Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/06/01 12:0 a.m.329 views

CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...

6.1CVSS5.6AI score0.8845EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/06/01 12:0 a.m.164 views

DupTerminator 1.4.5639.37199 - Denial of Service (PoC)

Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service PoC Date: 2021-05-28 Author: Brian Rodríguez Software Site: https://sourceforge.net/projects/dupterminator/ Version: 1.4.5639.37199 Category: DoS Windows Vulnerability DupTerminator is vulnerable to a DoS condition when a long list o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/01 12:0 a.m.352 views

Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)

Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure Username Enumeration Date: 31/05/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Vulnerable versions: version 8.11.x to 8.15.0 Tested on: Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.360 views

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.179 views

Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

9CVSS8.8AI score0.50069EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.188 views

WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...

5.4CVSS5.5AI score0.03249EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.744 views

PHPFusion 9.03.50 - Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

9CVSS8.8AI score0.67289EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/28 12:0 a.m.209 views

Trixbox 2.8.0.4 - 'lang' Path Traversal

Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...

6.5CVSS6.5AI score0.39486EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/27 12:0 a.m.196 views

Postbird 0.8.4 - Javascript Injection

Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...

5.4CVSS5.5AI score0.03561EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/26 12:0 a.m.481 views

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

7.2CVSS7.2AI score0.33428EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/05/26 12:0 a.m.568 views

Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Date: 24.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 '''...

7.2CVSS7.2AI score0.17984EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/26 12:0 a.m.167 views

RarmaRadio 2.72.8 - Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.8 - Denial of Service PoC Date: 2021-05-25 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: http://raimersoft.com/downloads/rarmaradiosetup.exe Version: 2.75.8 Tested on: Windows 10 Home x64 STEPS Open the program RarmaRadio Cli...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/26 12:0 a.m.2065 views

ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)

Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Date: 25/05/2021 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21...

10CVSS9.6AI score0.96803EPSS
Exploits22
Exploit DB
Exploit DB
added 2021/05/25 12:0 a.m.187 views

WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Date: 2021-05-24 Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/25 12:0 a.m.247 views

Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting (XSS)

Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Date: 24-05-2021 Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.277 views

Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.249 views

ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path

Exploit Title: ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2021-05-22 Vendor Homepage: https://www.acer.com Tested Version: 6.0.3008.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to discover...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.154 views

iDailyDiary 4.30 - Denial of Service (PoC)

Exploit Title: iDailyDiary 4.30 - Denial of Service PoC Date: 2021-05-21 Exploit Author: Ismael Nava Vendor Homepage: https://www.splinterware.com/index.html Software Link: https://www.splinterware.com/download/iddfree.exe Version: 4.30 Tested on: Windows 10 Home x64 STEPS Open the program...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.136 views

Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting XSS Date: 23-05-2021 Exploit Author: Marek Toth Vendor Homepage: https://www.shopizer.com Software Link: https://github.com/shopizer-ecommerce/shopizer Version: alert1 and save it 4. Open "Customers" - XSS payload will trigger Excep...

4.8CVSS5.1AI score0.02916EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.313 views

Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Date: 21.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link:...

9.8CVSS9.6AI score0.19241EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.217 views

WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Bastijn Ouwendijk Vendor Homepage: https://reservationdiary.eu/ Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ Version: 21.03...

6.1CVSS6.3AI score0.05501EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/24 12:0 a.m.437 views

DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path

Exploit Title: DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2021-05-21 Vendor Homepage: https://www.diskboss.com Software : https://www.diskboss.com/setupsx64/diskbosssetupv12.2.18x64.exe Tested Version: 12.2.18 Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.614 views

Solaris SunSSH 11.0 x86 - libpam Remote Root (2)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 2 Original Exploit Author: Hacker Fantastic Metasploit Module Author: wvu Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris10-overview.html Version: 10 Tested on: SunOS solaris 10 CVE: CVE-2020-14871 Ported By: legend...

10CVSS9.5AI score0.80291EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.754 views

Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Date: 2021-03-02 Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q Thi...

9.8CVSS9.5AI score0.99999EPSS
Exploits65
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.345 views

WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)

Exploit Title: WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection Unauthenticated Date: 20/05/2021 Exploit Author: Mansoor R @time4ster CVSS Score: 7.5 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Version Affected: 13.0 to 13.0.7 Vendor URL:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.287 views

DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)

Exploit Title: DELL dbutil23.sys 2.3 - Arbitrary Write to Local Privilege Escalation LPE Date: 10/05/2021 Exploit Author: Paolo Stagno aka VoidSec Version: include include include include define IOCTLCODE 0x9B0C1EC8 // IOCTLCODE value, used to reach the vulnerable function taken from IDA define...

8.8CVSS7.9AI score0.58132EPSS
Exploits17
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.468 views

Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code

Exploit Title: Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code Date: 20/05/2021 Exploit Authors: Carlo Di Dato and Michael Caruso from BestEffort Team https://besteffortteam.it Vendor Homepage: https://www.mozilla.org Version: = 88.0.1 Tested on: Windows XP Professional SP3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.190 views

Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/20 12:0 a.m.460 views

Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path

Exploit Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.2.3500.0 Vulnerability Type: Unquoted Service Path Tested on OS: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/20 12:0 a.m.464 views

ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path

Exploit Title: ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path Date: 2020-05-19 Exploit Author: Alejandra Sánchez Vendor Homepage: www.asus.com Version: 1.0.94.0 Tested on: Windows 10 Pro x64 es Description: ATK Hotkey 1.0.94.0 suffers from an unquoted search path issue...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/20 12:0 a.m.367 views

Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path

Exploit Title: Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2021-05-19 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 3.0.0.99 Vulnerability Type: Unquoted Service Path Tested on OS: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.214 views

COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)

Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Auth Bypass Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 SQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.236 views

In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows CVE: CVE-2021-27828 ----------------------------------------- SQL...

9.1CVSS9.6AI score0.2028EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.143 views

COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.157 views

ManageEngine ADSelfService Plus 6.1 - CSV Injection

Exploit Title: ManageEngine ADSelfService Plus 6.1 - CSV Injection Date: 19/05/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: 6.1 Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.355 views

WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)

Exploit Title: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service PoC Author: Luis Martinez Discovery Date: 2021-05-18 Vendor Homepage: https://apps.apple.com/mx/app/webssh-ssh-client/id497714887 Software Link: App Store for iOS devices Tested Version: 14.16.10 Vulnerability Type: Denial of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.160 views

Visual Studio Code 1.47.1 - Denial of Service (PoC)

Exploit Tittle: Visual Studio Code 1.47.1 - Denial of Service Poc Exploit Author: H.H.A.Ravindu Priyankara Category: Denial of ServiceDOS Tested Version:1.47.1 Vendor: Microsoft Software Download Link:https://code.visualstudio.com/updates/ Write-Host "...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.780 views

WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...

6.1CVSS6.5AI score0.05721EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/18 12:0 a.m.529 views

Microsoft Exchange 2019 - Unauthenticated Email Download

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Date: 03-11-2021 Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and...

9.8CVSS10AI score0.99999EPSS
Exploits63
Exploit DB
Exploit DB
added 2021/05/18 12:0 a.m.257 views

EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Date: 5/17/2021 Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.220 views

Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free

Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free Date: 15/05/2021 CVE : CVE-2013-3893 PoC: https://github.com/travelworld/cve20133893trigger.html/blob/gh-pages/params.json Exploit Author: SlidingWindow Vendor Advisory:...

9.3CVSS9AI score0.8593EPSS
Exploits18
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.312 views

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.177 views

Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting Authenticated Date: 14-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.295 views

IPFire 2.25 - Remote Code Execution (Authenticated)

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...

9CVSS9AI score0.58725EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.256 views

Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Date: 14-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.345 views

Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.180 views

Billing Management System 2.0 - Union based SQL injection (Authenticated)

Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Date: 2021-05-16 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.271 views

Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection

Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Date: 2021-05-16 Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.180 views

Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting

Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting Date: 16-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.1011 views

Subrion CMS 4.2.1 - Arbitrary File Upload

Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE Authenticated Date: 17/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE:...

7.2CVSS7.4AI score0.64261EPSS
Exploits10
Total number of security vulnerabilities47904