Lucene search
+L
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2017/09/08 12:0 a.m.59 views

Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution

import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" if name == "main": if lensys.argv != 4: print """S2-053 Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.39 views

HiSilicon DVR Devices - Remote Code Execution

!/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host', required=True parser.addargument'--rport',...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.31 views

Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'Gh0st Client buffer Overflow', 'Description' = %q This module exploits a Memory buffer overflow in the Gh0st client C2 server ,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.23 views

Online Invoice System 3.0 - SQL Injection

Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo: http://www.onlineinvoicesystem.com/onlineinvoicesystem3/index.php Version: 3.0 Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.26 views

EzInvoice 6.02 - SQL Injection

Exploit Title: EzInvoice - Invoice Management System 6.0.2 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezinvoicedemo.zip Demo: http://www.mysticdreams.net/products/ezinvoice/ Version: 6.0.2 Category:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.36 views

Huawei HG255s - Directory Traversal

Exploit Title: Server Directory Traversal at Huawei HG255s Date: 07.09.2017 Exploit Author: Ahmet Mersin Vendor Homepage: www.huawei.com Software Link: Not published this modem just used by Turkey Version: V100R001C163B025SP02 POC: https://www.youtube.com/watch?v=n02toTFkLOU&feature=youtu.be...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.19 views

EzBan 5.3 - 'id' SQL Injection

Exploit Title: EzBan - Banner Management System 5.3 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezbandemo.zip Demo: http://www.mysticdreams.net/products/ezban/ Version: 5.3 Category: Webapps Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.62 views

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting

Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows 7, 8.1, 10 CVE-2017-14219 For more info:...

6.1CVSS6.3AI score0.01438EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/09/07 12:0 a.m.54 views

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution

Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. McAfee...

5.9CVSS6.2AI score0.03176EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.583 views

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution

Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...

8.1CVSS8.4AI score0.99461EPSS
Exploits23
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.46 views

Tor (Linux) - X11 Linux Sandbox Breakout

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2 EDIT: I mixed up two different sandboxes; see the comment below for a correction. From inside the Linux sandbox described in , it is still possible to talk to the X server without any restrictions. This means that a...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.66 views

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1)

-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1: 0f212075d86ef7e859c1941f8e5b9e7a6f2558ad CVE: CVE-2017-14153...

7.8CVSS7.7AI score0.01821EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.31 views

Pay Banner Text Link Ad 1.0.6.1 - SQL Injection

Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo: http://dijiteol.com/demos/pbtla Version: 1.0.6.1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.24 views

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.36 views

Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.51 views

Cory Support - 'pr' SQL Injection

Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo : http://coryapp.com/demo/support/ Tested On :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/06 12:0 a.m.51 views

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation

-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1:...

7.8CVSS7.7AI score0.01821EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/09/05 12:0 a.m.17 views

Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting

Exploit Title: HRM - Workable Zone : Ultimate HR System Last Name Other vulnerable fields include: First Name, Contact Number Unauthenticated Directory Traversal: http://localhost.com/download?type=document&filename=../../../../../etc/passwd Credits & Authors: ================== 8bitsec -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/05 12:0 a.m.31 views

The Car Project 1.0 - SQL Injection

Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/05 12:0 a.m.38 views

A2billing 2.x - SQL Injection

Title : A2billing 2.x , Sql injection vulnerability Vulnerable software : A2billing 2.x Author : Ahmed sultan 0x4148 Email : [email protected] Linkedin : https://www.linkedin.com/in/0x4148/ If you're looking for deep technical stuff , overcoming sanitization/hardening . . etc you can check out the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/05 12:0 a.m.61 views

FiberHome ADSL AN1020-25 - Improper Access Restrictions

Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHome Technologies is a leading equipment vendor and global...

9.8CVSS7AI score0.65621EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.19 views

Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow

!/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Input Directory' Local Buffer Overflow Date : 04 Sept, 2017 Exploit Author : Touhid M.Shaikh - www.touhidshaikh.com Contact : https://github.com/touhidshaikh Vendor Homepage: http://www.dupscout.com/ Version : v9.9.14 Software Link ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.20 views

iGreeting Cards 1.0 - SQL Injection

Exploit Title: iGreeting Cards 1.0 - SQL Injection Dork: N/A Date: 04.09.2017 Vendor Homepage: http://coryapp.com/ Software Link: http://coryapp.com/?product&index Demo: http://coryapp.com/demo/greetingcards/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.45 views

A2billing 2.x - Backup File Download / Remote Code Execution

Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain multiple flaws which can be chained together to achieve shell...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.43 views

Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server Free Edition...

8.8CVSS8.8AI score0.04135EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.115 views

Wireless Repeater BE126 - Remote Code Execution

Exploit Title: WIFI Repeater BE126 – Remote Code Execution Date Publish: 09/09/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-13713 1...

8.8CVSS8.9AI score0.09116EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.46 views

RubyGems < 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.82 views

CodeMeter 6.50 - Cross-Site Scripting

Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/...

5.4CVSS5.8AI score0.03877EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/09/03 12:0 a.m.39 views

Joomla! Component CheckList 1.1.0 - SQL Injection

Exploit Title: Joomla! Component CheckList 1.1.0 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Demo: http://checklistdemo.joomplace.com/ Version: 1.1.0 Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/03 12:0 a.m.112 views

Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' SQL Injection

Exploit Title: Joomla! Component Survey Force Deluxe 3.2.4 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/surveys/survey-force-deluxe/ Demo:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/02 12:0 a.m.107 views

IBM Notes 8.5.x/9.0.x - Denial of Service

Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: https://www-01.ibm.com/support/docview.wss?uid=swg24037141 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-1129...

6.5CVSS6.5AI score0.30074EPSS
Exploits11
Exploit DB
Exploit DB
added 2017/09/02 12:0 a.m.139 views

Lotus Notes Diagnostic Tool 8.5/9.0 - Local Privilege Escalation

Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor CVE URL: http://www-01.ibm.com/support/docview.wss?uid=swg2170002...

7.2CVSS6.6AI score0.01118EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/09/01 12:0 a.m.46 views

WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting

Exploit Title: Wordpress Plugin Participants Database 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link: https://wordpress.org/plugins/participants-database/ Version: 1.7.5.9...

6.1CVSS6.3AI score0.02302EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/09/01 12:0 a.m.461 views

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass

Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...

9.3CVSS7.8AI score0.09465EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/09/01 12:0 a.m.36 views

OpenJPEG - 'mqc.c' Heap Buffer Overflow

DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. TESTED VERSION Master version of OpenJPEG 805972f,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.31 views

IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If...

6.5CVSS7.4AI score0.30074EPSS
Exploits11
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.51 views

Sitefinity CMS 9.2 - Cross-Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description ------------------ Progress® Sitefinity™ is a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.50 views

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection

Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ Software Link: Version: 1.0.6 Tested on: Linux CVE : CVE-2016-1000124 Advisory:...

9.8CVSS9.7AI score0.0255EPSS
Exploits9
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.52 views

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection

Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/ Software Link: Version: 1.0.9 Tested on: Linux CVE :...

9.8CVSS9.6AI score0.03629EPSS
Exploits9
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.62 views

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection

Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-catalog/ Software Link: Version: 1.0.7 Tested on: Linux CVE : CVE-2016-1000125 Advisory:...

9.8CVSS9.7AI score0.02495EPSS
Exploits8
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.32 views

IBM Notes 8.5.x/9.0.x - Denial of Service (2)

Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: http://www-01.ibm.com/support/docview.wss?uid=swg21999384 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-1130...

6.5CVSS6.5AI score0.29222EPSS
Exploits10
Exploit DB
Exploit DB
added 2017/08/31 12:0 a.m.113 views

Git < 2.7.5 - Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...

8.8CVSS8.5AI score0.77823EPSS
Exploits9
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.51 views

Linux/x86 - Fork Bomb Shellcode (9 bytes)

Linux/x86 - Fork Bomb Shellcode 9 bytes. Shellcode exploit for Linx86 platform / ;Title: Linux/x86 - Fork Bomb Shellcode ; Author: Touhid M.Shaikh ; Contact: https://github.com/touhidshaikh ; Category: Shellcode ; Architecture: Linux x86 ; Description: This shellcode may crash ur system if execut...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.47 views

Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery

Exploit Title: CSRF Date: Wed, Aug 30, 2017 Software Link: https://www.metasploit.com/ Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-15084 R7-2017-22 Category: Metasploit Pro, Express, Ultimate, and Community 1...

6.5CVSS6.5AI score0.0149EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.86 views

Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)

======================================================== Invoice Manager v3.1 Cross site request forgery Add Admin Description : Invoice Manager v3.1 is vulnerable to CSRF attack No CSRF token in place which if an admin user can be tricked to visit a crafted URL created by attacker via spear...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.18 views

PHP-SecureArea < 2.7 - Multiple Vulnerabilities

Exploit Title: PHP-SecureArea = v2.7 - SQL Injection Date: 30-08-2017 Exploit Author: Cryo Contact: https://twitter.com/KernelEquinox Vendor Homepage: https://www.withinweb.com Software Link: https://www.withinweb.com/phpsecurearea/ Version: 2.7 and below Tested on: Windows, Linux, Mac OS X 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.42 views

Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection

Exploit Title: Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection Dork: N/A Date: 30.08.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/ Demo:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.53 views

Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC)

Exploit Title: Joomla! Component Joomanager 2.0.0 - Arbitrary File Download Dork: N/A Date: 30.08.2017 Vendor Homepage: http://www.joomanager.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/joomanager/ Demo:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/30 12:0 a.m.158 views

Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service

Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection with no...

5.3CVSS7.8AI score0.16181EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/08/29 12:0 a.m.52 views

Brickcom IP Camera - Credentials Disclosure

Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af, OB-500Af Remotely Exploitable: Yes...

7.4AI score
Exploits0
Total number of security vulnerabilities47904