Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.476 views

soosyze 2.0.0 - File Upload

Title: soosyze 2.0.0 - File Upload Author: nu11secur1ty Date: 04.26.2023-08.28.2023 Vendor: https://soosyze.com/ Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 Reference: https://portswigger.net/web-security/file-upload Description: Broken file upload logic. The malicious user ca...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.533 views

Hyip Rio 2.1 - Arbitrary File Upload

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 30/07/2023 Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Version: 2.1 Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE:...

5.4CVSS5.6AI score0.01131EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.355 views

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

6.1CVSS6.3AI score0.48533EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.383 views

Ivanti Avalanche <v6.4.0.0 - Remote Code Execution

""" Exploit Title: Ivanti Avalanche IIIss'.formatself.namesize, self.valuesize, self.type, self.namesize, self.valuesize, self.name, self.value Create a header structure class HP: def initself, hdr, payload: self.hdr = hdr self.payload = payload self.pad = b'\x00' 16 - lenself.hdr + lenself.paylo...

9.8CVSS9.8AI score0.98919EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.374 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' Date: 2023/08/18 CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS...

5.4CVSS5.8AI score0.00468EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.681 views

AdminLTE PiHole 5.18 - Broken Access Control

Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...

5.3CVSS5.5AI score0.40162EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.324 views

Academy LMS 6.1 - Arbitrary File Upload

Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Date: 05/08/2023 Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Version: 6.1 Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CW...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.409 views

NVClient v5.0 - Stack Buffer Overflow (DoS)

Exploit Title: NVClient v5.0 - Stack Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Discovered Date: 2023-08-19 Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar Software Manual:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.422 views

Blood Donor Management System v1.0 - Stored XSS

Exploit Title: Blood Donor Management System v1.0 - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.443 views

Credit Lite 1.5.4 - SQL Injection

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Date: 31/07/2023 Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Version: 1.5.4 Tested on: Windows 10 Pro Impact:...

9.8CVSS9.7AI score0.01073EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.398 views

CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...

6.1CVSS6.4AI score0.00436EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.405 views

Bus Reservation System 1.1 - Multiple-SQLi

Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Date: 08/26/2023 Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.364 views

Kingo ROOT 1.5.8 - Unquoted Service Path

Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.393 views

Member Login Script 3.3 - Client-side desync

Title: Member Login Script 3.3 - Client-side desync Author: nu11secur1ty Date: 08/25/2023 Vendor: https://www.phpjabbers.com/ Reference: https://portswigger.net/web-security/request-smuggling/browser/client-side-desync Description: The server appears to be vulnerable to client-side desync attacks...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.369 views

DLINK DPH-400SE - Exposure of Sensitive Information

Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Date : 25-08-2023 Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.377 views

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.368 views

FileMage Gateway 1.10.9 - Local File Inclusion

Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Date: 8/22/2023 Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...

7.5CVSS7.6AI score0.10562EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/04 12:0 a.m.351 views

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

Exploit Title: WP Statistics Plugin = 13.1.5 currentpageid - Time based SQL injection Unauthenticated Date: 13/02/2022 Exploit Author: psychoSherlock Vendor Homepage: https://wp-statistics.com/ Software Link: https://downloads.wordpress.org/plugin/wp-statistics.13.1.5.zip Version: 13.1.5 and prio...

9.8CVSS8.8AI score0.8093EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/24 12:0 a.m.409 views

Uvdesk 1.1.4 - Stored XSS (Authenticated)

Exploit Title: Uvdesk 1.1.4 - Stored XSS Authenticated Date: 14/08/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.uvdesk.com/ Software Link: https://github.com/MegaTKC/AeroCMS Version: 1.1.4 Testeted on: Windows 10 using XAMPP,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/24 12:0 a.m.423 views

User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/24 12:0 a.m.356 views

User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection Unauthenticated Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.263 views

EuroTel ETL3100 - Transmitter Default Credentials

Exploit Title: EuroTel ETL3100 Transmitter Default Credentials Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.360 views

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...

9.8CVSS9.7AI score0.02884EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.329 views

Global - Multi School Management System Express v1.0- SQL Injection

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.285 views

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Date: 09/08/2023 Exploit Author: Kerimcan Ozturk Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/business-directory-script/ Version: 3.2 Tested on: Windows 10 Pro Description...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.416 views

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...

9.8CVSS7AI score0.01932EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.464 views

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.339 views

Dolibarr Version 17.0.1 - Stored XSS

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.257 views

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.299 views

Taskhub CRM Tool 2.8.6 - SQL Injection

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.347 views

Color Prediction Game v1.0 - SQL Injection

Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.317 views

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

7.8CVSS7.7AI score0.00823EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.290 views

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

9.8CVSS9.8AI score0.02849EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.279 views

EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Exploit Title: EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.336 views

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Exploit Title: Crypto Currency Tracker CCT 9.5 - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register...

9.8CVSS9.7AI score0.03564EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.1180 views

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if lensys.argv != 4:...

6.5AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.614 views

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery SSRF Exploit Author: Iyaad Luqman K init6 Application: Request-Baskets v1.2.1 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC !/bin/bash if "$" -lt 2 || "$1" = "-h" || "$1" = "--help" ; then help="Usage: exploit.sh \n\n";...

6.5CVSS6.5AI score0.06976EPSS
Exploits29
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.2118 views

systemd 246 - Local Privilege Escalation

Exploit Title: systemd 246 - Local Privilege Escalation Exploit Author: Iyaad Luqman K init6 Application: systemd 246 Tested on: Ubuntu 22.04 CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the systemctl status command can be run as root user. Th...

7.8CVSS7.8AI score0.01051EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.597 views

TP-Link Archer AX21 - Unauthenticated Command Injection

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

8.8CVSS9AI score0.99999EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/08/10 12:0 a.m.404 views

OutSystems Service Studio 11.53.30 - DLL Hijacking

Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability...

7.8CVSS7.8AI score0.01135EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.319 views

Emagic Data Center Management Suite v6.0 - OS Command Injection

!/bin/bash Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Date: 03-08-2023 Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" ech...

8.8CVSS8.9AI score0.24029EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.312 views

mooSocial 3.1.8 - Reflected XSS

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173...

6.1CVSS6.3AI score0.03336EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.330 views

Social-Commerce 3.1.6 - Reflected XSS

Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Version: 3.1.6 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

6.1CVSS6.3AI score0.05271EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.394 views

Lucee 5.4.2.17 - Authenticated Reflected XSS

Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS Google Dork: NA Date: 05/08/2023 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.388 views

PHPJabbers Vacation Rental Script 4.0 - CSRF

Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF Date: 05/08/2023 Exploit Author: Hasan Ali YILDIR Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/vacation-rental-script/ Version: 4.0 Tested on: Windows 10 Pro Description The attacker can send to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.339 views

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...

9.8CVSS9.6AI score0.4111EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.313 views

Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure

Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 25/07/2023 Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Version: 2.14.0 Teste...

7.5CVSS7.6AI score0.36205EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.364 views

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload Date: 3-8-2023 Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE: CVE-2023-39115 Description: ---------------- An arbitrary file upload...

9.8CVSS9.7AI score0.04623EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.264 views

WordPress adivaha Travel Plugin 2.3 - SQL Injection

Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.365 views

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks...

5.3CVSS5.3AI score0.42674EPSS
Exploits5
Total number of security vulnerabilities47904