt's paper Also, the exploits use my Pool...

7.8CVSS7.7AI score0.01904EPSS
Exploits6
exploitdb
exploitdb
added 2017/10/26 12:0 a.m.33 views

Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference

/ Exploit Title - Watchdog Development Anti-Malware/Online Security Pro Null Pointer Dereference Date - 26th October 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.watchdogdevelopment.com/ Tested Version - 2.74.186.150 Driver Version - 2.21.63 - zam32.sys Tested on OS ...

7.5CVSS7.6AI score0.07575EPSS
Exploits6
exploitdb
exploitdb
added 2017/10/25 12:0 a.m.145 views

Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/25 12:0 a.m.63 views

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

8.8CVSS8.8AI score0.07217EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/25 12:0 a.m.48 views

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

6.1CVSS5.6AI score0.03415EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/25 12:0 a.m.49 views

PHPMailer < 5.2.21 - Local File Disclosure

Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...

5.5CVSS5.9AI score0.02161EPSS
Exploits6
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.48 views

FS Realtor Clone - 'id' SQL Injection

Exploit Title: FS Realtor Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/realtor-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.24 views

FS Monster Clone - 'id' SQL Injection

Exploit Title: FS Monster Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/monster-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.25 views

FS Crowdfunding Script - 'id' SQL Injection

Exploit Title: FS Crowdfunding Script - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/crowdfunding-script/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.31 views

FS Trademe Clone - 'id' SQL Injection

Exploit Title: FS Trademe Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/trademe-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.49 views

Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection

Exploit Title: Mura CMS before 6.2 SSRF + XXE Date: 30-10-2017 Exploit Author: Anthony Cole Vendor Homepage: http://www.getmura.com/ Version: before 6.2 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Tested on: Windows 2008 w/ Coldfusion 8 CVE: CVE-2017-15639 Category:...

6.5CVSS6.5AI score0.06784EPSS
Exploits5
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.31 views

FS Thumbtack Clone - 'ser' SQL Injection

Exploit Title: FS Thumbtack Clone - 'ser' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/thumbtack-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.28 views

FS Care Clone - 'sitterService' SQL Injection

Exploit Title: FS Care Clone - 'sitterService' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/care-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2017/10/24 12:0 a.m.51 views

FS Shutter Stock Clone - 'keywords' SQL Injection

Exploit Title: FS Shutter Stock Clone - 'keywords' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shutterstock-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904