Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2020/06/08 12:0 a.m.319 views

Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)

Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/08 12:0 a.m.525 views

Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection

Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Date: 2020-06-07 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable parameter -------------------...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/05 12:0 a.m.250 views

Online-Exam-System 2015 - 'feedback' SQL Injection

Exploit Title: Online-Exam-System 2015 - 'feedback' SQL Injection Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on: Ubuntu CVE : N/A import requests,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/05 12:0 a.m.480 views

Online Course Registration 1.0 - Authentication Bypass

Exploit Title: Online Course Registration 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.213 views

AirControl 1.4.2 - PreAuth Remote Code Execution

Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Date: 2020-06-03 Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.200 views

Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)

Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Unauthenticated Date: 2020-06-02 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7210 Version: 2...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.411 views

Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read

Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.210 views

SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)

Title: SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery Add Super User Author: LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User Vendor: Secure Computing Corp. Product web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.265 views

Cayin Signage Media Player 3.0 - Remote Command Injection (root)

Title: Cayin Signage Media Player 3.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.272 views

D-Link DIR-615 T1 20.10 - CAPTCHA Bypass

Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Date: 2019-10-12 Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1 CVE: CVE-2019-17525 D-LIN...

8.8CVSS8.8AI score0.0584EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.476 views

VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution

Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.211EPSS
Exploits11
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.438 views

Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.418 views

Cayin Content Management Server 11.0 - Remote Command Injection (root)

Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.262 views

Online Marriage Registration System 1.0 - Remote Code Execution (1)

Exploit Title: Online Marriage Registration System 1.0 Remote Code Execution Google Dork: N/A Date: 2020-05-31 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.420 views

Cayin Digital Signage System xPost 2.5 - Remote Command Injection

Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.248 views

Navigate CMS 2.8.7 - Authenticated Directory Traversal

Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested o...

5.3CVSS5.4AI score0.01752EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.284 views

Clinic Management System 1.0 - Authenticated Arbitrary File Upload

Exploit Title: Clinic Management System 1.0 - Authenticated Arbitrary File Upload Google Dork: N/A Date: 2020-06-02 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.212 views

Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)

Exploit Title: Navigate CMS 2.8.7 - ''sidx' SQL Injection Authenticated Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.240 views

Clinic Management System 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Clinic Management System 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-06-02 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.321 views

Oriol Espinal CMS 1.0 - 'id' SQL Injection

Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection Google Dork: inurl:/eotoolsshare/ Date: 2020-06-03 Exploit Author: TSAR Vendor Homepage: http://www.oriolespinal.es/eowd Software Link: http://www.oriolespinal.es/eotools Version: ALL VERSION UP TO LATEST Tested on: MACOS 10.11.2 CVE : NOt...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/04 12:0 a.m.445 views

IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path

Title: IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path Author: Gobinathan L Date: 2020-06-03 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.5.0.15 Tested on: Windows 10 64bitEN About Unquoted Servic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.216 views

vCloud Director 9.7.0.15498291 - Remote Code Execution

!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

8.8CVSS8.8AI score0.211EPSS
Exploits11
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.251 views

OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)

Exploit Title: OpenCart 3.0.3.2 - Stored Cross Site Scripting Authenticated Date: 2020-06-01 Exploit Author: Kailash Bohara Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart UsersUsers and click on Action button on top...

5.4CVSS5.2AI score0.02671EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.1237 views

Microsoft Windows - 'SMBGhost' Remote Code Execution

!/usr/bin/env python ''' EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of my...

10CVSS9.2AI score0.9981EPSS
Exploits125
Exploit DB
Exploit DB
added 2020/06/02 12:0 a.m.222 views

Clinic Management System 1.0 - Authentication Bypass

Exploit Title: Clinic Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-02 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.253 views

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

9CVSS8.7AI score0.17772EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.341 views

VMware vCenter Server 6.7 - Authentication Bypass

Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass Date: 2020-06-01 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2020-0006.html Version: vCenter Server 6.7 before update 3f Tested on: vCenter Server Appliance 6.7 RTM updated from v6.0...

9.8CVSS8AI score0.90384EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.572 views

WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation

Exploit Title: Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Date: 2020-05-29 Exploit Author: Raphael Karger Software Link: https://codex.bbpress.org/releases/ Version: BBPress 2.5 CVE: CVE-2020-13693 import argparse import requests import bs4 import urllib3...

9.8CVSS7AI score0.43879EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/05/29 12:0 a.m.535 views

WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)

Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery Delete User Google Dork: N/A Date: 2020-05-21 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://www.bdtask.com/ Software Link: https://downloads.wordpress.org/plugin/multi-scheduler.1.0.0.zip Category: Web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/29 12:0 a.m.341 views

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.591 views

NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection

Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/ Affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.426 views

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Date: 2020-05-28 Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station 6.0.3 CVE: CVE-2019-7192, CVE-2019-7193...

10CVSS9.6AI score0.89681EPSS
Exploits12
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.325 views

Online-Exam-System 2015 - 'fid' SQL Injection

Exploit Title: Online-Exam-System 2015 - 'fid' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on: MacosX C...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.348 views

EyouCMS 1.4.6 - Persistent Cross-Site Scripting

Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting Date: 2020-05-28 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://eyoucms.com Software Link: https://qiniu.eyoucms.com/EyouCMS-V1.4.6-UTF8-SP2.zip Version: EyouCMS V1.4.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.646 views

Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting

Exploit Title: Kuicms Php EE 2.0 - Persistent Cross-Site Scripting Date: 2020-05-27 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://kuicms.com Software Link: https://kuicms.com/kuicms.zip Version: Kuicms Php EE 2.0 Tested on: Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.552 views

Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.818 views

osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting

Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting Date: 2020-05-26 Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link: https://github.com/osTicket/osTicket/commit/6c724ea3fe352d10d457d334dc054ef81917fde1 Version: osTicket 1.14.1 Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.509 views

LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting Date: 05/26/2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 Patch Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.458 views

OXID eShop 6.3.4 - 'sorting' SQL Injection

Exploit Title: OXID eShop 6.3.4 - 'sorting' SQL Injection Date: 2019-07-29 Exploit Author: VulnSpy Vendor Homepage: https://www.oxid-esales.com/ Software Link: https://github.com/OXID-eSales/oxideshopce Version: Versions 6.x prior to 6.3.4 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/27 12:0 a.m.630 views

osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting

Exploit Title: osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting Date: 2020-06-26 Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link: https://github.com/osTicket/osTicket/commit/d54cca0b265128f119b6c398575175cb10cf1754 Version: osTicket 1.14.1 Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.273 views

StreamRipper32 2.6 - Buffer Overflow (PoC)

Exploit Title: StreamRipper32 2.6 - Buffer Overflow PoC Date: 2020-05-14 Exploit Author: Andy Bowden Tested On: Win10 x64 Download Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Vendor Page: http://streamripper.sourceforge.net/ Version: 2.6 Steps To Reproduce: Double click on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.334 views

OpenEMR 5.0.1 - Remote Code Execution (1)

Title: OpenEMR 5.0.1 - Remote Code Execution 1 Exploit Author: Musyoka Ian Date: 2020-05-25 Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.284 views

Pi-hole 4.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on: https://github.com/Frichetten/CVE-2020-11108-PoC/blob/master/cve-2020-11108-rce.py File na...

9CVSS8.7AI score0.78262EPSS
Exploits17
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.272 views

Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)

Exploit Title: Open-AudIT 3.3.0 - Reflective Cross-Site Scripting Authenticated Date: 2020-04-26 Exploit Author: Kamaljeet Kumar Vendor Homepage: https://opmantek.com/network-discovery-inventory-software/ Software Link: https://www.open-audit.org/downloads.php Version: 3.3.0 CVE : CVE-2020-12261...

5.4CVSS6AI score0.02587EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.290 views

Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)

Exploit Title: Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion Authenticated Date: 2020-05-10 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Exploit-Db Author ID: 8763 Reference: https://www.xcloner.com/xcloner-news/security-release-available-for-archived-joomla-version/ Vendor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.655 views

WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution

Exploit Title: WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Date: 2020-05-11 Exploit Author: Austin Martin Google Dork: inurl:wp-content/uploads/wpdndcf7uploads/ Google Dork: inurl:wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.521 views

Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule \d+&minor=?\d+&build=?\d+ &junior=\d+&unique=synology\w+?^&+/x.freeze def initializeinfo = super updateinfo info, 'Name' = 'Synology DiskStation...

8.8CVSS7.4AI score0.72453EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.353 views

Online Discussion Forum Site 1.0 - Remote Code Execution

Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-05-24 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.1234 views

Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

9.8CVSS7.4AI score0.77635EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/05/25 12:0 a.m.524 views

Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting

Exploit Title: Victor CMS 1.0 - 'adduser' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-23 Exploit Author: Nitya Nand Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Linux C...

7.4AI score
Exploits0
Total number of security vulnerabilities47904