Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/10/29 12:0 a.m.845 views

Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit)

class MetasploitModule "Movable Type XMLRPC API Remote Command Injection", 'Description' = %q This module exploit Movable Type XMLRPC API Remote Command Injection. , 'License' = MSFLICENSE, 'Author' = 'Etienne Gervais', author & msf module, 'Charl-Alexandre Le Brun' author & msf module ,...

9.8CVSS7.4AI score0.88144EPSS
Exploits11
Exploit DB
Exploit DB
added 2021/10/28 12:0 a.m.439 views

PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)

Exploit Title: PHPGurukul Hostel Management System 2.1 - Cross-site request forgery CSRF to Cross-site Scripting XSS Date: 2021-10-27 Exploit Author: Anubhav Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Vulnerable...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/28 12:0 a.m.524 views

WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting XSS Date: 10/27/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://supsystic.com/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.18...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/26 12:0 a.m.355 views

WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting XSS Date: 10/25/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.filterable-portfolio.com/ Software Link: https://wordpress.org/plugins/fg-gallery/ Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.394 views

Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Date: 24/10/2021 Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.300 views

Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting (XSS)

Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.378 views

Gestionale Open 11.00.00 - Local Privilege Escalation

Exploit Title: Gestionale Open 11.00.00 - Local Privilege Escalation Date: 2021-07-19 Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://www.gestionaleopen.org/ Software Homepage: https://www.gestionaleopen.org/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.356 views

WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.418 views

Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)

Exploit Title: Wordpress 4.9.6 - Arbitrary File Deletion Authenticated 2 Date: 04/08/2021 Exploit Author: samguy Vulnerability Discovery By: Slavco Mihajloski & Karim El Ouerghemmi Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/wordpress-4.9.6.tar.gz Version: 4.9.6...

8.8CVSS7.9AI score0.62558EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.860 views

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Date: 17/08/2021 Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested o...

8.8CVSS8.8AI score0.98462EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.388 views

WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/ninja-tables/ Software Link: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/ Version: 4.1.7 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.454 views

Engineers Online Portal 1.0 - 'multiple' Authentication Bypass

Exploit Title: Engineers Online Portal 1.0 - 'multiple' Authentication Bypass Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.370 views

Engineers Online Portal 1.0 - 'id' SQL Injection

Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.507 views

Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...

5.4CVSS5.5AI score0.01647EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.384 views

OpenClinic GA 5.194.18 - Local Privilege Escalation

Exploit Title: OpenClinic GA 5.194.18 - Local Privilege Escalation Date: 2021-07-24 Author: Alessandro Salzano Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Homepage: https://sourceforge.net/projects/open-clinic/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.419 views

Balbooa Joomla Forms Builder 2.0.6 - SQL Injection (Unauthenticated)

Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Date: 24.10.2021 Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.1377 views

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)

Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo...

9.8CVSS9.2AI score0.99964EPSS
Exploits175
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.324 views

WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting XSS Authenticated Date: 23-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: Software Link: https://wordpress.org/plugins/simple-tags/ Tested on Windows CVE: CVE-2021-24444...

4.8CVSS5.1AI score0.02315EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.453 views

Engineers Online Portal 1.0 - File Upload Remote Code Execution (RCE)

Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Date: 10/23/2021 Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windo...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.411 views

Netgear Genie 2.4.64 - Unquoted Service Path

Exploit Title: Netgear Genie 2.4.64 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 2.4.64 Date: 23.10.2021 Vendor Homepage: https://www.netgear.com/ Tested on: Windows 10 C:\Users\Mertsc qc NETGEARGenieDaemon SC QueryServiceConfig SUCCESS SERVICENAME: NETGEARGenieDaemon TYPE : 10...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/25 12:0 a.m.1163 views

Hikvision Web Server Build 210702 - Command Injection

Exploit Title: Hikvision Web Server Build 210702 - Command Injection Exploit Author: bashis Vendor Homepage: https://www.hikvision.com/ Version: 1.0 CVE: CVE-2021-36260 Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html All credit to WatchfulIP...

9.8CVSS9.6AI score0.99869EPSS
Exploits23
Exploit DB
Exploit DB
added 2021/10/22 12:0 a.m.460 views

Clinic Management System 1.0 - SQL injection to Remote Code Execution

Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/22 12:0 a.m.613 views

Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated)

Exploit Title: Online Course Registration 1.0 - Blind Boolean-Based SQL Injection Authenticated Exploit Author: Sam Ferguson @AffineSecurity and Drew Jones @qhum7sec Date: 2021-10-21 Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/22 12:0 a.m.2383 views

Jetty 9.4.37.v20210219 - Information Disclosure

Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Date: 2021-10-21 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and...

5.3CVSS6.6AI score0.82371EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/10/21 12:0 a.m.378 views

NIMax 5.3.1f0 - 'VISA Alias' Denial of Service (PoC)

Exploit Title: NIMax 5.3.1f0 - 'VISA Alias' Denial of Service PoC Date: 24/06/2021 Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/21 12:0 a.m.409 views

NIMax 5.3.1 - 'Remote VISA System' Denial of Service (PoC)

Exploit Title: NIMax 5.3.1 - 'Remote VISA System' Denial of Service PoC Date: 24/06/2021 Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/21 12:0 a.m.599 views

Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read

Exploit Title: Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read Date: 11 October 2021 Exploit Author: z4nd3r Vendor Homepage: http://www.echatserver.com/ Software Link: http://www.echatserver.com/ Version: 3.1 Tested on: Windows 10 Pro Build 19042, English Description: The web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/21 12:0 a.m.430 views

Small CRM 3.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Date: 20/10/2021 Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/20 12:0 a.m.454 views

Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation

Exploit Title: Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: 18/10/2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/20 12:0 a.m.557 views

SonicWall SMA 10.2.1.0-17sv - Password Reset

Exploit Title: SonicWall SMA 10.2.1.0-17sv - Password Reset Description: Overwrite the persistent database, resulting in password reset on reboot. Shodan Dork: https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22 Date: 10/19/2021 Exploit Author: Jacob Baines...

9.1CVSS9.4AI score0.80701EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/20 12:0 a.m.561 views

Macro Expert 4.7 - Unquoted Service Path

Exploit Title: Macro Expert 4.7 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 4.7 Date: 20.10.2021 Vendor Homepage: http://www.macro-expert.com/ Tested on: Windows 10 C:\Users\Mertsc qc "Macro Expert" SC QueryServiceConfig SUCCESS SERVICENAME: Macro Expert TYPE : 10 WIN32OWNPROCESS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/19 12:0 a.m.618 views

WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Date: 18/10/2021 Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must...

6.1CVSS6.3AI score0.02959EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/10/19 12:0 a.m.605 views

myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)

Exploit Title: myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting XSS Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.myfactory.com/ Version: Enfold input NAME="txtUID" VALU...

6.1CVSS6.3AI score0.05832EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/19 12:0 a.m.353 views

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.688 views

Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read

Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Date: October 16, 2021 Exploit Author: nam3lum Vendor Homepage: https://wordpress.org/plugins/duplicator/ Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip Version: 1.3.26 Tested on:...

7.5CVSS7.6AI score0.97822EPSS
Exploits11
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.304 views

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.301 views

Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)

Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Date: 16/10/2021 Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.295 views

Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)

Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting XSS Date: 17-10-2021 Exploit Author: Aniket Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Lin...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.416 views

Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)

Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery CSRF Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.395 views

Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

7.5CVSS7.6AI score0.19612EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.387 views

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...

6.1CVSS6.3AI score0.04032EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/18 12:0 a.m.398 views

Plastic SCM 10.0.16.5622 - WebAdmin Server Access

Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...

7.5CVSS7.7AI score0.08939EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/15 12:0 a.m.582 views

i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)

Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...

6.1CVSS6.3AI score0.09912EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/14 12:0 a.m.491 views

TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)

Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/14 12:0 a.m.274 views

SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path

Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.307 views

Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery CSRF Date: 10/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.350 views

Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)

Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Date: 11.10.2021 Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Lin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.306 views

Simple Issue Tracker System 1.0 - SQLi Authentication Bypass

Exploit Title: Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Date: 11.10.2021 Exploit Author: Bekir Bugra TURKOGLU Vendor Homepage: https://www.sourcecodester.com/php/14938/simple-issue-tracker-system-project-using-php-and-sqlite-free-download.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.376 views

Sonicwall SonicOS 7.0 - Host Header Injection

Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection Google Dork: inurl:"auth.html" intitle:"SonicWall" intitle:"SonicWall Analyzer Login" Discovered Date: 03/09/2020 Reported Date: 07/09/2020 Exploit Author: Ramikan Vendor Homepage:sonicwall.com Affected Devices: All SonicWall Next Gen 6...

6.1CVSS6.3AI score0.13041EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.282 views

Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass

Exploit Title: Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Date: 11.10.2021 Exploit Author: Oguzhan Kara Vendor Homepage: https://www.sourcecodester.com/php/14929/online-learning-system-v2-using-php-free-source-code.html Software Link:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904