Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.1070 views

Fuel CMS 1.4.1 - Remote Code Execution (2)

Title: Fuel CMS 1.4.1 - Remote Code Execution 2 Exploit Author: Alexandre ZANNI Date: 2020-11-14 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: FILE -h | --help Options: Root URL base path including HTTP scheme,...

9.8CVSS9.6AI score0.82937EPSS
Exploits17
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.1349 views

jQuery UI 1.12.1 - Denial of Service (DoS)

Exploit Title: jQuery UI 1.12.1 - Denial of Service DoS Date: 20 Jan, 2021 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://jqueryui.com/ Software Link: https://jqueryui.com/download/ Version: DoS - jQuery UI 1.12.1 DoS - jQuery UI 1.12.1 Exploit PoC by Rafael Cintra Lopes function...

6.6AI score
Exploits4
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.247 views

EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting Exploit Author: Mahendra Purbia Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Windows 10 Vulnerable...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.238 views

OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)

Title: OpenEMR 5.0.1 - Remote Code Execution Authenticated 2 Exploit Author: Alexandre ZANNI Date: 2020-07-16 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...

9AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.832 views

Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)

Exploit Title: Umbraco CMS 7.12.4 - Remote Code Execution Authenticated Date: 2020-03-28 Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/27 12:0 a.m.470 views

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/27 12:0 a.m.297 views

STVS ProVision 5.9.10 - File Disclosure (Authenticated)

Exploit Title: STVS ProVision 5.9.10 - File Disclosure Authenticated Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 archive.rb Authenticated File Disclosure Vulnerability Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/27 12:0 a.m.407 views

STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)

Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.463 views

Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)

Exploit Title: Simple College Website 1.0 - 'name' Sql Injection Authentication Bypass Exploit Author: Marco Catalano @stunn4 Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.349 views

Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)

Exploit Title: Cemetry Mapping and Information System 1.0 - 'useremail' Sql Injection Authentication Bypass Exploit Author: Marco Catalano Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.253 views

Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting

Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting Exploit Author: Chiragh Arora Hardware Model: Tenda AC5 AC1200 Firmware version: V15.03.06.47multi Tested on: Kali Linux CVE ID: CVE-2021-3186 Date: 25.01.2021 Steps to Reproduce - - Navigate to the Tend...

5.4CVSS6.4AI score0.02506EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.401 views

Simple College Website 1.0 - 'full' Stored Cross Site Scripting

Exploit Title: Simple College Website 1.0 - 'full' Stored Cross Site Scripting Exploit Author: Marco Catalano @stunn4 Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.1608 views

Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)

Exploit Title: Oracle WebLogic Server 12.2.1.0 - RCE Unauthenticated Google Dork: inurl:"/console/login/LoginForm.jsp" Date: 01/26/2021 Exploit Author: CHackA0101 Vendor Homepage: https://www.oracle.com/security-alerts/cpuoct2020.html Version: Oracle WebLogic Server, version 12.2.1.0 Tested on:...

10CVSS9.9AI score0.99997EPSS
Exploits41
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.375 views

Collabtive 3.1 - 'address' Persistent Cross-Site Scripting

Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting Date: 2021-01-23 Exploit Author: Deha Berkin Bir Vendor Homepage: https://collabtive.o-dyn.de/ Version: 3.1 Tested on: Windows & XAMPP CVE: CVE-2021-3298 == Tutorial Executed Payloads " onfocus="alert1" autofocus=" HTML...

5.4CVSS5.6AI score0.02144EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.220 views

Library System 1.0 - 'category' SQL Injection

Exploit Title: Library System 1.0 - 'category' SQL Injection Exploit Author: Aitor Herrero Date: 2021-01-22 Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html Software Link: https://www.sourcecodester.com/php/12275/library-system-using-php.html Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.416 views

MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting

Exploit Title: MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF Date: 1/21/2021 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1428 Version: 1.0 Tested on: Windows 10 1. Description: MyBB Timeline replaces the default MyBB user profile. This introduces...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.329 views

CASAP Automated Enrollment System 1.0 - 'route' Stored XSS

Exploit Title: CASAP Automated Enrollment System 1.0 - 'route' Stored XSS Exploit Author: Richard Jones Date: 2021-01/23 Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.230 views

Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server Unauthenticated Command Injection Vulnerability', 'Description' = %q This module exploits an unauthenticated command injection...

10CVSS7AI score0.87987EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/01/25 12:0 a.m.286 views

CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS

Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS Exploit Author: Anita Gaud Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Link:...

5.4CVSS5.6AI score0.02826EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.390 views

Atlassian Confluence Widget Connector Macro - SSTI

Exploit Title: Atlassian Confluence Widget Connector Macro - SSTI Date: 21-Jan-2021 Exploit Author: 46o60 Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-6.12.1-x64.bin Version...

10CVSS9.8AI score0.99913EPSS
Exploits20
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.161 views

ERPNext 12.14.0 - SQL Injection (Authenticated)

Exploit Title: ERPNext 12.14.0 - SQL Injection Authenticated Date: 21-01-21 Exploit Author: Hodorsec Vendor Homepage: http://erpnext.org Software Link: https://erpnext.org/download Version: 12.14.0 Tested on: Ubuntu 18.04 !/usr/bin/python3 AUTHENTICATED SQL INJECTION VULNERABILITY In short: Found...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.158 views

CASAP Automated Enrollment System 1.0 - Authentication Bypass

Exploit Title: CASAP Automated Enrollment System 1.0 - Authentication Bypass Exploit Author: Himanshu Shukla Date: 2021-01-21 Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.142 views

Library System 1.0 - Authentication Bypass

Exploit Title: Library System 1.0 - Authentication Bypass Via SQL Injection Exploit Author: Himanshu Shukla Date: 2021-01-21 Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.279 views

Selea Targa IP OCR-ANPR Camera - CSRF Add Admin

Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.137 views

Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - Multiple SSRF Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.304 views

Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure Vendor: Selea s.r.l. Product we...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.266 views

Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com !/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.163 views

Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated RTP/RTSP/M-JPEG Stream Disclosure Vendor: Selea s.r.l. Product web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.206 views

Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)

Exploit Title: Oracle WebLogic Server 14.1.1.0 - RCE Authenticated Date: 2021-01-21 Exploit Author: Photubias Vendor Advisory: 1 https://www.oracle.com/security-alerts/cpujan2021.html Vendor Homepage: https://www.oracle.com Version: WebLogic 10.3.6.0, 12.1.3.0, 12.2.1.3, 12.2.1.4, 14.1.1.0 fixed ...

7.2CVSS7.2AI score0.70241EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.172 views

Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite

Exploit Title: Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite Vendor: Selea s.r.l. Product web page: https://www.selea.com...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.321 views

Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Remote Program Execution Date: 08.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.270 views

Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'fileslist' Remote Stored XSS Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Remote Stored XSS Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/22 12:0 a.m.327 views

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Date: 08.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected versio...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/21 12:0 a.m.142 views

Anchor CMS 0.12.7 - CSRF (Delete user)

Exploit Title: Anchor CMS 0.12.7 - CSRF Delete user Exploit Author: Ninad Mishra Vendor Homepage: https://anchorcms.com/ Software Link: https://anchorcms.com/download Version: 0.12.7 CVE : CVE-2020-23342 PoC the cms uses get method to perform sensitive actions hence users can be deleted via...

8.8CVSS8.8AI score0.12428EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/01/21 12:0 a.m.310 views

Apartment Visitors Management System 1.0 - 'email' SQL Injection

Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/21 12:0 a.m.592 views

Online Documents Sharing Platform 1.0 - 'user' SQL Injection

Exploit Title: Online Documents Sharing Platform 1.0 - 'user' SQL Injection Date: 21.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://www.sourcecodester.com/php/14653/online-documents-sharing-platform-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/21 12:0 a.m.194 views

Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Simple JobBoard Authenticated File Read Vulnerability', 'Description' = %q This module exploits an authenticated directory traversal vulnerabilit...

7.7CVSS7.6AI score0.30479EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/01/21 12:0 a.m.350 views

Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting

Exploit Title: Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting Date: 1-20-2021 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/20 12:0 a.m.130 views

ChurchRota 2.6.4 - RCE (Authenticated)

Exploit Title: ChurchRota 2.6.4 - RCE Authenticated Date: 1/19/2021 Exploit Author: Rob McCarthy @slixperi Vendor Homepage: https://github.com/Little-Ben/ChurchRota Software Link: https://github.com/Little-Ben/ChurchRota Version: 2.6.4 Tested on: Ubuntu import requests from pwn import listen...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/20 12:0 a.m.123 views

Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS

Exploit Title: Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS Exploit Author: omurugur Vendor Homepage: https://www.oracle.com/security-alerts/cpujan2021.html Version: 11.1.1.7.140715 Author Web: https://www.justsecnow.com Author Social: @omurugurrr Stored XSS:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/20 12:0 a.m.208 views

Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)

Exploit Title: Voting System 1.0 - File Upload RCE Authenticated Remote Code Execution Date: 19/01/2021 Exploit Author: Richard Jones Vendor Homepage:https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/19 12:0 a.m.387 views

osTicket 1.14.2 - SSRF

Exploit Title: osTicket 1.14.2 - SSRF Date: 18-01-2021 Exploit Author: Talat Mehmood Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Version: 4. After submitting this comment, print this ticket. 5. You'll receive a hit on your malicious website from the intern...

9.8CVSS9.6AI score0.73267EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.406 views

Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)

Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare Authenticated Date: 2020-03-29 Exploit Author: Henrik Pedersen Vendor Homepage: https://intenogroup.com/ Version: Iopsys -p -k Requires: impacket websocket-client On Windows: pyreadline """ def ubusAuthhost, username,...

9CVSS1.1AI score0.11075EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.260 views

Life Insurance Management System 1.0 - 'client_id' SQL Injection

Exploit Title: Life Insurance Management System 1.0 - 'clientid' SQL Injection Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.310 views

Cisco UCS Manager 2.2(1d) - Remote Command Execution

Exploit Title: Cisco UCS Manager 2.21d - Remote Command Execution Description: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System UCS Manager before 2.24b, 2.25 before 2.25a, and 3.0 before 3.02e allows remote attackers to execute...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.298 views

Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)

Exploit Title: Xwiki CMS 12.10.2 - Cross Site Scripting XSS Date: 17-01-2021 Exploit Author: Karan Keswani Vendor Homepage: https://www.xwiki.org/xwiki/bin/view/Main/WebHome Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: Xwiki CMS- 12.10.2 Tested on: Windows 10 Description...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.890 views

Life Insurance Management System 1.0 - File Upload RCE (Authenticated)

Exploit Title: Life Insurance Management System 1.0 - File Upload RCE Authenticated Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.242 views

Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.221 views

E-Learning System 1.0 - Authentication Bypass

Exploit Title: E-Learning System 1.0 - Authentication Bypass & RCE Exploit Author: Himanshu Shukla & Saurav Shukla Date: 2021-01-15 Vendor Homepage: https://www.sourcecodester.com/php/12808/e-learning-system-using-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.478 views

Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)

Exploit Title: Online Hotel Reservation System 1.0 - Cross-site request forgery CSRF Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904