Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2020/08/13 12:0 a.m.209 views

Artica Proxy 4.3.0 - Authentication Bypass

Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass Google Dork: N/A Date: 2020-08-13 Exploit Author: Dan Duffy Vendor Homepage: http://articatech.net/ Software Link: http://articatech.net/download2x.php?IsoOnly=yes Version: 4.30.00000000 REQUIRED Tested on: Debian CVE : CVE-2020-17506 impo...

9.8CVSS9.6AI score0.93967EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/08/12 12:0 a.m.208 views

CMS Made Simple 2.2.14 - Authenticated Arbitrary File Upload

Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/12 12:0 a.m.297 views

vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution

Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Date: 2020-08-09 Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu 19.04 CVE : None vBulletin 5.5.4 throu...

9.8CVSS9.8AI score0.99728EPSS
Exploits27
Exploit DB
Exploit DB
added 2020/08/11 12:0 a.m.468 views

Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection Authenticated Google Dork: - Date: 2020-08-01 Exploit Author: Roel van Beurden Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.7.zip Version: 1.4.7 Tested on: Linux Ubuntu 18.04...

9.8CVSS9.6AI score0.90044EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/08/10 12:0 a.m.203 views

BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path

Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Discovery Date: 2020-07-31 Response from BarcodeOCR Support: 08/03/2020 Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/10 12:0 a.m.226 views

ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)

Exploit Title: ManageEngine ADSelfService Plus 6000 – Unauthenticated Remote Code Execution Date: 2020-08-08 Exploit Author: Bhadresh Patel Vendor link: https://www.manageengine.com/company.html Version: ADSelfService Plus build 6003 CVE : CVE-2020-11552 This is an article with PoC exploit video ...

10CVSS9.7AI score0.07403EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/08/10 12:0 a.m.363 views

Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: Warehouse Inventory System 1.0 - Cross-Site Request Forgery Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-09 Vendor Homepage: https://oswapp.com Software Link: https://github.com/siamon123/warehouse-inventory-system/archive/master.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/07 12:0 a.m.286 views

Daily Expenses Management System 1.0 - 'item' SQL Injection

Exploit Title: Daily Expenses Management System 1.0 - 'item' SQL Injection Date: 2020-08-05 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/07 12:0 a.m.362 views

All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin)

Exploit Title: All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery Add Admin Discovery by: LiquidWorm Discovery Date: 2020-08-05 Vendor Homepage: https://www.all-dynamics.de !-- All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin Vendor: All-Dynamics...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/06 12:0 a.m.207 views

CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2020-08-05 Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/06 12:0 a.m.294 views

Victor CMS 1.0 - 'Search' SQL Injection

Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection Date: 2020-08-04 Exploit Author: Edo Maland Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: XAMPP / Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/05 12:0 a.m.222 views

Stock Management System 1.0 - Authentication Bypass

Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Date: August 1, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested On: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/05 12:0 a.m.182 views

ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)

Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service PoC Date: 2020-08-04 Exploit Author: MegaMagnus Vendor Homepage: https://www.acti.com/ Software Link: https://www.acti.com/DownloadCenter Version: V.3.0.12.42 , V.2.3.04.07 Tested on: Windows 7, Windows 10 CVE:...

7.5CVSS7.6AI score0.10522EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/08/05 12:0 a.m.339 views

QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)

Exploit Title: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://www.qlik.com Software Link: https://www.qlik.com/us/trial/qlik-sense-business Tested Version: 12.50.20000.0 Vulnerability Type: Denial...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/04 12:0 a.m.155 views

Daily Expenses Management System 1.0 - 'username' SQL Injection

Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Date: 2020-08-01 Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Tested on: XAMPP Version 5.6.40 / Windows 10 Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/04 12:0 a.m.204 views

RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)

Exploit Title: RTSP for iOS 1.0 - 'IP Address' Denial of Service PoC Author: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://appadvice.com/app/rtsp-viewer/1056996189 Software Link: App Store for iOS devices Tested Version: 1.0 Vulnerability Type: Denial of Service DoS Local Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/04 12:0 a.m.209 views

Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)

Exploit Title: Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://apps.apple.com/us/app/telnet-lite/id286893976 Software Link: App Store for iOS devices Tested Version: 4.2 Vulnerability Type: Denial of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/04 12:0 a.m.440 views

Pi-hole 4.3.2 - Remote Code Execution (Authenticated)

!/usr/bin/env python2 Exploit Title: Pi-hole 4.3.2 - Remote Code Execution Authenticated Date: 2020-08-04 Exploit Author: Luis Vacas @CyberVaca Vendor Homepage: https://pi-hole.net/ Software Link: https://github.com/pi-hole/pi-hole Version: = 4.3.2 Tested on: Ubuntu 19.10 CVE : CVE-2020-8816...

9.1CVSS7.2AI score0.7819EPSS
Exploits13
Exploit DB
Exploit DB
added 2020/08/03 12:0 a.m.45 views

BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)

Exploit Title: BacklinkSpeed 2.4 - Buffer Overflow PoC SEH Date: 2020-08-01 Exploit Author: Saeed reza Zamanian Vendor Homepage: http://www.dummysoftware.com Software Link: http://www.dummysoftware.com/backlinkspeed.html Version: 2.4 Tested on: Windows 10.0 x64 Build 10240 Windows 7 x64 Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/30 12:0 a.m.591 views

Online Shopping Alphaware 1.0 - Authentication Bypass

Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Date: 2020-07-28 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/29 12:0 a.m.569 views

Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Date: 2020-06-22 Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson Varghese Behanan @JinsonCyberSec Author...

5.4CVSS5.5AI score0.03757EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/07/29 12:0 a.m.662 views

Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion

Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.htmlmodels Version: Cisco...

9.1CVSS7.9AI score0.96595EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/28 12:0 a.m.837 views

Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion

Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Version: Cisco AS...

7.5CVSS7.8AI score0.99992EPSS
Exploits24
Exploit DB
Exploit DB
added 2020/07/27 12:0 a.m.565 views

eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution

Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.217 views

Socket.io-file 2.0.31 - Arbitrary File Upload

Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload Date: 2020-07-02 Exploit Author: Cr0wTom Vendor Homepage: https://www.npmjs.com/package/socket.io-file Software Link: https://www.npmjs.com/package/socket.io-file/v/2.0.31 Version: = v2.0.31 Tested on: node v10.19.0, Socket.io-file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.200 views

docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow SEH Egghunter Date: 2020-07-26 Exploit Author: MasterVlad Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Vulnerability Type: Local Buffer Overflow Tested on: Windows 7 32-bi...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.281 views

Rails 5.0.1 - Remote Code Execution

Exploit Title: Rails 5.0.1 - Remote Code Execution Date: 2020-07-19 Exploit Author: Lucas Amorim Vendor Homepage: www.rubyonrails.org Software Link: www.rubyonrails.org Version: Rails " end if ARGV.length 3 header exit-1 end url = ARGV0 ip = ARGV1 port = ARGV2 puts " Sending payload to url" uri =...

8.8CVSS8.8AI score0.83085EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.210 views

Webtareas 2.1p - Arbitrary File Upload (Authenticated)

Exploit Title: Webtareas 2.1p - Arbitrary File Upload Authenticated Author: AppleBois Date: 2020-07-10 Exploit author : AppleBois Vendor Hompage:https://sourceforge.net/projects/webtareas/ Version: 2.1 && 2.1p Tested on: Window 10 64 bit environment || XAMPP Authenticated User allowed to upload...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.238 views

Bio Star 2.8.2 - Local File Inclusion

Exploit Title: Bio Star 2.8.2 - Local File Inclusion Authors: SITE Team Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi Google Dork: N/A Date of Exploit Release: 2020-07-13 Exploit Author: SITE Team Vendor Homepage: https://www.supremainc.com/en/main.asp Software Link:...

7.5CVSS7AI score0.50734EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.639 views

Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)

Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload Authenticated Date: 2020-07-15 Exploit Author: v1n1v131r4 Vendor Homepage: http://koken.me/ Software Link: https://www.softaculous.com/apps/cms/Koken Version: 0.22.24 Tested on: Linux PoC:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.229 views

Online Course Registration 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.258 views

pfSense 2.4.4-p3 - Cross-Site Request Forgery

Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...

8.8CVSS8.8AI score0.54541EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.235 views

Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)

Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.622 views

F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion

Exploit Title: F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Date: 2019-08-17 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 0: return True else: return False else: return False def leakPasswd: print"+ Leaking /etc/passwd from server"...

10CVSS10AI score0.99999EPSS
Exploits60
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.213 views

Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)

Exploit Title: Free MP3 CD Ripper 2.8 - Stack Buffer Overflow SEH + Egghunter Date: 2020-07-22 Exploit Author: Eduard Palisek Vendor Homepage: https://www.cleanersoft.com Software Link: https://www.cleanersoft.com/download/FMCRSetup.exe Version: 2.8 Build 20140611 Tested on: Windows XP,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.238 views

WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)

Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection Unauthenticated Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Date: 2020-07-20 Exploit Author: KBAZ@SOGETIESEC Vendor Homepage: https://www.icegram.com/email-subscribers/...

9.8CVSS9.2AI score0.8511EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.244 views

WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download

Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Date: 2020-07-20 Exploit Author: KBA@SOGETIESEC Vendor Homepage: https://www.icegram.com/email-subscribers/ Softwar...

5.8CVSS5.5AI score0.71399EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.249 views

Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)

Exploit Title: Port Forwarding Wizard 4.8.0 - Buffer Overflow SEH Exploit Author: Sarang Tumne Date: 2020-07-18 CVE ID: N/A Confirmed on release 4.8.0 and 4.5.0 Vendor: http://www.port-forwarding.net/ Tested on OS- Windows Vista Buffer overflow in upRedSun Port Forwarding Wizard 4.8.0 and earlier...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.225 views

INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution

Exploit Title: INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Date: 2020-07-23 Exploit Author: Patrick Hener, SySS GmbH Many credits go to Dr. Benjamin Heß, SySS GmbH for helping with php oddities and the powershell payload Advisory: SYSS-2020-028...

9.8CVSS9.7AI score0.16585EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.242 views

Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)

Exploit Title: Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow SEH Egghunter Date: 2020-07-23 Exploit Author: MasterVlad Vendor Homepage: http://www.dvd-photo-slideshow.com/photo-to-video-converter.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.222 views

GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Discovery Date: 2020-07-23 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.48 views

PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting

Exploit Title: PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting Date: 2020-08-20 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://pandorafms.org/ Software Link: https://pandorafms.org/features/free-download-monitoring-software/ Version: 7.0NG747 Tested on: Windows/Linux/ISO Li...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.213 views

UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)

Title: UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery Add Admin Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A input type="hidden" name="aai...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.354 views

DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)

Exploit Title: DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow SEH Egghunter Date: 2020-07-26 Exploit Author: MasterVlad Vendor Homepage: https://www.diskboss.com/ Software Link: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Version: 7.7.14...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.238 views

Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)

Exploit Title: Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow SEH Date: 2020-07-26 Author: Felipe Winsnes Software Link: https://nidesoft-dvd-ripper.softonic.com/ Version: 5.2.18 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run the python script, it will...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.276 views

ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection

Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection Google Dork: intitle:"Applications Manager Login Screen" Date: 2020-07-23 Exploit Author: aldorm Vendor Homepage: https://www.manageengine.com/ Software Link: Version: 12 and 13 before Build 13200 Tested on:...

9.8CVSS9.6AI score0.04772EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.224 views

Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)

Exploit Title: Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow SEH Egghunter Date: 2020-07-24 Exploit Author: MasterVlad Vendor Homepage: http://www.frigate3.com/ Software Link: http://www.frigate3.com/download/frigate3pro.exe Version: 3.36.0.9 Vulnerability Type: Local Buffer Overflo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.235 views

elaniin CMS - Authentication Bypass

Exploit Title: elaniin CMS 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-07-14 Exploit Author: BKpatron Vendor Homepage:https://elaniin.com/ Software Link:https://github.com/elaniin/CMS/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A Vulnerability: Attacker can bypass login...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.214 views

PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting

Exploit Title: PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Date: 2020-07-01 Author: AppleBois Version: 7xx ≤ 746 Homepage: https://pandorafms.org/ Software Link: https://sourceforge.net/projects/pandora/files/Pandora FMS 7.0NG/ CVE-2020-11749 By asking network administrator to scan SN...

9CVSS9.3AI score0.16226EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.241 views

LibreHealth 2.0.0 - Authenticated Remote Code Execution

Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-07-17 Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Tested Usin...

7.4AI score
Exploits0
Total number of security vulnerabilities47904