Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2020/12/08 12:0 a.m.362 views

Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting

Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/08 12:0 a.m.187 views

Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path

Exploit Title: Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-12-2020 Vendor Homepage: https://www.microsoft.com Software Links : https://www.microsoft.com/en-us/p/xbox-beta/9mv0b5hzvk9z?activetab=pivot:overviewtab Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.758 views

Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path

Exploit Title: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 05-12-2020 Vendor Homepage: https://www.kite.com/ Software Links : https://www.kite.com/download/ Tested Version: 1.2020.1119.0 Vulnerability Type: Unquoted Service Path Tested on OS:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.487 views

Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting

Exploit Title: Cyber Cafe Management System Project CCMS 1.0 - Persistent Cross-Site Scripting Date: 04-12-2020 Exploit Author: Pruthvi Nekkanti Vendor Homepage: https://phpgurukul.com Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ Version: 1.0 Tested on: Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.569 views

Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path

Exploit Title: Rumble Mail Server 0.51.3135 - 'rumblewin32.exe' Unquoted Service Path Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.514 views

vBulletin 5.6.3 - 'group' Cross Site Scripting

Exploit Title: vBulletin 5.6.3 - 'group' Cross Site Scripting Date: 05.09.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox & Opera Google Dorks: "Powered by vBulletin® Version 5.6.3" Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.453 views

RarmaRadio 2.72.5 - Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.5 - Denial of Service PoC Date: 2020-05-12 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: https://www.raimersoft.com/rarmaradio.html Version: 2.75.5 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program TapinRadio In...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.616 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

7.8CVSS7.8AI score0.08607EPSS
Exploits12
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.595 views

Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow

Dup Scout Enterprise 10.0.18 - 'onlineregistration' Remote Buffer Overflow Requires web service to be enabled. Tested on Windows 10 Pro x64 Based on: https://www.exploit-db.com/exploits/43145 and https://www.exploit-db.com/exploits/40457 Credits: Tulpa and SICKNESS for original exploits Modified:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.553 views

TapinRadio 2.13.7 - Denial of Service (PoC)

Exploit Title: TapinRadio 2.13.7 - Denial of Service PoC Date: 2020-05-12 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Version: 2.13.7 x64 Tested on: Windows 10 Home x64 STEPS Open the program TapinRadio...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.455 views

Savsoft Quiz 5 - 'Skype ID' Stored XSS

Exploit Title: Savsoft Quiz 5 - 'Skype ID' Stored XSS Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://savsoftquiz.com Software Link: https://github.com/savsofts/savsoftquizv5 Version: 5 Tested on Windows 10 Attack Vector: This vulnerability can results attacker to inject the XSS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.1084 views

Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection

Exploit Title: Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection Date: 2020-12-04 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/geraked/phpscript-sgh Software Link: https://github.com/geraked/phpscript-sgh Version: 0.1.0 Tested on: Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.985 views

IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path

Exploit Title: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Discovery by: Diego Cañada Software link: https://www.pconlife.com/download/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/ Discovery Date: 2020-12-03 Tested Version: 1.0.6499.0 Vulnerability Type: Unquoted Service Path...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.903 views

MiniCMS 1.10 - 'content box' Stored XSS

Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS Date: 2019-7-4 Exploit Author: yudp Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:https://github.com/bg5sbk/MiniCMS Version: 1.10 CVE :CVE-2019-13339 Payload:alert"3: "+document.domain In /MiniCMS/mc-admin/page-edit.php POC...

4.8CVSS5.2AI score0.00631EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.884 views

Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting

Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Date: 3-12-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.34 Tested on: Windows 10/ Kali Linux Steps To Reproduce :- 1. Install the CM...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.872 views

Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)

Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...

5.3CVSS5.2AI score0.27771EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.847 views

Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - 'fieldtitle' Stored Cross-Site Scripting Date: 2020-09-02 Exploit Author: Dhruv Pateldhruvp111296 Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10 Attack vector: This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.1011 views

CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)

Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.927 views

Chromium 83 - Full CSP Bypass

Title: Chromium 83 - Full CSP Bypass Date: 02/09/2020 Exploit Author: Gal Weizman Vendor Homepage: https://www.chromium.org/ Software Link: https://download-chromium.appspot.com/ Version: 83 Tested On: Mac OS, Windows, iPhone, Android CVE: CVE-2020-6519 function var payload = top.SUCCESS = true;...

6.5CVSS8.1AI score0.1132EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.962 views

Laravel Nova 3.7.0 - 'range' DoS

Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.869 views

Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Date: 04-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.formalms.org/download.html Software Link: https://www.formalms.org/ Version: 2.3 Tested on: Windows 10/Kali Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.949 views

Testa Online Test Management System 3.4.7 - 'q' SQL Injection

Exploit Title: Testa Online Test Management System 3.4.7 - 'q' SQL Injection Date: 2020-07-21 Google Dork: N/A Exploit Author: Ultra Security Team Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad Khalifeh , Milad Ranjbar Vendor Homepage: https://testa.cc Version: v3.4.7 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/04 12:0 a.m.1092 views

Zabbix 5.0.0 - Stored XSS via URL Widget Iframe

Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe Date: 8/11/2020 Exploit Author: Shwetabh Vishnoi Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/download Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before...

6.1CVSS6.6AI score0.32304EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.581 views

Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure

Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure Date: 20.09.2020 Exploit Author: LiquidWorm Vendor Homepage: https://pro-bravia.sony.net Version: 1.7.8 Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure Vendor: Sony Electronics Inc. Product we...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.698 views

Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting

Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux CVE:...

4.8CVSS5.4AI score0.01082EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.641 views

Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion

Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion Date: 20.09.2020 Exploit Author: LiquidWorm Vendor Homepage: https://pro-bravia.sony.net Version: 1.7.8 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion Vendor: Sony Electronics Inc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.764 views

mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting

Exploit Title: mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Date: 3-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://mojoportal.com Software Link: https://www.mojoportal.com/download Version: 2.7.0.0 Tested on: Windows 10/Kali Linux Attack vector: This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.509 views

EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass

Exploit Title: EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass Date: 02-12-2020 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/egm-address-book/ Version: 1.0 Tested on: PopOS Attack Vector: An attacker can gain...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.636 views

Online Matrimonial Project 1.0 - Authenticated Remote Code Execution

Exploit Title: Online Matrimonial Project 1.0 - Authenticated Remote Code Execution Exploit Author: Valerio Alessandroni Date: 2020-10-07 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-matrimonial-project-in-php/ Source Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.116 views

User Registration & Login and User Management System 2.1 - Cross Site Request Forgery

Exploit Title: User Registration & Login and User Management System 2.1 - Cross Site Request Forgery Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://phpgurukul.com Software Link: http://user-registration-login-and-user-management-system-with-admin-panel Version: 5 Tested on Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/03 12:0 a.m.475 views

Coastercms 5.8.18 - Stored XSS

Exploit Title: Coastercms 5.8.18 - Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.coastercms.org/ Software Link: https://www.coastercms.org/ Version: 5.8.18 Tested on Windows 10 XSS IMPACT: 1: Steal the cookie 2: User redirection to a malicious website Vulnerable Parameter...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.397 views

Pharmacy Store Management System 1.0 - 'id' SQL Injection

Exploit Title: Pharmacy Store Management System 1.0 - 'id' SQL Injection Google Dork: N/A Date: 1.12.2020 Exploit Author: Aydın Baran Ertemir Vendor Homepage: https://www.sourcecodester.com/php/13225/pharmacy-store-management-system.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.511 views

PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS

Exploit Title: PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS Date: 2/12/2020 Exploit Author: Amin Rawah Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/prtg Version: 20.4.63.1412 x64 Tested on: Windows CVE : CVE-2020-14073 Description: Since there is...

5.4CVSS5.6AI score0.02857EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.455 views

WonderCMS 3.1.3 - Authenticated Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE :...

9.8CVSS9.7AI score0.26912EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.529 views

WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu...

9.8CVSS9.7AI score0.45221EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.413 views

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting Exploit Author: Soushikta Chowdhury Vendor Homepage: http://egavilanmedia.com Software Link: http://egavilanmedia.com/user-registration-and-login-system-with-admin-panel/ Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.444 views

ILIAS Learning Management System 4.3 - SSRF

Exploit Title: ILIAS Learning Management System 4.3 - SSRF Date: 10-08-2020 Exploit Author: Dot/kx1z0 Vendor Homepage: https://www.ilias.de/ Software Link: https://github.com/ILIAS-eLearning/ILIAS/tree/release4-3 Version: 4.3-5.1 Tested on: Linux Description We can create portfolios, export them ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.389 views

Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality

Exploit Title: Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Tested on: Kali Linux 2020....

7.5CVSS7.7AI score0.06362EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.431 views

ChurchCRM 4.2.0 - CSV/Formula Injection

Exploit Title: ChurchCRM 4.2.1- CSV/Formula Injection Date: 2020- 10- 24 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.0 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of Concept: CSV...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.391 views

Ksix Zigbee Devices - Playback Protection Bypass (PoC)

Exploit Title: Ksix Zigbee Devices - Playback Protection Bypass PoC Date: 2020-11-15 Exploit Author: Alejandro Vazquez Vazquez Vendor Homepage: https://www.ksixmobile.com/ Firmware Version: Gateway Zigbee Module - v1.0.3, Gateway Main Module - v1.1.2, Door Sensor - v1.0.7, PIR Motion Sensor -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.465 views

Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile

Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE Authenticated via Edit Profile Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects https://code-projects.org Software Link:...

9CVSS8.9AI score0.11894EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.116 views

Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path

Exploit Title: Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path Discovery by: manuel Alvarez Discovery Date: 2020-11-07 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 1.0.64.7 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 es Step to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.476 views

Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork

Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE Authenticated Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects https://code-projects.org Software Link:...

9CVSS8.9AI score0.11894EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.495 views

WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'menu' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux Contact: https://www.linkedin.com/in/hemantsolo/ CVE: CVE-2020-29469 Attac...

5.4CVSS5.6AI score0.01371EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.422 views

NewsLister - Authenticated Persistent Cross-Site Scripting

Exploit Title: NewsLister - Authenticated Persistent Cross-Site Scripting Date: 2020-11-27 Exploit Author: Emre Aslan Vendor Homepage: https://www.netartmedia.net/newslister.html Tested on: Windows & XAMPP == PoC HTTP Request == GET /admin/index.php?page=add HTTP/1.1 Host: 127.0.0.1:8080...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.430 views

IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path

Exploit Title: IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path Discovery by: Manuel Alvarez Software link: https://www.pconlife.com/download/otherfile/20566/e82994866a370a480607637f28b82835/ Discovery Date: 2020-11-27 Tested Version: 1.0.6433.0 Vulnerability Type: Unquoted Service Path...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.487 views

Microsoft Windows - Win32k Elevation of Privilege

Exploit Title: Microsoft Windows - Win32k Elevation of Privilege Author: nu11secur1ty Date: 08.03.2020 Exploit Date: 01/14/2020 Vendor: Microsoft Software Link: https://support.microsoft.com/en-us/help/3095649/win32k-sys-update-in-windows-october-2015 Exploit link:...

7.8CVSS8.8AI score0.01926EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.438 views

Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover

Exploit Title: Anuko Time Tracker 1.19.23.5311 - Password Reset Vulnerability leading to Account Takeover Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Tested on: Kali...

9.8CVSS9.7AI score0.07764EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.824 views

WordPress Plugin Wp-FileManager 6.8 - RCE

Exploit Title: WordPress Plugin Wp-FileManager 6.8 - RCE Date: September 4,2020 Exploit Author: Mansoor R @time4ster CVE: CVE-2020-25213 Version Affected: 6.0 to 6.8 Vendor URL: https://wordpress.org/plugins/wp-file-manager/ Patch: Upgrade to wp-file-manager 6.9 or above Tested on: wp-file-manage...

10CVSS9.6AI score0.97328EPSS
Exploits14
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.422 views

Mitel mitel-cs018 - Call Data Information Disclosure

Exploit Title: Mitel mitel-cs018 - Call Data Information Disclosure Date: 2003-07-28 Exploit Author: Andrea Intilangelo acme olografix / paranoici Vendor Homepage: www.mitel.com Version: mitel-cs018 Tested on: Windows, Linux There is an interesting bug in a Mitel's servers for Voice over IP that...

7.4AI score
Exploits0
Total number of security vulnerabilities47904