Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.281 views

Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS

Exploit Title: Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.257 views

Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection

Exploit Title: Osprey Pump Controller 1.0.1 - userName Blind Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mira...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.259 views

craftercms 4.x.x - CORS

Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Date: 03.07.2023 Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.297 views

Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification

!/usr/bin/env python Exploit Title: Osprey Pump Controller v1.0.1 - Authentication Bypass Credentials Modification Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.291 views

Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...

8.8CVSS8.9AI score0.42326EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.238 views

EasyNas 1.1.0 - OS Command Injection

Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...

8.8CVSS7.5AI score0.20862EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.247 views

FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking

--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Date: 2023-02-14 Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.261 views

modoboa 2.0.4 - Admin TakeOver

/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...

9.8CVSS9.3AI score0.15088EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.268 views

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

Exploit Title: TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution RCE Date: 02.14.2023 Exploit Author: Andreas Finstad Vendor Homepage: https://titanftp.com/ Version: 2.0.1.2102 Tested on: Windows 2022 Server CVE : CVE-2023-22629 Exploit and description here: https://f20.be/blog/titanf...

8.8CVSS8.9AI score0.12322EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.253 views

LDAP Tool Box Self Service Password v1.5.2 - Account takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.250 views

Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection

Exploit Title: Osprey Pump Controller 1.0.1 - pseudonym Semi-blind Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/202...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.248 views

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Exploit Title: Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.353 views

Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

Exploit Title: Simple Food Ordering System v1.0 - Cross-Site Scripting XSS Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1...

5.4CVSS5.1AI score0.02693EPSS
Exploits9
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.255 views

flatnux 2021-03.25 - Remote Code Execution (Authenticated)

Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.263 views

Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure

Exploit Title: Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirag...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.243 views

Osprey Pump Controller 1.0.1 - Administrator Backdoor Access

Exploit Title: Osprey Pump Controller 1.0.1 - Administrator Backdoor Access Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.281 views

ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP...

7.2CVSS7AI score0.38722EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.256 views

Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

!-- Exploit Title: Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.271 views

Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)

Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task...

8.8CVSS7AI score0.01684EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.258 views

Employee Task Management System v1.0 - Broken Authentication

Exploit Title: Employee Task Management System v1.0 - Broken Authentication Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0905 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.5CVSS7.6AI score0.03189EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.304 views

Employee Task Management System v1.0 - SQL Injection on edit-task.php

Exploit Title: Employee Task Management System v1.0 - SQL Injection on edit-task.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Softwar...

8.8CVSS5.9AI score0.02693EPSS
Exploits10
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.255 views

Auto Dealer Management System v1.0 - SQL Injection on manage_user.php

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection on manageuser.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0915 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...

8.8CVSS8.9AI score0.01728EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.267 views

Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection in sellvehicle.php Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0913 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...

8.8CVSS8.9AI score0.01635EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.290 views

Auto Dealer Management System 1.0 - Broken Access Control Exploit

Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...

8.8CVSS7.6AI score0.03074EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.252 views

Music Gallery Site v1.0 - SQL Injection on page view_music_details.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page viewmusicdetails.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0961 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com...

9.8CVSS9.7AI score0.01883EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.254 views

ChurchCRM v4.5.3-121fcc1 - SQL Injection

Exploit Title: ChurchCRM v4.5.3-121fcc1 - SQL Injection Author: nu11secur1ty Date: 02.27.2023 Vendor: http://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.288 views

Music Gallery Site v1.0 - Broken Access Control

Exploit Title: Music Gallery Site v1.0 - Broken Access Control Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0963 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested on: Windows...

9.8CVSS7AI score0.0467EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.279 views

Music Gallery Site v1.0 - SQL Injection on page Master.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested...

8.8CVSS8.8AI score0.01741EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.252 views

Music Gallery Site v1.0 - SQL Injection on music_list.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on musiclist.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link:...

9.8CVSS6.9AI score0.01785EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.275 views

Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

8.8CVSS8.9AI score0.02266EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.251 views

POLR URL 2.3.0 - Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

9.3CVSS9.4AI score0.07164EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.263 views

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Date: 2022-01-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...

9.8CVSS9.7AI score0.20693EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.368 views

pdfkit v0.8.7.2 - Command Injection

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

9.8CVSS9.5AI score0.39389EPSS
Exploits11
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.244 views

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI

Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...

5.3CVSS5.3AI score0.45241EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.260 views

Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution RCE Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76...

8.8CVSS8.9AI score0.0454EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.246 views

Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection

Exploit Title: Osprey Pump Controller 1.0.1 - eventFileSelected Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.562 views

Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python Exploit Title: Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.284 views

Purchase Order Management-1.0 - Local File Inclusion

Title: Purchase Order Management-1.0 - Local File Inclusion Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.252 views

HospitalRun 1.0.0-beta - Local Root Exploit for macOS

Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.267 views

Unified Remote 3.13.0 - Remote Code Execution (RCE)

Exploit Title: Unified Remote 3.13.0 - Remote Code Execution RCE Google Dork: NA Date: 03/03/2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download/windows Version: 3.13.0 Current Tested on: Windows CVE : NA Due to the u...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.392 views

Apache Tomcat 10.1 - Denial Of Service

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...

7.5CVSS7AI score0.73139EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.165 views

PhotoShow 3.0 - Remote Code Execution

Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.227 views

Froxlor 2.0.3 Stable - Remote Code Execution (RCE)

!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...

8.8CVSS7.9AI score0.97653EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.169 views

Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)

Exploit Title: Provide Server v.14.4 XSS - CSRF & Remote Code Execution RCE Date: 2023-02-10 Exploit Author: Andreas Finstad Version: 14.4.1.29 Tested on: Windows Server 2022 CVE : CVE-2023-23286 POC: https://f20.be/blog/provide-server-14-4...

6.1CVSS6.6AI score0.02628EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.885 views

ImageMagick 7.1.0-49 - Arbitrary File Read

Exploit Title: ImageMagick 7.1.0-49 - Arbitrary File Read Google Dork: N/A Date: 06/02/2023 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/ Version: = 7.1.0-49 Tested on: 7.1.0-49 and 6.9.11-60 CVE : CVE-2022-44268 CVE...

6.5CVSS7AI score0.89855EPSS
Exploits28
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.207 views

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...

6.1CVSS6.6AI score0.02097EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.245 views

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

9.8CVSS9.6AI score0.99995EPSS
Exploits12
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.165 views

Answerdev 1.0.3 - Account Takeover

Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...

9.8CVSS9.6AI score0.06368EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.203 views

ERPNext 12.29 - Cross-Site Scripting (XSS)

Exploit Title: ERPNext 12.29 - Cross-Site Scripting XSS Date: 7 Feb 2023 Exploit Author: Patrick Dean Ramos / Nathu Nandwani / Junnair Manla Github - https://github.com/patrickdeanramos/CVE-2022-28598 Vendor Homepage: https://erpnext.com/ Version: 12.29 CVE-2022-28598 Summary: Stored cross-site...

6.1CVSS6.3AI score0.03195EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.156 views

BTCPay Server v1.7.4 - HTML Injection

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...

8.8CVSS7AI score0.07896EPSS
Exploits4
Total number of security vulnerabilities47904