Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.382 views

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.530 views

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

9.8CVSS9.8AI score0.93546EPSS
Exploits25
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.312 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.405 views

Academy LMS 6.2 - Reflected XSS

Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...

6.1CVSS7.1AI score0.01835EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.265 views

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Vendor: Royal Apps GmbH Web page: https://www.royalapps.com Affected version: 6.0.1.1000 macOS Summary: Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems with different protocols...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.484 views

Proxmox VE - TOTP Brute Force

Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...

8.8CVSS8.9AI score0.0099EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.286 views

Grocy <=4.0.2 - CSRF

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...

8.8CVSS8.9AI score0.00375EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.285 views

101 News 1.0 - Multiple-SQLi

Title: 101 News-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/16/2023 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The searchtitle...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.316 views

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5 may be others. Tested On Version: 2.5 in ZTE AC3630...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.381 views

Academy LMS 6.2 - SQL Injection

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 /...

9.8CVSS9.7AI score0.04886EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.221 views

Ricoh Printer - Directory and File Exposure

Exploit Title: Ricoh Printer Directory and File Exposure Date: 9/15/2023 Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Rico...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.295 views

Typora v1.7.4 - OS Command Injection

Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 13.09.2023 Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.243 views

Fundraising Script 1.0 - SQLi

Title: Fundraising Script-1.0 SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/fundraising-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The cid parameter appears to be vulnerable to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.302 views

PHP Shopping Cart 4.2 - Multiple-SQLi

Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to b...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.328 views

Equipment Rental Script-1.0 - SQLi

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.288 views

Blood Bank & Donor Management System using v2.2 - Stored XSS

Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS Application: Blood Donor Management System Version: v2.2 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.268 views

Bank Locker Management System - SQL Injection

Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Date: 12.09.2023 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/01/29 12:0 a.m.288 views

7 Sticky Notes v1.9 - OS Command Injection

Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 12.09.2023 Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Serve...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.366 views

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Date: 2023-09-04 Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| |...

7.5CVSS7.6AI score0.03495EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.361 views

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Denial Of Service Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.380 views

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.366 views

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

--------------------------------------------------------- Title: Microsoft Windows 11 - 'apds.dll' DLL hijacking Forced Date: 2023-09-01 Author: Moein Shahabi Vendor: https://www.microsoft.com Version: Windows 11 Pro 10.0.22621 Tested on: Windows 11x64 eng...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.438 views

Media Library Assistant Wordpress Plugin - RCE and LFI

Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI Date: 2023/09/05 CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...

9.8CVSS9.8AI score0.82585EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.409 views

Minio 2022-07-29T19-40-48Z - Path traversal

Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal Date: 2023-09-02 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding 2022-07-29T19-40-48Z Tested on: Windows 10 CVE : CVE-2022-35919 Required before executio...

7.4CVSS5.9AI score0.52334EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.302 views

Coppermine Gallery 1.6.25 - RCE

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.437 views

Clcknshop 1.0.0 - SQL Injection

Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Version: 1.0.0 Tested on: Window...

9.8CVSS9.9AI score0.45639EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.401 views

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

!/bin/bash : " Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Admin Password Change Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.451 views

GLPI GZIP(Py3) 9.4.5 - RCE

!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...

9CVSS9AI score0.10949EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.381 views

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.348 views

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Title: Shuttle-Booking-Software v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 09/10/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.322 views

Atcom 2.7.x.x - Authenticated Command Injection

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Google Dork: N/A Date: 07/09/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.519 views

Splunk 9.0.5 - admin account take over

!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...

8.8CVSS7AI score0.73537EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.340 views

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Date: 2023-09-05 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.351 views

Webedition CMS v2.9.8.8 - Blind SSRF

Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF Application: Webedition CMS Version: v2.9.8.8 Bugs: Blind SSRF Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 07.09.2023 Author: Mirabbas...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.411 views

Cacti 1.2.24 - Authenticated command injection when using SNMP options

Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options Date: 2023-07-03 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/info/downloads Version: Cacti 1.2.24 Tested on: Cacti 1.2.24 installed on...

7.2CVSS8.6AI score0.82186EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.417 views

BoidCMS v2.0.0 - authenticated file upload vulnerability

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

8.8CVSS7AI score0.69003EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.439 views

Limo Booking Software v1.0 - CORS

Title: Limo Booking Software v1.0 - CORS Author: nu11secur1ty Date: 09/08/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/limo-booking-software/sectionDemo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.303 views

OpenPLC WebServer 3 - Denial of Service

Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.340 views

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

!/usr/bin/env python Exploit Title: Tinycontrol LAN Controller v3 LK3 - Remote Credentials Extraction Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.355 views

Online ID Generator 1.0 - Remote Code Execution (RCE)

Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.399 views

GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.397 views

Wp2Fac - OS Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.474 views

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.502 views

Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Google Dork: N/A Date: 25/08/2023 Exploit Author: The Security Team exploitsecurity.io Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 Software...

7.5CVSS7AI score0.02548EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.393 views

Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

Title: Jorani v1.0.3-c2014-2023 - XSS Reflected & Information Disclosure Author: nu11secur1ty Date: 08/27/2023 Vendor: https://jorani.org/ Software: https://demo.jorani.org/session/login Reference: https://portswigger.net/web-security/cross-site-scripting Reference:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.483 views

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...

6.1CVSS6.5AI score0.02027EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.454 views

GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.452 views

SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-8...

9.8CVSS9.7AI score0.20112EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.437 views

Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS

Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xh...

6.1CVSS6.3AI score0.52088EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.436 views

SyncBreeze 15.2.24 - 'login' Denial of Service

Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service Date: 30/08/2023 Exploit Author: mohamed youssef Vendor Homepage: https://www.syncbreeze.com/ Software Link: https://www.syncbreeze.com/setups/syncbreezesetupv15.4.32.exe Version: 15.2.24 Tested on: windows 10 64-bit import socket impor...

7.4AI score
Exploits0
Total number of security vulnerabilities47904