Lucene search
+L
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.43 views

Crypttech CryptoLog - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql injection and command injection vulnerability of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.32 views

LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1102 In both of the following functions mkvparser::AudioTrack::AudioTrackmkvparser::Segment, mkvparser::Track::Info const&, long long, long long mkvparser::VideoTrack::VideoTrackmkvparser::Segment, mkvparser::Track::Info const&, lo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.68 views

I, Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: =4.6 & 4.7 fixed version: 4.8 CVE number: - impact: Critical homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.27 views

LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 Failure to initialise pointers in mkvparser::Tracks constructor The constructor mkvparser::Tracks::Tracks doesn't handle parsing failures correctly. If we look at the function, it makes allocations in two places; the first whe...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.32 views

Personify360 7.5.2/7.6.1 - Improper Access Restrictions

Exploit Title: Access and read and create vendor / API credentials in plaintext Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE : CVE-2017-7312 Category: webapps 1. Description Any website visito...

9.8CVSS9.7AI score0.02975EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.61 views

wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One

TALOS-2017-0293 WOLFSSL LIBRARY X509 CERTIFICATE TEXT PARSING CODE EXECUTION VULNERABILITY MAY 8, 2017 CVE-2017-2800 SUMMARY An exploitable off-by-one write vulnerability exists in the x509 certificate parsing functionality of wolfSSL library versions up to 3.10.2. A specially crafted x509...

9.8CVSS9AI score0.0853EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.42 views

LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1124 There are multiple paths in mkvparser::Block::Block... that result in heap buffer overflows. See attached for sample files that trigger the overflow conditions - these will not reliably crash the process, since the overflows a...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.49 views

Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)

Linux/x86-64 - Reverse Shell Shellcode IPv6 113 bytes. Shellcode exploit for Linx86-64 platform BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.38 views

Linux/x86 - Disable ASLR Shellcode (80 bytes)

Linux/x86 - Disable ASLR Shellcode 80 bytes. Shellcode exploit for Linx86 platform / Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ;...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.37 views

MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)

!/usr/bin/python Exploit Title : MediaCoder 0.8.48.5888 Local Buffer Overflow SEH CVE : CVE-2017-8869 Exploit Author : Muhann4d @0xSecured Vendor Homepage : http://www.mediacoderhq.com Vulnerable Software: http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.48.5888.exe Vulnerable Version...

7.8CVSS7.7AI score0.15892EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.32 views

Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH)

Exploit Title: Gemalto SmartDiag Diagnosis Tool = v2.5 - Buffer Overflow - SEH Overwrite Date: 16-03-2017 Software Link: http://support.gemalto.com/index.php?id=downloadtools Exploit Author: Majid Alqabandi Contact: https://www.linkedin.com/in/majidalqabandi/ CVE: CVE-2017-6953 Category: Local -...

7.8CVSS7.7AI score0.01252EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.55 views

Xen 64bit PV Guest - pagetable use-after-type-change Breakout

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1231 This is a bug in Xen that permits an attacker with control over the kernel of a 64bit X86 PV guest to write arbitrary entries into a live top-level pagetable. To prevent PV guests from doing things like mapping live pagetables...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.137 views

RPCBind / libtirpc - Denial of Service

!/usr/bin/ruby Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb By Guido Vranken https://guidovranken.wordpress.com/ Thanks to Sean Verity for writing an exploit in Ruby for an earlier vulnerability:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/05 12:0 a.m.31 views

Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure

Exploit title: Sitecore CMS v8.2 multiple vulnerabilities Product: Sitecore Version: 8.2, Rev: 161221, Date: 21st December, 2016 Date: 05-05-2017 Author: Usman Saeed Email: [email protected] Vendor Homepage: http://www.sitecore.net/ Disclaimer: Everything mentioned below is for educational puposes...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/05 12:0 a.m.71 views

Technicolor DPC3928SL - SNMP Authentication Bypass

!/usr/bin/python -- coding: utf-8 -- StringBleed - CVE-2017-5135 author = "Nixawk" funcs = 'generatesnmpcommunitystr', 'generatesnmpprotopayload', 'sendsnmprequest', 'readsnmpcommunitystr', 'readsnmpvarbindstr', 'snmplogin', 'snmpstringbleed' import struct import uuid import socket import time...

9.1CVSS9.4AI score0.17534EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/05/05 12:0 a.m.43 views

WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection

Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software: WordPress WebDorado Gallery Plugin Software Language...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/05 12:0 a.m.272 views

CloudBees Jenkins 2.32.1 - Java Deserialization

Source: https://blogs.securiteam.com/index.php/archives/3171 Vulnerability Details Jenkins is vulnerable to a Java deserialization vulnerability. In order to trigger the vulnerability two requests need to be sent. The vulnerability can be found in the implementation of a bidirectional communicati...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/05 12:0 a.m.57 views

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities

CVE-2017-6086 Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL licen...

8.8CVSS8.8AI score0.01998EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/04 12:0 a.m.87 views

Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free

function makecompiledfunction function targetx return x5 + x - xx; // Call only once so that function gets compiled with low level interpreter // but none of the optimizing JITs target0; return target; function pwn var haxs = new Array0x100; for var i = 0; i 0x100; ++i haxsi = new Uint8Array0x100...

8.8CVSS8.2AI score0.08038EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.55 views

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change

!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream you...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.76 views

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution

!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.49 views

Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free

body background-color:black; font-color:red; ; / Exploit Title: Internet Explorer 11 CMarkup::DestroySplayTree Use-After-Free Google Dork: n/a Date: 03.05.2017 Exploit Author: Marcin Ressel TT: @resselm Vendor Homepage: www.microsoft.com Software Link: n/a Version: 11.0.9600.18638 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.56 views

Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation

Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO Summary: Serviio is a free media server. It allows you to stream your media files music, video or images to renderer...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.267 views

WordPress Core 4.6 - Remote Code Execution

!/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // WordPress 4.6 - Remote Code Execution RCE PoC Exploit CVE-2016-10033 wordpress-rce-exploit.sh ver. 1.0 Discovered and coded by Dawid Golunski @dawidgolunski...

9.8CVSS7AI score0.99714EPSS
Exploits58
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.53 views

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure

!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.1247 views

WordPress Core < 4.7.4 - Unauthorized Password Reset

============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High ============================================= Source:...

5.9CVSS6.2AI score0.26699EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/05/02 12:0 a.m.30 views

Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion

Exploit Title: Zyxel P-660HW-61 3.40PE.11C0 - Local File Inclusion Date: 2-05-2017 Exploit Author: ReverseBrain Contact: https://www.twitter.com/ReverseBrain Vendor Homepage: https://www.zyxel.com Software Link: ftp://ftp.zyxel.com/P-660HW-61/firmware/P-660HW-613.40PE.11C0.zip Version: 3.40PE.11C...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/02 12:0 a.m.148 views

Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ghostscript Type Confusion Arbitrary Command Execution', 'Description' = %q This module exploits a type confusion vulnerability in Ghostscript tha...

7.8CVSS8.2AI score0.96968EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/05/02 12:0 a.m.254 views

Dahua Generation 2/3 - Backdoor Access

!/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua / OEM units, where...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/01 12:0 a.m.214 views

MySQL < 5.6.35 / < 5.7.17 - Integer Overflow

''' Source: https://raw.githubusercontent.com/SECFORCE/CVE-2017-3599/master/cve-2017-3599poc.py Exploit Title: Remote MySQL DOS Integer Overflow Google Dork: N/A Date: 13th April 2017 Exploit Author: Rodrigo Marcos Vendor Homepage: https://www.mysql.com/ Software Link:...

7.8CVSS7AI score0.89924EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/05/01 12:0 a.m.57 views

Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection

Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and collaborate on software projects. Tuleap helps development...

9CVSS8.8AI score0.16125EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/01 12:0 a.m.39 views

HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation

Source: https://www.securify.nl/advisory/SFY20170402/multiplelocalprivilegeescalationvulnerabilitiesinhidemyassprovpnclientv2xforosx.html Abstract Multiple local privilege escalation vulnerabilities were found in the helper binary HMAHelper that ships with HideMyAss Pro VPN for OS X. The helper i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/01 12:0 a.m.43 views

HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation

Source: https://www.securify.nl/advisory/SFY20170408/localprivilegeescalationvulnerabilityinhidemyassprovpnclientv3xformacos.html Abstract A local privilege escalation vulnerability has been found in the helper binary com.privax.hmaprovpn.helper that ships with HideMyAss Pro VPN v3.3.0.3 for macO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/01 12:0 a.m.66 views

Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities

''' Security Issues in Alerton Webtalk ================================== Introduction ------------ Vulnerabilities were identified in the Alerton Webtalk Software supplied by Alerton. This software is used for the management of building automation systems. These were discovered during a black bo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/30 12:0 a.m.78 views

Emby MediaServer 3.2.5 - Directory Traversal

Emby MediaServer 3.2.5 Directory Traversal File Disclosure Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/30 12:0 a.m.54 views

Emby MediaServer 3.2.5 - Password Reset

Emby MediaServer 3.2.5 Password Reset Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/30 12:0 a.m.62 views

Emby MediaServer 3.2.5 - SQL Injection

Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/29 12:0 a.m.41 views

IrfanView 4.44 - Denial of Service

Exploit Title: Irfanview - OtherExtensions Input Overflow Date: 29-04-2017 Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button Exploit Author: Dreivan Orprecio Version: Irfanview 4.44 Irfanview is vulnerable to overflow in "OtherExtensions" input field Debugging Machine...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/29 12:0 a.m.48 views

Panda Free Antivirus - 'PSKMAD.sys' Denial of Service

/ Exploit Title: Panda Cloud Antivirus Free - 'PSKMAD.sys' - BSoD - denial of service Date: 2017-04-29 Exploit Author: Peter baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/28 12:0 a.m.33 views

Admidio 3.2.8 - Cross-Site Request Forgery

Exploit Title :Admidio 3.2.8 CSRF to Delete Users Date: 28/April/2017 Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website: http://provensec.com/ Vendor Homepage: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Version: 3.2.8 Tested on: Windows 10 Xamp...

4.5CVSS4.7AI score0.02626EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/04/27 12:0 a.m.45 views

Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mercurial Custom hg-ssh Wrapper Remote Code Exec", 'Description' = %q This module takes advantage of custom hg-ssh wrapper implementations that...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/27 12:0 a.m.42 views

Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption

details transition-duration: 61s; function go document.fgColor = "foo"; m.setAttribute"foo", "bar"; document.head.innerHTML = "a"; aaaaaaaaaaaaa !-- =========================================================== The crash happens in CStyleSheetArray::BuildListOfMatchedRules while attempting to read...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/27 12:0 a.m.72 views

TYPO3 Extension News - SQL Injection

Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3 TYPO3 News Module SQL Injection...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/27 12:0 a.m.50 views

Easy File Uploader - Arbitrary File Upload

Exploit Title: Easy File Uploader - Arbitrary File Upload Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Tested on: GNU/Linux GREETZ: Rodrigo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/27 12:0 a.m.39 views

Simple File Uploader - Arbitrary File Download

Exploit Title: Simple File Uploader - Arbitrary File Download Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/simple-file-uploader-explorer-and-manager-php-based-secured-file-manager/18393053 Tested on: GNU/Linux...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/26 12:0 a.m.35 views

Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery

--------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website : https://www.revive-adserver.com/ Software download : https://www.revive-adserver.com/download/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/25 12:0 a.m.42 views

WordPress Plugin Wow Forms 2.1 - SQL Injection

Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website: https://tad.group Category: Web Application...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/25 12:0 a.m.123 views

OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution

''' CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server all versions Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Fix: not available PoC:...

8.8CVSS8.7AI score0.04232EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/04/25 12:0 a.m.47 views

WePresent WiPG-1000 - Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WePresent WiPG-1000 Command Injection', 'Description' = %q This module exploits a command injection vulnerability in an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/25 12:0 a.m.143 views

Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection

Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...

9.1CVSS9.3AI score0.15784EPSS
Exploits5
Total number of security vulnerabilities47904