Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.191 views

Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

Exploit Title: Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References Source: https://www.vulnerability-lab.com/getcontent.php?id=2278 Release Date: 2023-07-04 Vulnerability Laboratory ID VL-ID: 2278 Common Vulnerability Scoring System: 5.4 Product & Service Introduction:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.303 views

Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection

Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Date: 07/2023 Exploit Author: Ansh Jain @sudoark Author Contact : [email protected] Vendor Homepage: https://www.wifi-soft.com/ Software Link:...

9.8CVSS9.7AI score0.02084EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.366 views

pfSense v2.7.0 - OS Command Injection

Exploit Title: pfSense v2.7.0 - OS Command Injection Exploit Author: Emir Polat CVE-ID : CVE-2023-27253 class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of...

8.8CVSS9.2AI score0.90655EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/20 12:0 a.m.380 views

Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.

Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. Author: nu11secur1ty Date: 07.18.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference: https://portswigger.net/web-security/access-control...

7.8CVSS8.2AI score0.0206EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.291 views

TP-Link TL-WR740N - Authenticated Directory Transversal

Exploit Title: TP-Link TL-WR740N - Authenticated Directory Transversal Date: 13/7/2023 Exploit Author: Anish Feroz Zeroxinn Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.250 views

Online Piggery Management System v1.0 - unauthenticated file upload vulnerability

!/bin/bash Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability Date: July 12 2023 Exploit Author: 1337kid Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html Version: 1.0 Tested on: Ubuntu CVE :...

9.8CVSS9.7AI score0.23311EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.297 views

Blackcat Cms v1.4 - Stored XSS

Exploit Title: Blackcat Cms v1.4 - Stored XSS Application: blackcat Cms Version: v1.4 Bugs: Stored XSS Technology: PHP Vendor URL: https://blackcat-cms.org/ Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Date of found: 13.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.181 views

Statamic 4.7.0 - File-Inclusion

Title: Statamic 4.7.0 - File-Inclusion Author: nu11secur1ty Date: 07.13.2023 Vendor: https://statamic.com/ Software: https://demo.statamic.com/ Reference: https://portswigger.net/web-security/file-upload Description: The statamic-4.7.0 suffers from file inclusion - file upload vulnerability. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.278 views

CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)

Exploit Title: CmsMadeSimple v2.2.17 - Remote Code Execution RCE Application: CmsMadeSimple Version: v2.2.17 Bugs: Remote Code ExecutionRCE Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.246 views

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...

9.8CVSS9.7AI score0.49858EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.276 views

ABB FlowX v4.00 - Exposure of Sensitive Information

Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information Date: 2023-03-31 Exploit Author: Paul Smith Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series Version: ABB Flow-X all versions before V4.00 Tested on: Kali Linux CVE:...

5.3CVSS5.4AI score0.0388EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.315 views

Blackcat Cms v1.4 - Remote Code Execution (RCE)

Exploit Title: Blackcat Cms v1.4 - Remote Code Execution RCE Application: blackcat Cms Version: v1.4 Bugs: RCE Technology: PHP Vendor URL: https://blackcat-cms.org/ Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Date of found: 13.07.2023 Author: Mirabbas Ağalarov Tested on: Lin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.275 views

CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.308 views

Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.240 views

CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)

Exploit Title: CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting XSS Application: CmsMadeSimple Version: v2.2.17 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author: Mirabbas...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.262 views

Vaidya-Mitra 1.0 - Multiple SQLi

Title: Vaidya-Mitra 1.0 - Multiple SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.285 views

Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration)

Exploit Title: Joomla! combooking component 2.4.9 - Information Leak Account enumeration Google Dork: inurl:"index.php?option=combooking" Date: 07/12/2023 Exploit Author: qw3rTyTy Vendor Homepage: http://www.artio.net/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.243 views

phpfm v1.7.9 - Authentication type juggling

Exploit Title: phpfm v1.7.9 - Authentication type juggling Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.dulldusk.com/phpfm/ Software Link: https://github.com/dulldusk/phpfm/ Version: 1.6.1-1.7.9 Tested on: Ubuntu 22.04 CVE : N/A """ An authentication bypass exists in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/19 12:0 a.m.228 views

PimpMyLog v1.7.14 - Improper access control

Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.426 views

XAMPP 8.2.4 - Unquoted Path

Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.321 views

Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass

Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Date: 08/21/2019 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...

10CVSS8.3AI score0.75863EPSS
Exploits14
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.271 views

ProjeQtOr Project Management System v10.4.1 - Multiple XSS

Exploit Title: ProjeQtOr Project Management System V10.4.1 - Multiple XSS Version: V10.4.1 Bugs: Multiple XSS Technology: PHP Vendor URL: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV10.4.1.zip/download Date of found: 09.07.2023 Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.301 views

WinterCMS < 1.2.3 - Persistent Cross-Site Scripting

Exploit Title: WinterCMS alertdocument.cookie; //Post Request...

4.8CVSS5.1AI score0.027EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.988 views

Pluck v4.7.18 - Remote Code Execution (RCE)

Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.306 views

Admidio v4.2.10 - Remote Code Execution (RCE)

Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.391 views

News Portal v4.0 - SQL Injection (Unauthorized)

Exploit Title: News Portal v4.0 - SQL Injection Unauthorized Date: 09/07/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/c Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/15 12:0 a.m.351 views

Icinga Web 2.10 - Authenticated Remote Code Execution

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Authenticated Remote Code Execution Date: 8/07/2023 Exploit Author: Dante CoronaAka. cxdxnt Software Link: https://github.com/Icinga/icingaweb2 Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version:...

8.8CVSS8.7AI score0.1467EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.224 views

Spring Cloud 3.2.2 - Remote Command Execution (RCE)

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

9.8CVSS7AI score0.99939EPSS
Exploits36
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.230 views

Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.192 views

MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTAgentService"

Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.245 views

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.290 views

Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"

Exploit Title: Game Jackal Server v5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.allradiosoft.ru Software Link: https://www.allradiosoft.ru/en/ss/index.htm Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36166 PoC C:\Userswmic...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.325 views

AVG Anti Spyware 7.5 - Unquoted Service Path "AVG Anti-Spyware Guard"

Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.avg.com Software Link: https://www.avg.com/en-ww/homepagepc Version: 7.5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36167 PoC C:\Userswmic service get...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.214 views

Ateme TITAN File 3.9 - SSRF File Enumeration

Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.291 views

MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService"

Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...

6.7AI score
Exploits3
Exploit DB
Exploit DB
added 2023/07/11 12:0 a.m.309 views

BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)

Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code...

6.1CVSS6.4AI score0.04126EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/07/07 12:0 a.m.374 views

Faculty Evaluation System v1.0 - SQL Injection

Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/07 12:0 a.m.616 views

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

Title: Microsoft Outlook Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit - Remote Code Execution Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference:...

8.8CVSS8.7AI score0.05718EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/07/07 12:0 a.m.428 views

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Author: nu11secur1ty Date: 01.14.2022 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264 Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-219...

10CVSS9.8AI score0.9279EPSS
Exploits21
Exploit DB
Exploit DB
added 2023/07/06 12:0 a.m.337 views

Lost and Found Information System v1.0 - SQL Injection

Exploit Title: Lost and Found Information System v1.0 - SQL Injection Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /php-lfis/admin/?page=systeminfo/contactinformation Tested on: Windows/Linux CVE : CVE-2023-33592 import requests URL of the...

9.8CVSS9.7AI score0.03832EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/07/06 12:0 a.m.242 views

Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure

Title:Microsoft Edge 114.0.1823.67 64-bit - Information Disclosure Author: nu11secur1ty Date: 07.06.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415 Reference: https://portswigger.net/web-security/information-disclosure,...

6.5CVSS7.1AI score0.08619EPSS
Exploits1
Exploit DB
Exploit DB
added 2023/07/06 12:0 a.m.323 views

Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Date: 05-07-2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/06 12:0 a.m.297 views

Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Piwigo v13.7.0 - Stored Cross-Site Scripting XSS Authenticated Date: 25 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://piwigo.org Version: 13.7.0 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with any user...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/04 12:0 a.m.193 views

Beauty Salon Management System v1.0 - SQLi

Exploit Title: Beauty Salon Management System v1.0 - SQLi Date of found: 04/07/2023 Exploit Author: Fatih Nacar Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/ CWE:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/04 12:0 a.m.185 views

Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

Exploit Title: Car Rental Script 1.8 - Stored Cross-site scripting XSS Date: 30/07/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/car-rental-php-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.168 views

D-Link DAP-1325 - Broken Access Control

Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.220 views

WebsiteBaker v2.13.3 - Directory Traversal

Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal Application: WebsiteBaker Version: 2.13.3 Bugs: Directory Traversal Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.406 views

WBCE CMS 1.6.1 - Open Redirect & CSRF

Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.180 views

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Date: 29/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.200 views

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Application: PodcastGenerator Version: v3.2.9 Bugs: Blind SSRF via XML Injection Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found:...

7AI score
Exploits0
Total number of security vulnerabilities47904