Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.386 views

Raspberry Pi 5.10 - Default Credentials

Exploit Title: Raspberry Pi 5.10 - Default Credentials Date: 08/12/2021 Exploit Author: netspooky Vendor Homepage: https://www.raspberrypi.com/ Software Link: https://www.raspberrypi.com/software/operating-systems/ Version: Raspberry Pi OS = 5.10 Tested on: Raspberry Pi OS 5.10 CVE : CVE-2021-387...

10CVSS9.6AI score0.15666EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.381 views

Student Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Date: 2020-07-06 Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...

9.8CVSS9.6AI score0.15926EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.308 views

Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)

Exploit Title: Chikitsa Patient Management System 2.0.2 - Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/06 12:0 a.m.450 views

HCL Lotus Notes V12 - Unquoted Service Path

Exploit Title: HCL Lotus Notes V12- Unquoted Service Path Exploit Author: Mert DAŞ Version: V12 Date: 01/12/2021 Vendor Homepage: https://www.hcltechsw.com/domino/download Tested on: Windows 10 ProcessId : 3860 Name : LNSUSvc DisplayName : HCL Notes Smart Upgrade Hizmeti PathName :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/06 12:0 a.m.503 views

Auerswald COMfortel 2.8F - Authentication Bypass

Exploit Title: Auerswald COMfortel 2.8F - Authentication Bypass Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Version: 1400/2600/3600 Advisory: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass RedTeam Pentesting discovered a vulnerability in the web-based configuration...

7.5CVSS7.6AI score0.5106EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/06 12:0 a.m.447 views

Auerswald COMpact 8.0B - Arbitrary File Disclosure

Exploit Title: Auerswald COMpact 8.0B - Arbitrary File Disclosure Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Arbitrary File Disclosure RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX...

6.8CVSS5.2AI score0.02394EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/06 12:0 a.m.482 views

Auerswald COMpact 8.0B - Privilege Escalation

Exploit Title: Auerswald COMpact 8.0B - Privilege Escalation Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Privilege Escalation RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allow...

8.8CVSS8.9AI score0.02028EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/06 12:0 a.m.478 views

Croogo 3.0.2 - Remote Code Execution (Authenticated)

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/06 12:0 a.m.418 views

Auerswald COMpact 8.0B - Multiple Backdoors

Exploit Title: Auerswald COMpact 8.0B - Multiple Backdoors Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers w...

10CVSS9.7AI score0.71979EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.524 views

WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)

Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read Unauthenticated Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/ Date: 2/12/2021 Exploit Author: Uriel Yochpaz Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Software Link: Version: 1.10, 1.20, 1.30...

7.5CVSS7.7AI score0.66543EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.346 views

WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting XSS Authenticated Date: 02/12/2021 Exploit Author: Abdurrahman Erkan @erknabd Vendor Homepage: https://soliloquywp.com/ Software Link: https://wordpress.org/plugins/soliloquy-lite/ Version: 2.6.2 Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.383 views

Online Magazine Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Online Magazine Management System 1.0 - SQLi Authentication Bypass Date: 01-12-2021 Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15061/online-magazine-management-system-php-free-source-code.html Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.329 views

Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Date: 01-12-2021 Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.htm...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.410 views

WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)

Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion LFI Exploit Author: Mohamed Magdy Abumusilm Aka m19o Software: All-in-One Video Gallery plugin Version: = 2.4.9 Tested on: Windows,linux Poc:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/01 12:0 a.m.1360 views

Advanced Comment System 1.0 - Remote Command Execution (RCE)

Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Date: November 30, 2021 Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/01 12:0 a.m.496 views

Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting

Exploit Title: Online Enrollment Management System in PHP and PayPal 1.0 - 'UNAME' Stored Cross-Site Scripting Date: 2021-08-31 Exploit Author: Tushar Jadhav Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

5.4CVSS5.6AI score0.01635EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/01 12:0 a.m.408 views

MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation

Exploit Title: MilleGPG5 5.7.2 Luglio 2021 x64 - Local Privilege Escalation Date: 2021-07-19 Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it/ Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe Version: 5.7.2 Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/30 12:0 a.m.444 views

Laundry Booking Management System 1.0 - Remote Code Execution (RCE)

Exploit Title: Laundry Booking Management System 1.0 - Remote Code Execution RCE Date: 29/11/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/29 12:0 a.m.643 views

opencart 3.0.3.8 - Sessjion Injection

Exploit Title: opencart 3.0.3.8 - Sessjion Injection Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/29 12:0 a.m.520 views

orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/29 12:0 a.m.432 views

orangescrum 1.8.0 - Privilege escalation (Authenticated)

Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/29 12:0 a.m.603 views

orangescrum 1.8.0 - 'Multiple' SQL Injection (Authenticated)

Exploit Title: orangescrum 1.8.0 - 'Multiple' SQL Injection Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/26 12:0 a.m.678 views

Bagisto 1.3.3 - Client-Side Template Injection

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Date: 11-25-2021 Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an accoun...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/24 12:0 a.m.566 views

CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Date: 11/15/2021 Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/24 12:0 a.m.454 views

HTTPDebuggerPro 9.11 - Unquoted Service Path

Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.511 views

FLEX 1085 Web 1.6.0 - HTML Injection

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Date: 2021-11-21 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.516 views

Bus Pass Management System 1.0 - 'Search' SQL injection

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Date: 23-11-2021 Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.638 views

Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure

Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Date: 22/11/2021 Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.589 views

Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)

Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Date: 11/22/21 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel...

7.8CVSS8.2AI score0.52199EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.455 views

Webrun 3.6.0.42 - 'P_0' SQL Injection

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 CVE: CVE-2021-43650 =-=-=-= Description =-=-=-= Webrun version 3.6.0....

9.8CVSS9.7AI score0.06158EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/11/23 12:0 a.m.546 views

GNU gdbserver 9.2 - Remote Command Execution (RCE)

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/22 12:0 a.m.344 views

Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Date: 20/11/2021 Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/22 12:0 a.m.422 views

Pinkie 2.15 - TFTP Remote Buffer Overflow (PoC)

Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/22 12:0 a.m.415 views

Modbus Slave 7.3.1 - Buffer Overflow (DoS)

Exploit Title: Modbus Slave 7.3.1 - Buffer Overflow DoS Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: https://www.modbustools.com/ Software Link : https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Tested Version: 7.3.1 Connect 5. - Paste the characters of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/17 12:0 a.m.742 views

Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/17 12:0 a.m.1623 views

GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Date: 11/01/2021 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link:...

10CVSS9.3AI score0.99981EPSS
Exploits57
Exploit DB
Exploit DB
added 2021/11/17 12:0 a.m.707 views

Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Date: 19/10/2021 Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to...

6.1CVSS6.3AI score0.05621EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/17 12:0 a.m.701 views

SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

8.8AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/17 12:0 a.m.463 views

Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)

Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Date: 21/04/2021 Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/16 12:0 a.m.575 views

CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/16 12:0 a.m.631 views

Online Learning System 2.0 - Remote Code Execution (RCE)

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...

9.8CVSS9.7AI score0.09985EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.366 views

WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Date: 20/08/2021 Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.0...

4.8CVSS5.1AI score0.02358EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.336 views

PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.364 views

WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting XSS Authenticated Date: 11/11/2021 Exploit Author: Mohammed Aadhil Ashfaq Vendor Homepage: https://form2email.dwbooster.com/ Version: 1.3.24 Tested on: wordpress POC 1. Click Contact form to Email...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.440 views

KONGA 0.14.9 - Privilege Escalation

Exploit Title: KONGA 0.14.9 - Privilege Escalation Date: 10/11/2021 Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.386 views

Simple Subscription Website 1.0 - SQLi Authentication Bypass

Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...

9.8CVSS9.7AI score0.04729EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/11/15 12:0 a.m.457 views

Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/12 12:0 a.m.538 views

Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)

Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-12 Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/12 12:0 a.m.408 views

Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)

Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Date: 2021-11-11 Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/12 12:0 a.m.431 views

Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation

Exploit Title: Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation Date: 11/11/2021 Exploit Author: it Vendor Homepage: https://www.microsoft.com Software Link: https://www.microsoft.com/pt-br/download/details.aspx?id=8518 Version: Version 6.1 Compilation 760...

7.4AI score
Exploits0
Total number of security vulnerabilities47904