Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/04/29 12:0 a.m.432 views

Cacti 1.2.12 - 'filter' SQL Injection

Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Date: 04/28/2021 Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295...

7.2CVSS7.2AI score0.8633EPSS
Exploits9
Exploit DB
Exploit DB
added 2021/04/29 12:0 a.m.290 views

FOGProject 1.5.9 - File Upload RCE (Authenticated)

Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Date: 2021-04-28 Exploit Author: [email protected] Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/29 12:0 a.m.179 views

NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/28 12:0 a.m.970 views

Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)

Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...

7.6CVSS5.8AI score0.03174EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/27 12:0 a.m.246 views

Kimai 1.14 - CSV Injection

Exploit Title: Kimai 1.14 - CSV Injection Date: 26/04/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/27 12:0 a.m.268 views

WordPress Plugin WPGraphQL 1.3.5 - Denial of Service

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/27 12:0 a.m.246 views

Montiorr 1.7.6m - Persistent Cross-Site Scripting

Exploit Title: Montiorr 1.7.6m - Persistent Cross-Site Scripting Date: 25/4/2021 Exploit Author: Ahmad Shakla Software Link: https://github.com/Monitorr/Monitorr Tested on: Kali GNU/Linux 2020.2 Detailed Bug Description :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/26 12:0 a.m.727 views

Hasura GraphQL 1.3.3 - Remote Code Execution

Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/26 12:0 a.m.517 views

OpenPLC 3 - Remote Code Execution (Authenticated)

Exploit Title: OpenPLC 3 - Remote Code Execution Authenticated Date: 25/04/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/26 12:0 a.m.287 views

SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)

Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 2 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04/25/2021 Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1...

7.2CVSS7AI score0.10672EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.435 views

Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)

Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.325 views

DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04/23/2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author...

6.1CVSS6.3AI score0.02848EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.423 views

Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)

Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.257 views

Moodle 3.10.3 - 'url' Persistent Cross Site Scripting

Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting Date: 22/04/2021 Exploit Author: UVision Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org Version: 3.10.3 Tested on: Debian/Windows 10 By having the role of a teacher or an administrator or a manag...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.740 views

GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting

Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Date: 22/04/2021 Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against Server...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/22 12:0 a.m.561 views

CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)

Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting XSS Date: 2021/03/19 Exploit Author: bt0 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip Version: 2.2.15 CVE: CVE-2021-28935...

5.4CVSS5.5AI score0.01574EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/22 12:0 a.m.269 views

RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...

5.4CVSS5.4AI score0.01773EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/04/22 12:0 a.m.801 views

OTRS 6.0.1 - Remote Command Execution (2)

Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Date: 21-04-2021 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921...

9CVSS8.7AI score0.19901EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.557 views

rconfig 3.9.6 - Arbitrary File Upload

Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Date: 18/04/2021 Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.634 views

Fast PHP Chat 1.3 - 'my_item_search' SQL Injection

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.455 views

Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)

Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Date: 14/04/2021 Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: 2021-31152 Exploit Code: document.forms0.submit;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.243 views

BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting XSS Date: 04/07/2021 Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Step 1 : Login to admin account in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.266 views

WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Himamshu Dilip Kulkarni Software Link: https://wordpress.org/plugins/rss-for-yandex-turbo/ Version: 1.29 Tested on: Windows Steps to reproduce vulnerability: 1. Install...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.778 views

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.473 views

Hasura GraphQL 1.3.3 - Local File Read

Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.325 views

GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

9.8CVSS7.4AI score0.806EPSS
Exploits12
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.497 views

OpenEMR 5.0.2.1 - Remote Code Execution

Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution Exploit Author: Hato0, BvThTrd Date: 2020-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Version: 5.0.2.1 without patches...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.284 views

Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration

Exploit Title: Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration Date: 1/21/2021 Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25681 CVE-2021-25681 - AdTran Personal Phone...

7.5CVSS7.6AI score0.10792EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.261 views

Tenda D151 & D301 - Configuration Download (Unauthenticated)

Exploit Title: Tenda D151 & D301 - Configuration Download Unauthenticated Date: 19-04-2021 Exploit Author: BenChaliah Author link: https://github.com/BenChaliah Vendor Homepage: https://www.tendacn.com Software Link: https://www.tendacn.com/us/download/detail-3331.html Versions: - D301 1.2.11.2EN...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.305 views

Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)

Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting XSS Date: 1/21/2021 Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25680...

6.1CVSS6.5AI score0.02445EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.286 views

RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: RemoteClinic 2 - 'Multiple' Cross-Site Scripting XSS Exploit Author: nu11secur1ty Debug: g3ck0dr1v3r Date: 04/21/2021 Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...

5.4CVSS5.6AI score0.01773EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.273 views

Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)

Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting XSS Date: 1/21/2021 Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25679...

5.4CVSS5.9AI score0.02682EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.536 views

Hasura GraphQL 1.3.3 - Denial of Service

Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.446 views

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Date: 14/01/2021 Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ...

7.5CVSS7.6AI score0.03073EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/16 12:0 a.m.476 views

GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery

Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE Exploit Author: Bobby Cooke boku Date: 15/04/2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact1.1.1.zip&id=1221 Vendor: NetExplorer...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.250 views

glFTPd 2.11a - Remote Denial of Service

Exploit Title: glFTPd 2.11a - Remote Denial of Service Date: 15/05/2021 Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.265 views

htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor Homepage: https://www.htmly.com/ Software Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 !/usr/bin/python3 from selenium import webdriver from...

5.4CVSS5.7AI score0.01898EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.270 views

Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)

Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting XSS Date: 15/04/2021 Exploit Author: Akash Chathoth Vendor Homepage: http://tileserver.org/ Software Link: https://github.com/maptiler/tileserver-gl Version: versions alertdocument.domain...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.838 views

Horde Groupware Webmail 5.2.22 - Stored XSS

Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty Date: 04.14.2021 Vendor: https://www.horde.org/apps/webmail Link: https://github.com/horde/webmail/releases CVE: CVE-2021-26929 + Exploit Source:...

6.1CVSS6.2AI score0.04944EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.366 views

CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)

Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection Authenticated Google Dork: "citsmart.local" Date: 11/03/2021 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.2...

8.8CVSS8.9AI score0.05767EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.300 views

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE

Exploit Title: Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE Date: 12-4-2021 Exploit Author: Jay Sharma Version: Genexis PLATINUM 4410 2.1 P4410-V2-1.28 Tested on: V2.1 CVE : CVE-2021-29003 steps to reproduce Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute...

9.8CVSS9.7AI score0.45417EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.620 views

Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)

Exploit Title: Digital Crime Report Management System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.317 views

CITSmart ITSM 9.1.2.22 - LDAP Injection

Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection Google Dork: "citsmart.local" Date: 29/12/2020 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.23 Using this LDAP query in the usernam...

9.8CVSS9.7AI score0.13309EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.453 views

MariaDB 10.2 - 'wsrep_provider' OS Command Execution

Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Date: 03/18/2021 Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through...

9CVSS7.3AI score0.38179EPSS
Exploits9
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.6383 views

jQuery 1.0.3 - Cross-Site Scripting (XSS)

Exploit Title: jQuery 1.0.3 - Cross-Site Scripting XSS Date: 04/29/2020 Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0 CVE : CVE-2020-11023 Proof of Concept 1: Proof of Concept 2 Only jQuery 3.x affected: "...

6.9CVSS7.3AI score0.8383EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.8236 views

jQuery 1.2 - Cross-Site Scripting (XSS)

Exploit Title: jQuery 1.2 - Cross-Site Scripting XSS Date: 04/29/2020 Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.2 and before 3.5.0 CVE : CVE-2020-11022 Proof of Concept 1:...

6.9CVSS7AI score0.99019EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/04/13 12:0 a.m.553 views

Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)

Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/13 12:0 a.m.771 views

ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow

Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow Date: 09-04-2021 Exploit Author: Jai Kumar Sharma Vendor Homepage: https://www.expressvpn.com/ Software Link: https://www.expressvpn.com/vpn-software/vpn-router Version: version 1 Tested on: Windows/Ubuntu/MacOS CVE ...

7.5CVSS7.6AI score0.16354EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/04/13 12:0 a.m.633 views

Blitar Tourism 1.0 - Authentication Bypass SQLi

Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi Date: 13 April 2021 Exploit Author: sigeri94 Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/ Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master Version: 1....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/12 12:0 a.m.3001 views

vsftpd 2.3.4 - Backdoor Command Execution

Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution Date: 9-04-2021 Exploit Author: HerculesRD Software Link: http://www.linuxfromscratch.org/thomasp/blfs-book-xsl/server/vsftpd.html Version: vsftpd 2.3.4 Tested on: debian CVE : CVE-2011-2523 !/usr/bin/python3 from telnetlib import Telnet...

10CVSS9.6AI score0.96184EPSS
Exploits35
Total number of security vulnerabilities47904