Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.271 views

DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path

Exploit Title: DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-11-08 Vendor : DigitalPersona U. are U. One Touch Version : DigitalPersona Pro 4.5.0.2213 Vendor Homepage : https://www.hidglobal.com/crossmatch Tested on OS: Windows 10 Home...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.275 views

OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path

Exploit Title: OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.oki.com/ Software Link: https://www.oki.com/mx/printing/download/sPSV0100412270910.exe Software Version: 1.0.41 File Version: 1.4.2.0 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.290 views

SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)

Exploit Title: SuiteCRM 7.11.15 - 'lastname' Remote Code Execution Authenticated Date: 08 NOV 2020 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://suitecrm.com/ Software Link: https://github.com/salesagility/SuiteCRM Version: 7.11.15 and below Tested on: Ubuntu 20.04 LTS CVE:...

9CVSS8.7AI score0.63267EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.328 views

IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path

Exploit Title: IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-11-08 Vendor : HTC Version : IPTInstaller 4.0.9 Vendor Homepage : https://www.htc.com/latam/ Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\Users\DSAZ230sc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.289 views

Winstep 18.06.0096 - 'Xtreme Service' Unquoted Service Path

Exploit Title: Winstep 18.06.0096 - 'Xtreme Service' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-11-08 Vendor : Winstep Version : WsxService 18.06.0096 Vendor Homepage : https://www.winstep.net/xtreme.asp Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.250 views

Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)

Exploit Title: Sentrifugo 3.2 - 'assets' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.348 views

CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)

Exploit Title: CMSUno 1.6.2 - 'lang' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.268 views

SmartBlog 2.0.1 - 'id_post' Blind SQL injection

Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.235 views

Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)

Exploit Title: Sentrifugo Version 3.2 - 'announcements' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.346 views

BlogEngine 3.3.8 - 'Content' Stored XSS

Exploit Title: BlogEngine 3.3.8 - 'Content' Stored XSS Date: 11/2020 Exploit Author: Andrey Stoykov Vendor Homepage: https://blogengine.io/ Software Link: https://github.com/BlogEngine/BlogEngine.NET/releases/download/v3.3.8.0/3380.zip Version: 3.3.8 Tested on: Windows Server 2016 Exploit and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.303 views

Amarok 2.8.0 - Denial-of-Service

Exploit Title: Amarok 2.8.0 - Denial-of-Service Date: 1 November 2020 Exploit Author: FishballAndMeatball Vendor Homepage: https://amarok.kde.org/ Software link: https://community.kde.org/Amarok/GettingStarted/Download Version: Amarok 2.8.0 Tested on: Windows 10, Windows 7, Windows XP CVE:...

5.5CVSS5.5AI score0.03429EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.401 views

TP-Link WDR4300 - Remote Code Execution (Authenticated)

Exploit Title: TP-Link WDR4300 - Remote Code Execution Authenticated Date: 2020-08-28 Exploit Author: Patrik Lantz Vendor Homepage: https://www.tp-link.com/se/home-networking/wifi-router/tl-wdr4300/ Version: TL-WDR4300, N750 Wireless Dual Band Gigabit Router Tested on: Firmware version 3.13.33 an...

9CVSS8.8AI score0.52559EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.352 views

iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.412 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.437 views

iDS6 DSSPro Digital Signage System 6.2 - Cross-Site Request Forgery (CSRF)

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Cross-Site Request Forgery CSRF Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.424 views

School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14562/school-log-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.675 views

Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 4-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.460 views

PDW File Browser 1.3 - Remote Code Execution

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/04 12:0 a.m.535 views

Processwire CMS 2.4.0 - 'download' Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/03 12:0 a.m.675 views

Multi Restaurant Table Reservation System 1.0 - 'table_id' Unauthenticated SQL Injection

Title: Multi Restaurant Table Reservation System 1.0 - 'tableid' Unauthenticated SQL Injection Exploit Author: yunaranyancat Date: 02-11-2020 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/03 12:0 a.m.515 views

Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.736 views

Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Remote Code Execution Unauthenticated Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...

9.8AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.862 views

WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload

!/usr/bin/python -- coding: utf-8 -- Exploit Title: Wordpress Plugin Simple File List 4.2.2 - Arbitrary File Upload Date: 2020-11-01 Exploit Author: H4rk3nz0 based off exploit by coiffeur Original Exploit: https://www.exploit-db.com/exploits/48349 Vendor Homepage: https://simplefilelist.com/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.720 views

Quick N Easy FTP Service 3.2 - Unquoted Service Path

Exploit Title: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path Discovery by: yunaranyancat Discovery Date: October 2020 Vendor Homepage: https://www.pablosoftwaresolutions.com/html/quickneasyftpservice.html Software Link : www.pablosoftwaresolutions.com/download.php?id=10 Tested Version: 3....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.863 views

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)

Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker...

7.8CVSS7.8AI score0.39433EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.729 views

Monitorr 1.7.6m - Authorization Bypass

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Authorization Bypass Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...

9.8AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/02 12:0 a.m.1223 views

Apache Flink 1.9.x - File Upload RCE (Unauthenticated)

!/usr/bin/env python3 coding: utf-8 Exploit Title: Apache Flink 1.9.x - File Upload RCE Unauthenticated Google Dork: None Date: 2020.11.01 Exploit Author: bigger.wing Vendor Homepage: https://flink.apache.org/ Software Link: https://flink.apache.org/downloads.html Version: 1.9.x Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.861 views

Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.768 views

Online Job Portal 1.0 - 'userid' SQL Injection

Exploit Title: Online Job Portal 1.0 - 'userid' SQL Injection Google Dork: N/A Date: 2020/10/28 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.604 views

Citadel WebCit < 926 - Session Hijacking Exploit

Exploit Title: Citadel WebCit 926 - Session Hijacking Exploit Exploit Author: Simone Quatrini Version: 926 !/usr/bin/env python3 import argparse import requests import time import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.664 views

CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting

Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.1158 views

DedeCMS v.5.8 - "keyword" Cross-Site Scripting

Exploit Title: DedeCMS v.5.8 - "keyword" Cross-Site Scripting Date: 2020-07-27 Exploit Author: Noth Vendor Homepage: https://github.com/dedetech/DedeCMSv5 Software Link: https://github.com/dedetech/DedeCMSv5 Version: v.5.8 CVE : CVE-2020-27533 A Cross Site Scripting XSS issue was discovered in th...

5.4CVSS5.6AI score0.03463EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.449 views

Online Examination System 1.0 - 'name' Stored Cross Site Scripting

Exploit Title: Online examination system 1.0 - 'name' Stored Cross Site Scripting Date: 29/10/2020 Exploit Author: Nikhil Kumar https://www.linkedin.com/in/nikhil-kumar-4b9443166/ Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.491 views

Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot

Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot Date: 10/28/2020 Exploit Author: Mohammed Farhan Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Author Contact:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.1836 views

WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request

!/usr/bin/python3 Exploit Title: Oracle WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request Exploit Author: Nguyen Jang CVE: CVE-2020-14882 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...

10CVSS9.9AI score0.99997EPSS
Exploits41
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.1173 views

Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)

Title: Mailman 1.x 2.1.23 - Cross Site Scripting XSS Type: Reflected XSS Software: Mailman Version: =1.x = 2.1.23 Vendor Homepage: https://www.list.org Original link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950 POC Author: Valerio Alessandroni Date: 28/10/2020 Description:...

6.1CVSS6.7AI score0.04569EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.477 views

Blueman < 2.1.4 - Local Privilege Escalation

Exploit Title: Local Privilege Escalation in Blueman 2.1.4 Date: 2020-10-27 Exploit Author: Vaisha Bernard vbernard - at - eyecontrol.nl Vendor Homepage: https://github.com/blueman-project/blueman Software Link: https://github.com/blueman-project/blueman Version: 2.1.4 Tested on: Ubuntu 20.04 CVE...

7.1CVSS6.9AI score0.04539EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.678 views

Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path

Exploit Title: Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/ProgramAccessController.exe Version: 1.2.0.0 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.502 views

aptdaemon < 1.1.1 - File Existence Disclosure

Exploit Title: File Existence Disclosure in aptdaemon " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.debian.apt", "/org/debian/apt" aptdbusinterface = dbus.Interfaceaptdbusobject, "or...

5.5CVSS5.4AI score0.004EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.498 views

PackageKit < 1.1.13 - File Existence Disclosure

Exploit Title: File Existence Disclosure in PackageKit " sys.exit0 FILETOCHECK = sys.argv1 bus = dbus.SystemBus aptdbusobject = bus.getobject"org.freedesktop.PackageKit", "/org/freedesktop/PackageKit" aptdbusinterface = dbus.Interfaceaptdbusobject, "org.freedesktop.PackageKit" trans = aptdbusinte...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.947 views

CSE Bookstore 1.0 - Authentication Bypass

Exploit Title: CSE Bookstore Authentication Bypass Date: 27/10/2020 Exploit Author: Alper Basaran Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Windows 10 Enterprise 1909 CSE...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.395 views

Prey 1.9.6 - "CronService" Unquoted Service Path

Exploit Title: Prey 1.9.6 - "CronService" Unquoted Service Path Discovery by: Ömer Tuygun Discovery Date:16.10.2020 Vendor Homepage: https://preyproject.com/ Software Link: https://preyproject.com/download/ Tested Version: 1.9.6 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 P...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.359 views

IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path

Exploit Title: IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/IPWatcherSetup.exe Version: 3.0.0.30 Tested on: Microsoft Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.597 views

Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

9CVSS7AI score0.78632EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.373 views

Exploit - EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path

Exploit Title: EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path Discovery by: İsmail Önder Kaya Discovery Date: 2020-10-27 Vendor Homepage: https://www.epson.co.uk/support?productID=10820&os=22driversandmanuals Tested Version: 1.124 Vulnerability Type: Unquoted Service Path Tested on OS: Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.401 views

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion

Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...

7.8CVSS7.7AI score0.97233EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.655 views

GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse

Exploit Title: GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Date: 2019-08-29 Exploit Author: LiquidWorm Software Link: https://www.embedthis.com Version: 5.1.1 !/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture...

8.8CVSS8.8AI score0.04039EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.375 views

Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)

Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...

6.5CVSS6.7AI score0.04206EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.344 views

TDM Digital Signage PC Player 4.1 - Insecure File Permissions

Exploit Title: TDM Digital Signage PC Player 4.1 - Insecure File Permissions Date: 2020-09-23 Exploit Author: LiquidWorm Software Link: https://www.tdmsignage.com / https://pro.sony/enNL/products/display-software/tdm-ds1y-tdm-ds3y Version: 4.1.0.4 Vendor: TDM Trending Digital Marketing Product we...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/27 12:0 a.m.579 views

Client Management System 1.0 - 'searchdata' SQL injection

Exploit Title: Client Management System 1.0 - 'searchdata' SQL injection Date: 26/10/2020 Exploit Author: Serkan Sancar Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841 Version: 1.0 Teste...

7.4AI score
Exploits0
Total number of security vulnerabilities47904