Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.218 views

WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities

Exploit Title: WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/digital-publications-by-supsystic.1.6.9.zip Version: 1.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.956 views

Microsoft Internet Explorer 11 32-bit - Use-After-Free

Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...

7.6CVSS8.2AI score0.86863EPSS
Exploits17
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.263 views

Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.244 views

WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion

Exploit Title: WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/backup-by-supsystic.zip Version: 2.3.9 Tested on: Ubuntu 16.04.6 LTS /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.373 views

YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery

Title: YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery Date: 09.01.2021 Author: Numan Türle Vendor Homepage: https://mfscripts.com Software Link: https://yetishare.com Version: v5.1.0 Tested on: YetiShare - File Hosting Script v5.1.0, Php Version : 7.4 Summary ---------...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.412 views

WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities

Exploit Title: WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip Version: 1.8.7 and 1.8.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.368 views

AMD Fuel Service - 'Fuel.service' Unquote Service Path

Exploit Title: AMD Fuel Service - 'Fuel.service' Unquote Service Path Discovery by: Hector Gerbacio Discovery Date: 2021-02-05 Vendor Homepage: https://www.amd.com/ Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.359 views

WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection

Exploit Title: WordPress Plugin Welcart e-Commerce 2.0.0 - 'searchordercolumn0' SQL injection Date: 04/08 2020 Exploit Author: Erik David Martin Vendor Homepage: https://www.welcart.com/ Software Link: https://downloads.wordpress.org/plugin/usc-e-shop.2.0.0.zip Category: Web Application Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.279 views

SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS

Exploit Title: SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS Date: 29.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.479 views

Millewin 13.39.146.1 - Local Privilege Escalation

Exploit Title: Millewin 13.39.146.1 - Local Privilege Escalation Date: 2021-02-07 Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link:...

8.8CVSS8.9AI score0.05794EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.234 views

SmartFoxServer 2X 2.17.0 - Credentials Disclosure

Exploit Title: SmartFoxServer 2X 2.17.0 - Credentials Disclosure Date: 29.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com SmartFoxServer 2X 2.17.0 Credentials Disclosure Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Serve...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.292 views

Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail .jpg 2. Go to New mail, select recipient and the select attachment. Code gets executed as right...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.309 views

Jenzabar 9.2.2 - 'query' Reflected XSS.

Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...

6.1CVSS7.4AI score0.12578EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/02/08 12:0 a.m.377 views

SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution

Exploit Title: SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution Date: 29.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/05 12:0 a.m.343 views

SEO Panel 4.6.0 - Remote Code Execution (2)

Exploit Title: SEO Panel 4.6.0 - Remote Code Execution 2 Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.seopanel.org/https://www.kentico.com/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Ubuntu 20.04 !/usr/bin/env python3 ''' DESCRIPTION...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/05 12:0 a.m.1711 views

PhreeBooks 5.2.3 ERP - Remote Code Execution (2)

Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/05 12:0 a.m.374 views

LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)

Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/03 12:0 a.m.300 views

Pixelimity 1.0 - 'password' Cross-Site Request Forgery

Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery Date: 2020-06-03 Exploit Author: Noth Vendor Homepage: https://github.com/pixelimity/pixelimity Software Link: https://github.com/pixelimity/pixelimity Version: v1.0 CVE : 2020-23522 Pixelimity 1.0 has cross-site request forger...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/03 12:0 a.m.291 views

Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1)

Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...

7.8CVSS8.6AI score0.99295EPSS
Exploits81
Exploit DB
Exploit DB
added 2021/02/03 12:0 a.m.561 views

Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2)

Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 2 Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Date: 30.01.2021 Vendor: https://www.sudo.ws/ Link: https://www.sudo.ws/download.html CVE: CVE-2021-3156 + Source:...

7.8CVSS8.6AI score0.99295EPSS
Exploits81
Exploit DB
Exploit DB
added 2021/02/03 12:0 a.m.810 views

Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution

Exploit Title: Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution Date: 3/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: V 2.0 Tested on Windows 10, XAMPP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.209 views

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc.c - Solaris/SPARC FMT PoC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.194 views

Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel.c - Solaris/Intel 0day? LPE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.639 views

Student Record System 4.0 - 'cid' SQL Injection

Exploit Title: Student Record System 4.0 - 'cid' SQL Injection Date: 2/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip Version: V 4.0 Tested on: Windows、XAMPP Identify the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.425 views

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintnamesparc3.c - dtprintinfo on Solaris 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.419 views

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/02 12:0 a.m.260 views

Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)

Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel2.c - Solaris/Intel FMT LPE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.816 views

Klog Server 2.4.1 - Command Injection (Authenticated)

Exploit Title: Klog Server 2.4.1 - Command Injection Authenticated Date: 26.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection CVE: 2021-3317 """...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.371 views

WordPress 5.0.0 - Image Remote Code Execution

Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.380 views

Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting

Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting Date: 2021-01-30 Exploit Author: Anmol K Sachan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/ Software: : Vehicle...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.447 views

Park Ticketing Management System 1.0 - 'viewid' SQL Injection

Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Version: V1 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.260 views

Roundcube Webmail 1.2 - File Disclosure

Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...

7.8CVSS7.8AI score0.36919EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.308 views

H8 SSRMS - 'id' IDOR

Exploit Title: H8 SSRMS - 'id' IDOR Date: 01/31/2021 Exploit Author: Mohammed Farhan Vendor Homepage: https://www.height8tech.com/ Version: H8 SSRMS Tested on: Windows 10 Vulnerability Details ====================== Login to the application Navigate to Payment Section and Click on Print button. I...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.185 views

MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting Date: 11/28/2018 Author: 0xB9 Software Link: https://github.com/zainali99/trends-widget Version: 1.2 Tested on: Windows 10 1. Description: This plugin shows the most trending threads. Trending thread titles aren't sanitized to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.341 views

bloofoxCMS 0.5.2.1 - CSRF (Add user)

Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.261 views

MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting Date: 7/23/2018 Author: 0xB9 Software Link: https://github.com/jamiesage123/Thread-Redirect Version: 0.2.1 Tested on: Windows 10 1. Description: This plugin allows threads to redirect to a URL with optional custom text. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.451 views

User Management System 1.0 - 'uid' SQL Injection

Exploit Title: User Management System 1.0 - 'uid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ Version: V1 Tested on: Windows Identify...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.324 views

MyBB Delete Account Plugin 1.4 - Cross-Site Scripting

Exploit Title: MyBB Delete Account Plugin 1.4 - Cross-Site Scripting Date: 1/25/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://github.com/vintagedaddyo/MyBBPlugin-DeleteAccount/ Version: 1.4 Tested on: Windows 10 1. Description: This plugin allows users to delete...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.472 views

Zoo Management System 1.0 - 'anid' SQL Injection

Exploit Title: Zoo Management System 1.0 - 'anid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: V1 Tested on: Windows Identify the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.347 views

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.362 views

Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal

Exploit Title: Home Assistant Community Store HACS 1.10.0 - Path Traversal to Account Takeover Date: 2021-01-28 Exploit Author: Lyghtnox Vendor Homepage: https://www.home-assistant.io/ Software Link: https://github.com/hacs/integration Version: 1.10.0 Tested on: Raspbian + Home Assistant 2021.1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.317 views

Quick.CMS 6.7 - Remote Code Execution (Authenticated)

Exploit Title: Quick.CMS 6.7 - Remote Code Execution Authenticated Date: 2020-12-28 Exploit Author: mari0x00 Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/?sFile=Quick.Cmsv6.7-pl.zip Description:...

7.2CVSS7.1AI score0.10458EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.505 views

Simple Public Chat Room 1.0 - Authentication Bypass SQLi

Exploit Title: Simple Public Chat Room 1.0 - Authentication Bypass SQLi Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.234 views

MyBB Hide Thread Content Plugin 1.0 - Information Disclosure

Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...

7.5CVSS7.7AI score0.11467EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.176 views

BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting

Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Vulnerable paper:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.332 views

Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting

Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.301 views

Online Grading System 1.0 - 'uname' SQL Injection

Exploit Title: Online Grading System 1.0 - 'uname' SQL Injection Date: 2021-01-28 Exploit Author: Ruchi Tiwari Vendor Homepage: https://www.sourcecodester.com/php/13711/online-grading-system-using-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.1349 views

jQuery UI 1.12.1 - Denial of Service (DoS)

Exploit Title: jQuery UI 1.12.1 - Denial of Service DoS Date: 20 Jan, 2021 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://jqueryui.com/ Software Link: https://jqueryui.com/download/ Version: DoS - jQuery UI 1.12.1 DoS - jQuery UI 1.12.1 Exploit PoC by Rafael Cintra Lopes function...

6.6AI score
Exploits4
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.899 views

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload

Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Exploit Author: ABDO10 Date : Jan - 28 - 2021 Google Dork : inurl:"/wp-content/plugins/super-forms/" Vendor Homepage : https://renstillmann.github.io/super-forms// Version : All = 4.9.X data in http...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.247 views

EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting Exploit Author: Mahendra Purbia Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Windows 10 Vulnerable...

7.4AI score
Exploits0
Total number of security vulnerabilities47904