Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/06/18 12:0 a.m.462 views

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/18 12:0 a.m.220 views

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation

Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to session...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.404 views

Unified Office Total Connect Now 1.0 - 'data' SQL Injection

Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection Shodan Filter: http.title:"TCN User Dashboard" Date: 06-16-2021 Exploit Author: Ajaikumar Nadar Vendor Homepage: https://unifiedoffice.com/ Software Link: https://unifiedoffice.com/voip-business-solutions/ Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.344 views

VX Search 13.5.28 - 'Multiple' Unquoted Service Path

Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.410 views

Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path

Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.685 views

Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path

Exploit Title: Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.dupscout.com Software Links: https://www.dupscout.com/setupsx64/dupscoutsrvsetupv13.5.28x64.exe...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.426 views

Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path

Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.448 views

Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)

Exploit Title: Online Shopping Portal 3.1 - Remote Code Execution Unauthenticated Date: 17.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: V3.1 Tested on: Windows & Ubuntu import requests import random import string url =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.550 views

Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path

Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 06-16-2021 Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/17 12:0 a.m.193 views

Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Date: 17/06/2021 Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com Vendor Confirmation:...

5.3CVSS5.3AI score0.17772EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.278 views

Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authenticated)

Exploit Title: Teachers Record Management System 1.0 – Multiple SQL Injection Authenticated Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.491 views

OpenEMR 5.0.1.3 - Authentication Bypass

Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Date 15.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1...

9.1CVSS9.4AI score0.25935EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.293 views

Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting

Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Date: 2021-15-06 Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.333 views

Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Date: 15-06-2021 Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.472 views

DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path

Exploit Title: DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.diskpulse.com Software Links: https://www.diskpulse.com/setupsx64/diskpulseentsetupv13.6.14x64.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.62 views

Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path

Exploit Title: Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path Discovery by: BRushiran Date: 15-06-2021 Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksorterentsetupv13.6.12x64.exe Tested Version: 13.6.12...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.463 views

CKEditor 3 - Server-Side Request Forgery (SSRF)

Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Date: 12-6-2021 Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.270 views

Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)

Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.472 views

Polkit 0.105-26 0.117-2 - Local Privilege Escalation

Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...

7.8CVSS6.9AI score0.22193EPSS
Exploits37
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.237 views

Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path

Exploit Title: Brother BRAgent 1.38 - 'WBAAgentClient' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://brother.com Software Link: https://support.brother.com/g/b/downloadhowto.aspx?c=us&lang=en&prod=ads1000wus&os=10013&dlid=dlf002778000&flang=4&type3=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.149 views

Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)

Exploit Title: Client Management System 1.1 - 'username' Stored Cross-Site Scripting XSS Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.134 views

Client Management System 1.1 - 'Search' SQL Injection

Exploit Title: Client Management System 1.1 - 'Search' SQL Injection Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.314 views

Brother BRPrint Auditor - 'Multiple' Unquoted Service Path

Exploit Title: Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://support.brother.com/ Software Links:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/15 12:0 a.m.212 views

SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path

Exploit Title: SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.sysgauge.com Software Link: https://www.sysgauge.com/setups/sysgaugesrvsetupv7.9.18.exe Tested Version: 7.9.18 Vulnerability Type: Unquoted Service...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.305 views

Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path

Exploit Title: Tftpd64 4.64 - 'Tftpd32svc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://bitbucket.org/phjounin/tftpd64/src/master/ Software Links: https://bitbucket.org/phjounin/tftpd64/wiki/Download%20Tftpd64.md Tested Version: 4.64 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.379 views

Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)

Exploit Title: Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting XSS Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE-2021-34370...

6.1CVSS6.3AI score0.09996EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.218 views

GLPI 9.4.5 - Remote Code Execution (RCE)

Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...

9CVSS8.7AI score0.10949EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.259 views

Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)

Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...

6.5CVSS6.5AI score0.08236EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.253 views

Small CRM 3.0 - 'Authentication Bypass' SQL Injection

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Date: 12/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.316 views

OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)

Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Date 12.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on...

8.8CVSS8.7AI score0.19274EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.246 views

Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)

Exploit Title: Stock Management System 1.0 - 'userid' Blind SQL injection Authenticated Date: 11/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.163 views

COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)

Exploit Title: COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting XSS Date: 11/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.176 views

Post-it 5.0.1 - Denial of Service (PoC)

Exploit Title: Post-it 5.0.1 - Denial of Service PoC Date: 06-14-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/es/app/post-it/id920127738 Version: 5.0.1 Category: DoS iOS Vulnerability Post-it is vulnerable to a DoS condition when a long list of characters is being used when...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.171 views

Notex the best notes 6.4 - Denial of Service (PoC)

Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Date: 06-14-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long lis...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.172 views

Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)

Exploit Title: Secure Notepad Private Notes 3.0.3 - Denial of Service PoC Date: 06-14-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/secure-notepad-private-notes/id711178888 Version: 3.0.3 Category: DoS iOS Vulnerability Secure Notepad - Private Notes is vulnerable to a D...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.286 views

Spy Emergency 25.0.650 - 'Multiple' Unquoted Service Path

Exploit Title: Spy Emergency 25.0.650 - Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2021-06-11 Vendor Homepage: https://www.spy-emergency.com/ Software Link: https://www.spy-emergency.com/download/download.php?id=1 Tested Version: 25.0.650.0 Vulnerability Type: Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.310 views

WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path

Exploit Title: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path Discovery by: Brian Rodriguez Date: 13-06-2021 Vendor Homepage: https://www.wibu.com Software Links: https://www.wibu.com/us/support/user/downloads-user-software/file/download/5792.html Tested Version: 6.51 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.288 views

TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)

Exploit Title : TextPattern CMS 4.8.7 - Remote Command Execution Authenticated Date : 2021/09/06 Exploit Author : Mert Daş [email protected] Software Link : https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web : https://textpattern.com/ Tested on: Server : Xampp First ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.527 views

Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)

Exploit Title: Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting XSS Exploit Author: Abdulazeez Alaseeri Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Tested on: JBoss server/windows Type: Web App Date: 06/07/2021 CVE: CVE-2021-33904...

6.1CVSS6.3AI score0.10053EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.505 views

Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF)

Exploit Title: Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery SSRF Date: 09 Jun 2021 Exploit Author: Alex Birnberg Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=57462 Version: 16.0.10372.20060 Tested on: Windows Serv...

8.1CVSS7.7AI score0.04563EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.312 views

Grocery crud 1.6.4 - 'order_by' SQL Injection

Exploit Title: Grocery crud 1.6.4 - 'orderby' SQL Injection Date: 11/06/1963 Exploit Author: TonyShavez Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: v2.0.1 Tested on: Linux Ubuntu Proof Of concept : ======================= Request: PO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.409 views

WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...

8.1CVSS8.2AI score0.03218EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.178 views

Solar-Log 500 2.8.2 - Incorrect Access Control

Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" Date: 2021-06-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.506 views

OpenEMR 5.0.0 - Remote Code Execution (Authenticated)

Exploit Title: OpenEMR 5.0.0 - Remote Code Execution Authenticated Date 10.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.0/openemr-5.0.0.zip/download Version: 5.0.0 Teste...

8.8CVSS8.8AI score0.15188EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.359 views

WoWonder Social Network Platform 3.1 - Authentication Bypass

Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.198 views

Solar-Log 500 2.8.2 - Unprotected Storage of Credentials

Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" Date: 2021-06-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.199 views

Zenario CMS 8.8.52729 - 'cID' SQL injection (Authenticated)

Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection Authenticated Date: 05–02–2021 Exploit Author: Avinash R Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.52729 Tested on: Windows 10 Pro No OS...

4.8CVSS7.4AI score0.01089EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.409 views

Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)

Exploit Title: Cerberus FTP web Service 11 - 'svg' Stored Cross-Site Scripting XSS Date: 08/06/2021 Exploit Author: Mohammad Hossein Kaviyany Vendor Homepage: www.cerberusftp.com Software Link: https://www.cerberusftp.com/download/ Version:11.0 releases prior to 11.0.4, 10.0 releases prior to...

6.1CVSS6.4AI score0.01766EPSS
Exploits1
Exploit DB
Exploit DB
added 2021/06/10 12:0 a.m.414 views

TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/10 12:0 a.m.401 views

Student Result Management System 1.0 - 'class' SQL Injection

Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Date: 09.09.2020 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/...

7.4AI score
Exploits0
Total number of security vulnerabilities47904