Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.503 views

Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path

Exploit Title: Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.luidia.com Software Link: http://down.myequil.com/dn/setup/ScrapBookwin/down.html Tested Version: 3.6 Tested on OS: Windows 10 Pro...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.320 views

Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure

Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Date: 04-02-2021 Exploit Author: Berkan Er Vendor Homepage: https://www.sonlogger.com/ Version: 4.2.3.3 Tested on: Windows 10 Enterprise x64 Version 1803 A remote attacker can be create an user with SuperAdmin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.566 views

SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

9.8CVSS7.4AI score0.46021EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.316 views

eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path

Exploit Title: eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.luidia.com Tested Version: 2.5.0.9 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/15 12:0 a.m.360 views

openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting

Exploit Title: openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Date: 13/03/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.openmaint.org/ Software Link: https://sourceforge.net/projects/openmaint/files/2.1/Core%20updates/openmaint-2.1-3.3.1/ Version: 2.1-3...

6.1CVSS6.6AI score0.02986EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/03/14 12:0 a.m.256 views

Microsoft Exchange 2019 - Server-Side Request Forgery

import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/12 12:0 a.m.360 views

Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths

Exploit Title: Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths Date: 2020-11-6 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.vembu.com/ Software Link: https://sg-build-release.s3.amazonaws.com/BDRSuite/V420/4202020051312/VembuBDRBackupServerSetup4201U1GA.exe Version: Versi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/12 12:0 a.m.806 views

Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)

Exploit Title: Monitoring System Dashboard 1.0 - File Upload RCE Authenticated Exploit Author: Richard Jones Date: 2021-03-11 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/12 12:0 a.m.381 views

Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection

Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.54 views

CouchCMS 2.2.1 - Persistent Cross-Site Scripting

Exploit Title: CouchCMS 2.2.1 - XSS via SVG file upload Date: 2021-01-25 Exploit Author: xxcdd Vendor Homepage: https://github.com/CouchCMS/CouchCMS Software Link: https://github.com/CouchCMS/CouchCMS Version: v2.2.1 Tested on: Windows 7 An issue was discovered in CouchCMS v2.2.1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.196 views

Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)

Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.4445 views

Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)

Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.303 views

NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation

Exploit Title: NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation Date: 01.03.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.nucom.es Vendor: NUEVAS COMUNICACIONES IBERIA, S.A. Product web page: https://www.nucom.es Affected version: 5.07.90multiNCM01 5.07.89multiNCM01...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.313 views

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Date: 1/30/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin...

6.1CVSS6.6AI score0.00854EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/10 12:0 a.m.411 views

Atlassian JIRA 8.11.1 - User Enumeration

Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...

5.3CVSS6AI score0.99603EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/03/09 12:0 a.m.277 views

Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path

Exploit Title: Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: sandboxie-plus.com Software Link: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.2/Sandboxie-Plus-x64-v0.7.2.exe Version: Version 0.7.2 Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/09 12:0 a.m.262 views

Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)

Golden FTP Server 4.70 - 'PASS' Buffer Overflow 2 Author: 1F98D Original Authors: Craig Freyman cd1zz and Gerardo Iglesias Galvan iglesiasgg Tested on Windows 10 x64 A buffer overflow exists in GoldenFTP during the authentication process. Note that the source ip address of the user performing the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/09 12:0 a.m.297 views

bVPN 2.5.1 - 'waselvpnserv' Unquoted Service Path

Exploit Title: bVPN 2.5.1 - 'waselvpnserv' Unquoted Service Path Date: 2021-1-19 Exploit Author: Mohammed Alshehri Vendor Homepage: https://carolcoral.github.io/no-freevpn/ Software Link: https://github.com/carolcoral/no-freevpn/releases/download/BVPN%4020190225/bVPN251setup.exe Version: Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/09 12:0 a.m.284 views

FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path

Exploit Title: FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: www.freelan.org Software Link: https://github.com/freelan-developers/freelan/releases/download/2.2/freelan-2.2.0-x86-install.exe Version: Version 2.2 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.426 views

Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)

Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection 2 Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/ Date: 05/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor Version: 6.4.4 Tested on: Debian 10 CVE :...

9.8CVSS9.6AI score0.82976EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.390 views

Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path

Exploit Title: Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://pingzapper.com Software Links: https://pingzapper.com/download Tested Version: 2.3.1 Vulnerability Type: Unquoted Service Path Tested on: Windows 8.1 Pro...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.345 views

Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path

Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.568 views

Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

Exploit Title: Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.743 views

Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.399 views

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

7.5CVSS7.6AI score0.02252EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/05 12:0 a.m.510 views

Fluig 1.7.0 - Path Traversal

Exploit Title: Fluig 1.7.0 - Path Traversal Date: 26/11/2020 Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt...

8.9AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/05 12:0 a.m.243 views

CatDV 9.2 - RMI Authentication Bypass

Exploit Title: CatDV 9.2 - RMI Authentication Bypass Date: 3/1/2021 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: https://catdv.com/ Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe Version: 9.2 and lower Tested on: Windows, Mac import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.243 views

Textpattern 4.8.3 - Remote code execution (Authenticated) (2)

Exploit Title: Textpattern 4.8.3 - Remote code execution Authenticated 2 Date: 03/03/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.211 views

Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Date: 2021-03-04 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.219 views

Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)

Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection Authenticated Date: 04-03-2021 Exploit Author: Deepak Kumar Bharti Vendor Homepage: https://www.sourcecodester.com Software Download Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.218 views

Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)

Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.363 views

Online Ordering System 1.0 - Arbitrary File Upload

Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.513 views

e107 CMS 2.3.0 - CSRF

Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...

8.8CVSS8.8AI score0.03207EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.255 views

Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)

Exploit Title: Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.8.4 Tested on: Windows Steps-To-Reproduce: 1. Login into...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/03 12:0 a.m.177 views

Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - Blind & Error based SQL injection Authenticated Date: 2021-03-02 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/03 12:0 a.m.411 views

AnyDesk 5.5.2 - Remote Code Execution

Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Date: 09/06/20 Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/03 12:0 a.m.436 views

Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - 'name' Persistent Cross-Site Scripting XSS Date: 2021-03-03 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/02 12:0 a.m.350 views

Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: P.Naveen Kumar Vendor Homepage: https://www.sourcecodester.com Software Download Link :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/02 12:0 a.m.233 views

Tiny Tiny RSS - Remote Code Execution

Exploit Title: Tiny Tiny RSS - Remote Code Execution Date: 21/09/2020 Exploit Author: Daniel Neagaru & Benjamin Nadarević Blog post: https://www.digeex.de/blog/tinytinyrss/ Software Link: https://git.tt-rss.org/fox/tt-rss Version: all before 2020-09-16 Commit with the fixes:...

10CVSS9.6AI score0.18417EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/02 12:0 a.m.517 views

Zen Cart 1.5.7b - Remote Code Execution (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...

9CVSS7.4AI score0.16782EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/02 12:0 a.m.342 views

Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: Praharsh Kumar Singh Vendor Homepage: https://www.sourcecodester.com Software Download Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.359 views

WiFi Mouse 1.7.8.5 - Remote Code Execution

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Date: 25-02-2021 Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 Desktop Server software used by mobile app has PIN option whic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.479 views

Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Online Catering Reservation System 1.0 - Unauthenticated Remote Code Execution Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.711 views

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

9.8CVSS9.6AI score0.97512EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.400 views

Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/01 12:0 a.m.772 views

VMware vCenter Server 7.0 - Unauthenticated File Upload

Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload Date: 2021-02-27 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Version: vCenter Server 6.5 7515524. File name CVE-2021-21972.py written by tijldotdeneutathowestdotb...

10CVSS9.9AI score0.9957EPSS
Exploits47
Exploit DB
Exploit DB
added 2021/02/26 12:0 a.m.181 views

LightCMS 1.3.4 - 'exclusive' Stored XSS

Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Date: 25/02/2021 Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux...

5.4CVSS5.5AI score0.0725EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/02/26 12:0 a.m.966 views

Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)

Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/26 12:0 a.m.219 views

Triconsole 3.75 - Reflected XSS

Exploit Title: Triconsole 3.75 - Reflected XSS Google Dork: inurl : /calendar/calendarform.php Date: 15/2/2021 Exploit Author: Akash Chathoth Vendor Homepage: http://www.triconsole.com/ Software Link: http://www.triconsole.com/php/calendardatepicker.php Version: alertdocument.domain...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/26 12:0 a.m.598 views

Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)

!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...

7.4AI score
Exploits0
Total number of security vulnerabilities47904