Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.201 views

Yoga Class Registration System v1.0 - Multiple SQLi

Exploit Title: Yoga Class Registration System v1.0 - Multiple SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Software...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.167 views

ImpressCMS v1.4.3 - Authenticated SQL Injection

Exploit Title: Authenticated Sql Injection in ImpressCMS v1.4.3 Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26986 Confirmed on release 1.4.3, this vulnerability is patched in the version 1.4.4 and above... Vendor:...

8.5CVSS7AI score0.04146EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.139 views

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal

Exploit Title: Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Exploit Author: nu11secur1ty Date: 09.29.2022 Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.156 views

SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution

Exploit Title: SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 7th March 2022 CVE ID: CVE-2022-26982 Confirmed on release 2.1.1 Vendor: https://download.simplemachines.org/ Note- Once we insert the vulnerabl...

7.2CVSS7.1AI score0.09186EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.139 views

Password Manager for IIS v2.0 - XSS

Exploit Title: Password Manager for IIS v2.0 - XSS Exploit Author: VP4TR10T Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/ Software Link: http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when changing user password: POST...

6.1CVSS6.3AI score0.03767EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.224 views

System Mechanic v15.5.0.61 - Arbitrary Read/Write

/ Exploit Title: System Mechanic v15.5.0.61 - Arbitrary Read/Write Date: 26-09-2022 Exploit Author: Brandon Marshall Vendor Homepage: https://www.iolo.com/ Tested Version - System Mechanic version 15.5.0.61 Driver Version - 5.4.11 - amp.sys Tested on OS - 64 bit Windows 10 18362 Fixed Version -...

10CVSS9.6AI score0.18455EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.168 views

Employee Performance Evaluation System v1.0 - File Inclusion and RCE

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Date: 03.17.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/23 12:0 a.m.163 views

WorkOrder CMS 0.1.0 - SQL Injection

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/23 12:0 a.m.176 views

Bitbucket v7.0.0 - RCE

Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...

8.8CVSS9AI score0.99077EPSS
Exploits24
Exploit DB
Exploit DB
added 2023/03/23 12:0 a.m.179 views

Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities

Exploit Title: Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities Date: Sep 19, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: iPhone iOS 16.0 path traversa...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/23 12:0 a.m.180 views

MAN-EAM-0003 V3.2.4 - XXE

Exploit Title: MAN-EAM-0003 V3.2.4 - XXE Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: http://guralp.com/ Version: 3.2.4 Authentication Required: NO CVE : CVE-2022-38840 Google dork: " webconfig menu.cgi " Tested on: Windows Exploit 1 - browse to http:// name/cgi-bin/xmlstatus.cgi 2 - cli...

7.5CVSS7.7AI score0.09803EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/23 12:0 a.m.485 views

wkhtmltopdf 0.12.6 - Server Side Request Forgery

Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/22 12:0 a.m.135 views

Linksys AX3200 V1.1.00 - Command Injection

Exploit Title: Linksys AX3200 V1.1.00 - Command Injection Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: Linksys Version: 1.1.00 Authentication Required: YES CVE : CVE-2022-38841 Tested on: Windows Proof Of Concept: 1 - login into AX3200 webui 2 - go to diagnostics page 3 - put...

8.8CVSS8.9AI score0.1067EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/22 12:0 a.m.140 views

VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities

Exploit Title: VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Date: 18/09/2022 Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/22 12:0 a.m.157 views

SoX 14.4.2 - Denial Of Service

Exploit Title: SoX 14.4.2 - Denial Of Service Exploit Author: LiquidWorm Vendor: Chris Bagwell Product web page: http://sox.sourceforge.net https://en.wikipedia.org/wiki/SoX Affected version: =14.4.2 Summary: SoX Sound eXchange is the Swiss Army knife of sound processing tools: it can convert sou...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/02/20 12:0 a.m.242 views

pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)

Exploit Title: pfBlockerNG 2.1.426 - Remote Code Execution RCE Shodan Results: https://www.shodan.io/search?query=http.title%3A%22pfSense+-+Login%22+%22Server%3A+nginx%22+%22Set-Cookie%3A+PHPSESSID%3D%22 Date: 5th of September 2022 Exploit Author: IHTeam Vendor Homepage:...

9.8CVSS9.6AI score0.87247EPSS
Exploits14
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.97 views

IOTransfer V4 - Unquoted Service Path

Exploit Title: IOTransfer V4 - Unquoted Service Path Exploit Author: BLAY ABU SAFIAN Inveteck Global Discovery Date: 2022-28-07 Vendor Homepage: http://www.iobit.com/en/index.php Software Link: https://iotransfer.itopvpn.com/download/ Tested Version: V4 Vulnerability Type: Unquoted Service Path...

7.8CVSS7.9AI score0.01058EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.95 views

CVAT 2.0 - Server Side Request Forgery

Exploit Title: CVAT 2.0 - SSRF Server Side Request Forgery Exploit Author: Emir Polat Vendor Homepage: https://github.com/opencv/cvat Version: 2.0.0 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS GNU/Linux 5.4.0-122-generic x8664 CVE: CVE-2022-31188 Description: CVAT is an opensource interactive...

9.8CVSS9.7AI score0.47846EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.114 views

SmartRG Router SR510n 2.6.13 - Remote Code Execution

Exploit Title: SmartRG Router SR510n 2.6.13 - RCE Remote Code Execution Date: 13/06/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://adtran.com Version: 2.5.15 / 2.6.13 confirmed Tested on: SR506n 2.5.15 & SR510n 2.6.13 CVE : CVE-2022-37661 import requests from subprocess import...

9.8CVSS9.7AI score0.36187EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.136 views

MSNSwitch Firmware MNT.2408 - Remote Code Execution

Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Google Dork: n/a Date:9/1/2022 Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated...

9.8CVSS9.7AI score0.75556EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.165 views

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal

Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...

7.5CVSS7.7AI score0.45957EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.136 views

Open Web Analytics 1.7.3 - Remote Code Execution

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...

9.8CVSS9.6AI score0.99134EPSS
Exploits14
Exploit DB
Exploit DB
added 2022/10/17 12:0 a.m.94 views

Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/10/06 12:0 a.m.107 views

Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi

Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Date: 14-08-2022 Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/...

9.8CVSS9.7AI score0.09675EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.132 views

TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)

Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution RCE Date: 02/11/2022 Exploit Author: hacefresko Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/ Version: 1.1.15 and below Tested on: 1.1.11, 1.1.14 and 1.1.15 CVE : CVE-2021-4045 Write up of the...

10CVSS9.6AI score0.72185EPSS
Exploits10
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.107 views

Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.69 views

Aero CMS v0.0.1 - SQLi

Title: Aero CMS v0.0.1 - SQLi Author: nu11secur1ty Date: 08.27.2022 Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.94 views

Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.2AI score0.05291EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.199 views

Teleport v10.1.1 - Remote Code Execution (RCE)

Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Date: 08/01/2022 Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...

8.8CVSS8.8AI score0.49476EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.98 views

Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

5.4CVSS5.5AI score0.03574EPSS
Exploits7
Exploit DB
Exploit DB
added 2022/09/23 12:0 a.m.98 views

Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)

Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting XSS Date: 28/08/2022 Exploit Author: Ashkan Moghaddas Vendor Homepage: https://testa.cc Software Link: https://download.aftab.cc/products/testa/Testawos2.0.1.zip Version: 3.5.1 Tested on: Windows/Linux Proof...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/21 12:0 a.m.62 views

WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)

Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Date: 15-08-2022 Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf "...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/21 12:0 a.m.105 views

Wifi HD Wireless Disk Drive 11 - Local File Inclusion

Exploit Title: Wifi HD Wireless Disk Drive 11 - Local File Inclusion Date: Aug 13, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: http://www.savysoda.com Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/id311170976 Version: 11 Tested on: iPhone OS 155 Proof of Concep...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.90 views

Blink1Control2 2.2.7 - Weak Password Encryption

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Date: 2022-08-12 // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const...

7.5CVSS7.6AI score0.04386EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.86 views

Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)

Exploit Title: Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution RCE Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested on:...

9.8CVSS9.7AI score0.53752EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.101 views

Bookwyrm v0.4.3 - Authentication Bypass

Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Date: 2022-08-4 Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE:...

9.8CVSS9.7AI score0.11838EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.247 views

Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)

Exploit Title: Mobile Mouse 3.6.0.4 - Remote Code Execution RCE Date: Aug 09, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/e...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.151 views

Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass

Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Date: 2022-08-11 Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/15 12:0 a.m.382 views

Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)

Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...

7.5CVSS7.5AI score0.87678EPSS
Exploits8
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.90 views

WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Date: 05/08/2022 Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.140 views

Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass

Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Date: 2022-08-04 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...

9.8CVSS9.8AI score0.99796EPSS
Exploits9
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.60 views

WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/08/09 12:0 a.m.565 views

PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Date: 2022-08-13 Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038...

9CVSS6.9AI score0.86086EPSS
Exploits7
Exploit DB
Exploit DB
added 2022/08/09 12:0 a.m.443 views

Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Date: 02-08-2022 Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linu...

5.4CVSS5.5AI score0.03574EPSS
Exploits7
Exploit DB
Exploit DB
added 2022/08/09 12:0 a.m.410 views

ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)

Exploit Title: ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting XSS Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1 CVE :...

4.8CVSS5.2AI score0.02331EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/08/09 12:0 a.m.478 views

Prestashop blockwishlist module 2.1.0 - SQLi

Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...

8.8CVSS8.8AI score0.24146EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/08/09 12:0 a.m.418 views

ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)

Exploit Title: ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting XSS Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1 Tested on:...

4.8CVSS5.2AI score0.02331EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/08/02 12:0 a.m.1353 views

uftpd 2.10 - Directory Traversal (Authenticated)

Exploit Title: uftpd 2.10 - Directory Traversal Authenticated Google Dork: N/A Exploit Author: Aaron Esau arinerron Vendor Homepage: https://github.com/troglobit/uftpd Software Link: https://github.com/troglobit/uftpd Version: 2.7 to 2.10 Tested on: Linux CVE : CVE-2020-20277 Reference:...

9.8CVSS9.7AI score0.25249EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/08/01 12:0 a.m.551 views

WordPress Plugin Duplicator 1.4.7 - Information Disclosure

Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Google Dork: N/A Date: 07.27.2022 Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552...

5.3CVSS5.3AI score0.08415EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/08/01 12:0 a.m.494 views

Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)

Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...

5CVSS6.5AI score0.74696EPSS
Exploits9
Total number of security vulnerabilities47904