Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.257 views

WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS6.5AI score0.10703EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.269 views

CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP...

6.5CVSS6.6AI score0.03345EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.305 views

Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)

Exploit Title: Kramer VIAware 2.5.0719.1034 - Remote Code Execution RCE Date: 28/03/2022 Exploit Author: sharkmoos & BallO Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: 2.5.0719.1034 Tested on: ViaWare Go Windows 10 CVE :...

10CVSS9.6AI score0.2254EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.411 views

PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: PostgreSQL 9.3-11.7 - Remote Code Execution RCE Authenticated Date: 2022-03-29 Exploit Author: b4keSn4ke Github: https://github.com/b4keSn4ke Vendor Homepage: https://www.postgresql.org/ Software Link: https://www.postgresql.org/download/linux/debian/ Version: 9.3 - 11.7 Tested on:...

9CVSS7.4AI score0.91877EPSS
Exploits17
Exploit DB
Exploit DB
added 2022/03/23 12:0 a.m.395 views

WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/23 12:0 a.m.338 views

ProtonVPN 1.26.0 - Unquoted Service Path

Exploit Title: ProtonVPN 1.26.0 - Unquoted Service Path Date: 22/03/2022 Exploit Author: gemreda @gemredax Vendor Homepage: https://protonvpn.com/ Software Link: https://protonvpn.com/ Version: 1.26.0 Tested: Windows 10 x64 Contact: [email protected] PS C:\Users\Emre sc.exe qc "ProtonVPN Wireguard" ...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.378 views

Sysax FTP Automation 6.9.0 - Privilege Escalation

Exploit Author: bzyo @bzyo Exploit Title: Sysax FTP Automation 6.9.0 - Privilege Escalation Date: 03-20-2022 Vulnerable Software: Sysax FTP Automation 6.9.0 Vendor Homepage: https://www.sysax.com/ Version: 6.9.0 Software Link: https://www.sysax.com/download/sysaxautosetup.msi Tested on: Windows 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.377 views

iRZ Mobile Router - CSRF to RCE

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Date: 2022-03-18 Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21,...

9.3CVSS8.8AI score0.34531EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.281 views

ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure

Exploit Title: ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure Exploit Author: LiquidWorm Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.290 views

ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)

Exploit Title: ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.295 views

Ivanti Endpoint Manager 4.6 - Remote Code Execution (RCE)

Exploit Title: Ivanti Endpoint Manager 4.6 - Remote Code Execution RCE Date: 20/03/2022 Exploit Author: d7x Vendor Homepage: https://www.ivanti.com/ Software Link: https://forums.ivanti.com/s/article/Customer-Update-Cloud-Service-Appliance-4-6 Version: CSA 4.6 4.5 - EOF Aug 2021 Tested on: Linux...

9.8CVSS9.6AI score0.99105EPSS
Exploits9
Exploit DB
Exploit DB
added 2022/03/22 12:0 a.m.251 views

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Takeover Date: 18/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 1. About -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/21 12:0 a.m.460 views

Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)

Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...

4.9CVSS5.1AI score0.03315EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.1880 views

Hikvision IP Camera - Backdoor

Exploit Title: Hikvision IP Camera - Backdoor Date: 14/03/2022 Exploit Author: Sobhan Mahmoodi Reference: https://ipvm.com/reports/hik-exploit GitHub: https://github.com/bp2008/HikPasswordHelper/ Hikvision included a magic string that allowed instant access to any camera, regardless of what the...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.299 views

Moodle 3.11.5 - SQLi (Authenticated)

Exploit Title: Moodle 3.11.5 - SQLi Authenticated Date: 2/3/2022 Exploit Author: Chris Anastasio @mufinnnnnnn Vendor Homepage: https://moodle.com/ Software Link: https://github.com/moodle/moodle/archive/refs/tags/v3.11.5.zip Write Up: https://muffsec.com/blog/moodle-2nd-order-sqli/ Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.1686 views

Tiny File Manager 2.4.6 - Remote Code Execution (RCE)

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...

6.5CVSS6.9AI score0.08235EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.349 views

Apache APISIX 2.12.1 - Remote Code Execution (RCE)

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Date: 2022-03-16 Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT =...

9.8CVSS9.6AI score0.96182EPSS
Exploits16
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.407 views

Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

7.2CVSS7AI score0.37716EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/14 12:0 a.m.258 views

VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path

Exploit Title: VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path Date: 11/03/2022 Exploit Author: Faisal Alasmari Vendor Homepage: https://www.vive.com/ Software Link: https://developer.vive.com/resources/downloads/ Version: 1.0.0.4 Tested: Windows 10 x64 C:\Users\Usersc qc "VIVE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/14 12:0 a.m.356 views

Baixar GLPI Project 9.4.6 - SQLi

Exploit Title: Baixar GLPI Project 9.4.6 - SQLi Date: 10/12 Exploit Author: Joas Antonio Vendor Homepage: https://glpi-project.org/pt-br/ https://www.blueonyx.it/ Software Link: https://glpi-project.org/pt-br/baixar/ Version: GLPI - 9.4.6 Tested on: Windows/Linux CVE : CVE-2021-44617 POC1:...

9.8CVSS9.7AI score0.02089EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/11 12:0 a.m.389 views

Tdarr 2.00.15 - Command Injection

Exploit Title: Tdarr 2.00.15 - Command Injection Date: 10/03/2022 Exploit Author: Sam Smith Vendor Homepage: https://tdarr.io Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linuxarm64/TdarrServer.zip Version: 2.00.15 likely also older versions Tested on: 2.00.15 Exploit:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/11 12:0 a.m.422 views

Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)

Exploit Title: Seowon SLR-120 Router - Remote Code Execution Unauthenticated Date: 2022-03-11 Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=126&bigkind=B05&middlekind=B0530 Version: All versi...

9.8CVSS9.6AI score0.71691EPSS
Exploits8
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.369 views

Siemens S7-1200 - Unauthenticated Start/Stop Command

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Date: 09/03/2022 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.318 views

McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege

Exploit Title: McAfee® Safe Connect VPN - Unquoted Service Path Elevation Of Privilege Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/en-us/vpn/mcafee-safe-connect.html Version: 2.13 Tested: Windows 10 x64 Contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.277 views

BattlEye 0.9 - 'BEService' Unquoted Service Path

Exploit Title: BattlEye 0.9 - 'BEService' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.battleye.com/ Software Link: https://www.battleye.com/downloads/ Version: 0.94 Tested: Windows 10 Pro Contact: https://twitter.com/dmaral3noz C:\Users\saudhsc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.294 views

Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-03-09 Vendor : David Xanatos Version : SbieSvc 5.50.2 Vendor Homepage : https://sandboxie-plus.com/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.291 views

Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path

Exploit Title: Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sony.com/ Software Link: https://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/en/index.html Version: 6.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.283 views

WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path

Exploit Title: WOW21 5.0.1.9 - 'Service WOW21Service' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-03-09 Vendor : ilwebmaster21 Version : WOW21Service 5.0.1.9 Vendor Homepage : https://wow21.life/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.654 views

Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Zabbix 5.0.17 - Remote Code Execution RCE Authenticated Date: 9/3/2022 Exploit Author: Hussien Misbah Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn5.0.17 Version: 5.0.17 Tested on: Linux Reference:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/09 12:0 a.m.307 views

Audio Conversion Wizard v2.01 - Buffer Overflow

Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.07.2022 Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/09 12:0 a.m.324 views

Cobian Backup 0.9 - Unquoted Service Path

Exploit Title: Cobian Backup 0.9 - Unquoted Service Path Date: 06/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.cobiansoft.com// Software Link: https://www.cobiansoft.com/download.php/ Version:0.9.93 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc CobianReflectorService SC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/09 12:0 a.m.363 views

Webmin 1.984 - Remote Code Execution (Authenticated)

Exploit Title: Webmin 1.984 - Remote Code Execution Authenticated Date: 2022-03-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.webmin.com/ Software Link: https://github.com/webmin/webmin/archive/refs/tags/1.984.zip Version: = 1.984 Tested on: Ubuntu 18...

9CVSS8.7AI score0.96977EPSS
Exploits13
Exploit DB
Exploit DB
added 2022/03/09 12:0 a.m.295 views

Printix Client 1.3.1106.0 - Privilege Escalation

Exploit Title: Printix Client 1.3.1106.0 - Privilege Escalation Date: 3/2/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windo...

9.3CVSS8.2AI score0.11011EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/09 12:0 a.m.288 views

Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path

Exploit Title: Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path Discovery by: Mohamed Alzhrani Discovery Date: 2022-03-08 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 12.0.18...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/08 12:0 a.m.1134 views

Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)

// Exploit Title: Linux Kernel 5.8 Proof-of-concept exploit for the Dirty Pipe vulnerability CVE-2022-0847 caused by an uninitialized "pipebuffer.flags" variable. It demonstrates how to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on...

7.8CVSS8.4AI score0.89063EPSS
Exploits100
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.309 views

Malwarebytes 4.5 - Unquoted Service Path

Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.254 views

Cloudflare WARP 1.4 - Unquoted Service Path

Exploit Title: Cloudflare WARP 1.4 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.cloudflare.com/ Software Link: https://developers.cloudflare.com/warp-client/get-started/windows/ Version: 1.4.107 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.289 views

Foxit PDF Reader 11.0 - Unquoted Service Path

Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.293 views

Private Internet Access 3.3 - 'pia-service' Unquoted Service Path

Exploit Title: Private Internet Access 3.3 - 'pia-service' Unquoted Service Path Date: 04/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.privateinternetaccess.com Software Link: https://www.privateinternetaccess.com/download Version: 3.3.0.100 Tested: Windows 10 x64 Contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.433 views

part-db 0.5.11 - Remote Code Execution (RCE)

Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Google Dork: NA Date: 03/04/2022 Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848...

10CVSS9.2AI score0.35436EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.430 views

Attendance and Payroll System v1.0 - Remote Code Execution (RCE)

Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.478 views

Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)

Exploit Title: Spring Cloud Gateway 3.1.0 - Remote Code Execution RCE Google Dork: N/A Date: 03/03/2022 Exploit Author: Carlos E. Vieira Vendor Homepage: https://spring.io/ Software Link: https://spring.io/projects/spring-cloud-gateway Version: This vulnerability affect Spring Cloud Gateway 3.0.7...

10CVSS10AI score0.98253EPSS
Exploits54
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.299 views

Attendance and Payroll System v1.0 - SQLi Authentication Bypass

Exploit Title: Attendance and Payroll System v1.0 - SQLi Authentication Bypass Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.277 views

Hasura GraphQL 2.2.0 - Information Disclosure

Exploit Title: Hasura GraphQL 2.2.0 - Information Disclosure Software: Hasura GraphQL Community Software Link: https://github.com/hasura/graphql-engine Version: 2.2.0 Exploit Author: Dolev Farhi Date: 5/05/2022 Tested on: Ubuntu import requests SERVERADDR = 'x.x.x.x' url =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.327 views

Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows...

8.8CVSS8.8AI score0.12782EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.322 views

Prowise Reflect v1.0.9 - Remote Keystroke Injection

Exploit Title: Prowise Reflect v1.0.9 - Remote Keystroke Injection Date: 30/10/2022 Exploit Author: Rik Lutz Vendor Homepage: https://www.prowise.com/ Version: V1.0.9 Tested on: Windows 10 Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. Much like...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.330 views

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)

Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting XSS Date: 1/3/2022 Exploit Author: Momen Eldawakhly CyberGuy Vendor Homepage: https://www.zyxel.com Version: ZyWALL 2 Plus Tested on: Ubuntu Linux Firefox CVE : CVE-2021-46387 GET...

6.1CVSS6.3AI score0.21028EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.337 views

Printix Client 1.3.1106.0 - Remote Code Execution (RCE)

Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Date: 3/1/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8,...

9.8CVSS9.7AI score0.18235EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/02 12:0 a.m.381 views

Xerte 3.10.3 - Directory Traversal (Authenticated)

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...

6.5CVSS6.5AI score0.07685EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/28 12:0 a.m.394 views

Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path

Exploit Title: Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-24 Vendor Homepage: https://www.cobiansoft.com/ Software Link : https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability...

7.4AI score
Exploits0
Total number of security vulnerabilities47904