Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
•added 2019/11/06 12:0 a.m.•284 views

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure

Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541 Advisory URL:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/06 12:0 a.m.•414 views

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•197 views

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•223 views

SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•235 views

html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

Exploit Title: html5snmp 1.11 - 'Remark' Persistent Cross-Site Scripting Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•226 views

rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection

Exploit Title: rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/rimbalinux/AhadPOS Software Link: https://github.com/rimbalinux/AhadPOS.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for time-based and boolean...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•491 views

WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive

VULNERABILITY DETAILS bool JSObject::putInlineSlowExecState exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot ASSERT!isThisValueAlteredslot, this; VM& vm = exec-vm; auto scope = DECLARETHROWSCOPEvm; JSObject obj = this; for ;; unsigned attributes; PropertyOffset offset =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•227 views

Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path

Exploit Title: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path Date: 2019-11-09 Exploit Author: Diego Armando Buztamante Rico Vendor Homepage: www.bluestacks.com Software Link: www.bluestacks.com Version: 2.4.44.62.57 Tested on: Windows 8.1 Pro CVE: NA Description...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•179 views

html5_snmp 1.11 - 'Router_ID' SQL Injection

Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for error, time, boolean and Union based...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•194 views

thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Exploit Title: thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thrsrossi/Millhouse-Project Software Link: https://github.com/thrsrossi/Millhouse-Project.git Version: 1.414 Tested on: CentOS 7...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•443 views

thejshen Globitek CMS 1.4 - 'id' SQL Injection

Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested on: CentOS 7 CVE: N/A The GET reques...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•259 views

Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path

Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path Date: 2019-11-04 Exploit Author: Samuel DiazL Vendor Homepage: https://www.network-inventory-advisor.com/ Software Link: https://www.network-inventory-advisor.com/download.html Version: 5.0.26.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•272 views

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects

The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/05 12:0 a.m.•174 views

FileOptimizer 14.00.2524 - Denial of Service (PoC)

Exploit Title: FileOptimizer 14.00.2524 - Denial of Service PoC Date: 2019-11-04 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/04 12:0 a.m.•473 views

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...

9.8CVSS9.8AI score0.60328EPSS
Exploits16
Exploit DB
Exploit DB
•added 2019/11/04 12:0 a.m.•173 views

Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus HPE Data Protector SUID Privilege Escalation', 'Description' = %q This module exploits the trusted $PATH environment variable of the...

7.8CVSS7.4AI score0.07847EPSS
Exploits4
Exploit DB
Exploit DB
•added 2019/11/04 12:0 a.m.•282 views

Apple macOS 10.15.1 - Denial of Service (PoC)

Exploit Title: Apple macOS 10.15.1 - Denial of Service PoC Date: 2019-11-02 Exploit Author: 08Tc3wBB Vendor Homepage: Apple Software Link: Version: Apple macOS msghlocalport, msg1.msghsize, msg4.msghreserved, unsigned intmsg4.msghid, QWORD &msg1.msghreserved, // inputmem1 msg2.msghsize 2, //...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/04 12:0 a.m.•368 views

OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path

Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-03 Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/04 12:0 a.m.•217 views

Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path

Title: Launch Manager 6.1.7600.16385 'DsiWMIService' Unquoted Service Path Author: Gustavo Briseño Date: 2019-11-03 Vendor Homepage: https://www.acer.com/ Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/04 12:0 a.m.•178 views

Aida64 6.10.5200 - Buffer Overflow (SEH)

Exploit Title: Aida64 6.10.5200 - Buffer Overflow SEH Date: 2019-10-28 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.aida64.com Software Link: https://www.aida64.com/downloads/OTAwMmVmNTE= Version: AIDA64 Enginner 6.10.5200 Tested on: Windows 7 Home Basic SP1 CVE : N/A Step 1 Fil...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/03 12:0 a.m.•148 views

DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'

EDB Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47685.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/02 12:0 a.m.•108 views

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution

!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/01 12:0 a.m.•597 views

Nostromo - Directory Traversal Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nostromo Directory Traversal Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...

9.8CVSS9.8AI score0.99057EPSS
Exploits24
Exploit DB
Exploit DB
•added 2019/11/01 12:0 a.m.•489 views

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-31 Vendor Homepage: https://openvpn.net/ Software Link: https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe Version : PrivateTunnel v2.8.4 Tested on: Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/01 12:0 a.m.•451 views

Apache Solr 8.2.0 - Remote Code Execution

Title: Apache Solr 8.2.0 - Remote Code Execution Date: 2019-11-01 Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github: https://github.com/AleWong/Apache-Solr-RCE-via-Velocity-template usage: python3 script.py ip por...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/01 12:0 a.m.•333 views

TheJshen contentManagementSystem 1.04 - 'id' SQL Injection

Exploit Title: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Version: 1.04 Software Link: https://github.com/thejshen/contentManagementSystem.git Tested on: CentOS7 GET paramet...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/11/01 12:0 a.m.•437 views

ownCloud 10.3.0 stable - Cross-Site Request Forgery

Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/31 12:0 a.m.•301 views

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH)

Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Google Dork: N/A Date: 2019-10-30 Exploit Author: Doan Nguyen 4ll4u Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Version: v4.6.1217 Tested on: Windows XP SP3 CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/31 12:0 a.m.•485 views

WordPress Plugin Google Review Slider 6.1 - 'tid' SQL Injection

Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Date: 2019-07-02 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/31 12:0 a.m.•574 views

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning

Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...

8.1CVSS8.1AI score0.10274EPSS
Exploits5
Exploit DB
Exploit DB
•added 2019/10/30 12:0 a.m.•496 views

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation

The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter = whatever: 42; function v2v5 const v10 = Object; if v5 const v1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/30 12:0 a.m.•225 views

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Date: 2019-10-30 Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version: v4.6.1217 Tested on: Windows 7 x64 Windows XP SP3 1.- Run python...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/30 12:0 a.m.•355 views

Ajenti 2.1.31 - Remote Code Exection (Metasploit)

Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit: https://metasploit.com/download...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/30 12:0 a.m.•262 views

iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Date: 2019-10-29 Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor: iSeeQ Product web page: http://www.iseeq.co.kr Affected...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/30 12:0 a.m.•412 views

Citrix StoreFront Server 7.15 - XML External Entity Injection

Exploit Title: Citrix StoreFront Server 7.15 - XML External Entity Injection Date: 2019-08-28 Exploit Author: Vahagn Vardanya Vendor Homepage:https://www.citrix.com/downloads/storefront/ Software Link: https://support.citrix.com/article/CTX251988 Version: Citrix StoreFront Server earlier than 190...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/29 12:0 a.m.•227 views

Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path

Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/29 12:0 a.m.•605 views

WordPress Core 5.2.4 - Cross-Origin Resource Sharing

Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Date: 2019-10-28 Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-json POC: The web application fails to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/29 12:0 a.m.•557 views

Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)

Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows...

8.3CVSS6.8AI score0.2858EPSS
Exploits4
Exploit DB
Exploit DB
•added 2019/10/29 12:0 a.m.•322 views

rConfig 3.9.2 - Remote Code Execution

Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...

10CVSS9.8AI score0.97702EPSS
Exploits10
Exploit DB
Exploit DB
•added 2019/10/29 12:0 a.m.•344 views

Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow

Exploit Title: Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow Date: 2019-10-01 Author: Lance Biggerstaff Original Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Tested on: Windows 10 Note: Every version of Windows 10 has a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/29 12:0 a.m.•256 views

Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)

Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows...

3.3CVSS6.7AI score0.08074EPSS
Exploits4
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•201 views

JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path

Exploit Title: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path Google Dork: N/A Date: 2019-09-09 Exploit Author: Roberto Escamilla Vendor Homepage:https://www.inforprograma.net/ Software Link: https://www.inforprograma.net/ Version: = 0.6.0.0 wpspin.exe Tested on: Windows 10 Home CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•190 views

ChaosPro 2.0 - Buffer Overflow (SEH)

Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 import os, sys sploit = "A" 5000 Crash!...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•202 views

Part-DB 0.4 - Authentication Bypass

Exploit Title: Part-DB 0.4 - Authentication Bypass Date: 2019-10-26 Author: Marvoloo Vendor Homepage: https://github.com/Part-DB/Part-DB/ Software Link: https://github.com/Part-DB/Part-DB/archive/master.zip Version: 0.4 Tested on: Linux CVE : N/A Discription: Easy authentication bypass...

7AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•171 views

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL const if document.page && document.page-subframeCount =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•171 views

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection

Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•212 views

delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection

Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link: https://github.com/delpino73/Blue-Smiley-Organizer.git Version: 1.32 Tested on: CentOS7 CVE : N/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•1871 views

PHP-FPM + Nginx - Remote Code Execution

PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see below. What's vulnerable If a webserver...

9.8CVSS9.7AI score0.9947EPSS
Exploits55
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•166 views

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting

Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21...

7.4AI score
Exploits0
Exploit DB
Exploit DB
•added 2019/10/28 12:0 a.m.•150 views

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery

Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : N/A PoC1:...

7.4AI score
Exploits0
Total number of security vulnerabilities47904