Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.162 views

Online Job Portal 1.0 - Remote Code Execution

Exploit Title: Online Job Portal 1.0 - Remote Code Execution Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.173 views

TapinRadio 2.12.3 - 'address' Denial of Service (PoC)

Exploit Title: TapinRadio 2.12.3 - 'address' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.12.3 Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.125 views

AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Typ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.178 views

RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.4 - 'server' Denial of Service PoC Discovery by: chuyreds Discovery Date: 05-02-2020 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.4 Vulnerability Type: Denial ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.685 views

Ecommerce Systempay 1.0 - Production KEY Brute Force

Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force Author: live3 Date: 2020-02-05 Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ Tested on: MacOs Version: ALL ?php / INFORMATION Exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.182 views

Cisco Data Center Network Manager 11.2 - Remote Code Execution

!/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Size: 1619.36 ...

10CVSS7.6AI score0.85649EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.147 views

AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/06 12:0 a.m.219 views

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow

!/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag = "\x04\x00\x00\x00" . "\x00"x24;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.187 views

xglance-bin 11.00 - Privilege Escalation

Exploit Title: xglance-bin 11.00 - Privilege Escalation Exploit Author: Robert Jaroszuk and Marco Ortisi RedTimmy Security Date: 2020-02-01 Tested on: RHEL 5.x/6.x/7.x/8.x CVE: CVE-2014-2630 Disclamer: This exploit is for educational purpose only More details on...

4.4CVSS6.4AI score0.0708EPSS
Exploits9
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.148 views

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.377 views

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...

8.8CVSS6.3AI score0.03138EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.166 views

Wago PFC200 - Authenticated Remote Code Execution (Metasploit)

Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution', 'Description' = %q The Wago PFC200 up to incl. Firmware 11 020835 is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.171 views

Socat 1.7.3.4 - Heap-Based Overflow (PoC)

Exploit Title: Socat 1.7.3.4 - Heap Based Overflow PoC Date: 2020-02-03 Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: http://www.dest-unreach.org/ Software Link: http://www.dest-unreach.org/socat/ Version: 1.7.3.4 Tested on: Ubuntu 16.04.6 LTS CVE : Heap-Based Overflow due to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.1424 views

HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account

Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d Tested on: Linux CVE: N/A References:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.424 views

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...

7.7CVSS7.6AI score0.041EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/02/05 12:0 a.m.128 views

AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

Exploit Title: AVideo Platform 8.1 - Cross Site Request Forgery Password Reset Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/04 12:0 a.m.131 views

Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/04 12:0 a.m.306 views

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)

Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting the...

7.8CVSS8.2AI score0.19426EPSS
Exploits13
Exploit DB
Exploit DB
added 2020/02/04 12:0 a.m.156 views

F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)

Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Date: 2020-01-30 Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference: https://blog.doyensec.com/2020/02/03/heap-exploit.html from pwn import import time...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.191 views

phpList 3.5.0 - Authentication Bypass

Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0 Tested on: Linux CVE :...

9.8CVSS9.7AI score0.05861EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.254 views

School ERP System 1.0 - Cross Site Request Forgery (Add Admin)

Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link: https://sourceforge.net/projects/school-erp-ultimate/files/ Version ERP-Ultimate CVE:...

6.5CVSS6.5AI score0.01102EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.368 views

P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)

Exploit Title: P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-02-02 Vendor Homepage: https://apps.apple.com/mx/app/p2pwificam2/id663665207 Software Link: App Store for iOS devices Tested Version: 10.4.1 Vulnerability Type: Denial o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.140 views

Cacti 1.2.8 - Authenticated Remote Code Execution

!/usr/bin/python3 Exploit Title: Cacti v1.2.8 Remote Code Execution Date: 03/02/2020 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import requests import sys import warnings from bs4 import...

9.3CVSS8.8AI score0.73779EPSS
Exploits24
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.126 views

Cacti 1.2.8 - Unauthenticated Remote Code Execution

!/usr/bin/python3 Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution Date: 03/02/2020 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import requests import sys import warnings from bs4...

9.3CVSS8.8AI score0.73779EPSS
Exploits24
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.208 views

Jira 8.3.4 - Information Disclosure (Username Enumeration)

Exploit Title: Jira 8.3.4 - Information Disclosure Username Enumeration Date: 2019-09-11 Exploit Author: Mufeed VH Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Version: 8.3.4 Tested on: Pop!OS 19.10 CVE : CVE-2019-8449 CVE-2019-8449 Exploit fo...

5.3CVSS5.4AI score0.84771EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.152 views

BearFTP 0.1.0 - 'PASV' Denial of Service

Exploit Title: BearFTP 0.1.0 - 'PASV' Denial of Service Date: 2020-01-29 Exploit Author: kolya5544 Vendor Homepage: http://iktm.me/ Software Link: https://github.com/kolya5544/BearFTP/releases Version: v0.0.1 - v0.1.0 Tested on: Ubuntu 18.04 CVE : CVE-2020-8416 static void Mainstring args...

7.5CVSS7.6AI score0.14206EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.248 views

Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection

Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual Appliance running on Windows 10 x64 CVE : CVE-2018-7777 References:...

8.8CVSS8.8AI score0.31802EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/02/03 12:0 a.m.202 views

IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting

Title: IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting Date: 2020-01-27 Author: Lutfu Mert Ceylan Vendor Homepage: www.icewarp.com Tested on: Windows 10 Versions: 11.4.4.1 and before Vulnerable Parameter: "color" Get Method Google Dork: inurl:/webmail/ intext:Powered by IceWarp Server...

6.1CVSS6.3AI score0.14834EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/31 12:0 a.m.154 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Exploit Title: Lotus Core CMS 1.0.1 - Local File Inclusion Google Dork: N/A Date: 2020-01-31 Exploit Author: Daniel Monzón stark0de Vendor Homepage: http://lotuscore.sourceforge.net/ Software Link: https://sourceforge.net/projects/lotuscore/files/latest/download Version: 1.0.1 Tested on: Windows ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/31 12:0 a.m.344 views

FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)

Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product Version: v11.12.1 Product :...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/30 12:0 a.m.266 views

rConfig 3.9.3 - Authenticated Remote Code Execution

Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...

9CVSS8.7AI score0.71635EPSS
Exploits13
Exploit DB
Exploit DB
added 2020/01/30 12:0 a.m.38 views

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

Exploit Title: Microsoft Windows Media Center WMV or WMA 6.3.9600.16384 - Code Execution Google Dork: n/a Date: 2020-01-29 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 6.3.9600.16384 Tested on: Windows 7, 8.1, 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/30 12:0 a.m.98 views

PHP 7.0 < 7.4 (Unix) - 'debug_backtrace' disable_functions Bypass

a; $backtrace = new Exception-getTrace; ; if!isset$backtrace1'args' PHP = 7.4 $backtrace = debugbacktrace; class Helper public $a, $b, $c, $d; function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/30 12:0 a.m.364 views

OpenSMTPD 6.6.1 - Remote Code Execution

Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...

10CVSS9.7AI score0.98946EPSS
Exploits27
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.153 views

XMLBlueprint 16.191112 - XML External Entity Injection

Exploit Title: XMLBlueprint 16.191112 - XML External Entity Injection Exploit Author: Javier Olmedo Date: 2018-11-14 Vendor: XMLBlueprint XML Editor Software Link: https://www.xmlblueprint.com/update/download-64bit.exe Affected Version: 16.191112 and before Patched Version: unpatched Category:...

8.1CVSS8.2AI score0.04512EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.177 views

Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)

Title: Cups Easy 1.0 - Cross Site Request Forgery Password Reset Date: 2020-01-28 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/ajayshar76/profile/ Software Link: https://sourceforge.net/projects/cupseasy/files/cupseasylive-1.0/ Version: 1.0 Tested on Windows 10/Kali...

8.8CVSS7.6AI score0.01548EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.213 views

Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting

Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Date: 2020-01-29 Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay S.A.M.I - Service And Management Interface Unauthenticated...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.177 views

Centreon 19.10.5 - 'Pollers' Remote Command Execution

Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7 CVE : - Centreon 19.10.5 Remote Comma...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.213 views

Satellian 1.12 - Remote Code Execution

Exploit Title: Satellian 1.12 - Remote Code Execution Date: 2020-01-28 Exploit Author: Xh4H Vendor Homepage: https://www.intelliantech.com/?lang=en Version: v1.12+ Tested on: Kali linux, MacOS CVE : CVE-2020-7980 Github repository: https://github.com/Xh4H/Satellian-CVE-2020-7980 xh4h@Macbook-xh4h...

10CVSS9.6AI score0.82956EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.189 views

Centreon 19.10.5 - 'centreontrapd' Remote Command Execution

Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.226 views

Kibana 6.6.1 - CSV Injection

Exploit Title: Kibana 6.6.1 - CSV Injection Google Dork: inurl:"/app/kibana" intitle:"Kibana" Date: 2020-01-15 Exploit Author: Aamir Rehman Vendor Homepage: https://www.elastic.co/kibana Software Link: https://www.elastic.co/downloads/ Version: v6.6.1 possibly latest versions Tested on: Kibana...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.954 views

Microsoft Windows 10 - Theme API 'ThemePack' File Parsing

Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10 v.1803 17134.407 Tested on: Windows 7, 8.0, 8.1, 10, Serve...

9.3CVSS7.6AI score0.46406EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/01/29 12:0 a.m.207 views

Liferay CE Portal 6.0.2 - Remote Command Execution

Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link: https://sourceforge.net/projects/lportal/files/Liferay%20Portal/6.0.2/...

9AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/28 12:0 a.m.199 views

Octeth Oempro 4.8 - 'CampaignID' SQL Injection

Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection Date: 2020-01-27 Exploit Author: Bruno de Barros Bulle www.xlabs.com.br Vendor Homepage: www2.octeth.com Version: Octeth Oempro v.4.7 and v.4.8 Tested on: Oempro v.4.7 CVE : CVE-2019-19740 An authenticated user can easily exploit this...

9.8CVSS9.6AI score0.05762EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/28 12:0 a.m.186 views

Centreon 19.10.5 - Remote Command Execution

Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/28 12:0 a.m.212 views

macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image

The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code tester.m can be used. I've attached another code snippet to reproduce the issue on iOS as well. With tester.m compiled with ASAN, processing the attached tiff image should cras...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/28 12:0 a.m.361 views

Centreon 19.10.5 - Database Credentials Disclosure

Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Database...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/28 12:0 a.m.218 views

Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 CVE:CVE-2020-7991 Category: Webapps Tested on:...

8.8CVSS8.9AI score0.03078EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/01/27 12:0 a.m.141 views

Microsoft Windows Kernel - Information Disclosure

PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant 2 extract random values from kernel...

5.6CVSS7.3AI score0.04521EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/01/27 12:0 a.m.384 views

Torrent 3GP Converter 1.51 - Stack Overflow (SEH)

Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Date: 2020-01-24 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51...

7.4AI score
Exploits0
Total number of security vulnerabilities47904