Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.281 views

Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File

We have encountered a Windows kernel crash in memcpy called by nt!MiParseImageLoadConfig while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.373 views

Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

We have encountered a Windows kernel crash in memcpy called by nt!MiRelocateImage while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.341 views

Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File

We have encountered a Windows kernel crash in CI!CipFixImageType while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: --...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.254 views

Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

We have encountered a Windows kernel crash in nt!MiOffsetToProtos while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.314 views

Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

We have encountered a Windows kernel crash in the win32k.sys driver while processing a corrupted TTF font file. An example crash log excerpt generated after triggering the bug is shown below: --- cut --- Fatal System Error: 0x00000050...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.527 views

TP-Link TL-WR1043ND 2 - Authentication Bypass

Exploit Title: TP-Link TL-WR1043ND 2 - Authentication Bypass Date: 2019-06-20 Exploit Author: Uriel Kosayev Vendor Homepage: https://www.tp-link.com Version: TL-WR1043ND V2 Tested on: TL-WR1043ND V2 CVE : CVE-2019-6971 CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-6971 import requests ascii...

10CVSS9.8AI score0.13711EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.374 views

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP Bypass) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...

7.8CVSS7.4AI score0.05457EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.340 views

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery

Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...

8.8CVSS9AI score0.0223EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/10/09 12:0 a.m.344 views

XNU - Remote Double-Free via Data Race in IPComp Input Path

=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/09 12:0 a.m.283 views

Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)

Exploit Title: Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service PoC Author: Alessandro Magnosi Date: 2019-10-09 Vendor Homepage: https://www.foscam.com/ Software Link : https://www.foscam.com/downloads/appsoftware.html?id=5 Tested Version: 1.1.6.6 Vulnerability Type: Denial of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/09 12:0 a.m.352 views

DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)

Exploit Title: Sricam DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow DEP Bypass Date: 08/10/2019 Exploit Author: Alessandro Magnosi Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Exploit type: Local Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/09 12:0 a.m.45 views

DeviceViewer 3.12.0.1 - Arbitrary Password Change

Exploit Title: DeviceViewer 3.12.0.1 - Arbitrary Password Change Date: 2019-09-10 Exploit Author: Alessandro Magnosi Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 !/usr/bin/python Steps to reproduc...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/08 12:0 a.m.526 views

Zabbix 4.4 - Authentication Bypass

Exploit Title: Zabbix 4.4 - Authentication Bypass Date: 2019-10-06 Exploit Author: Todor Donev Software Link: https://www.zabbix.com/download Version: Zabbix 4.4 Tested on: Linux Apache/2 PHP/7.2 Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.263 views

CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Date: 2019-01-30 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.checkpoint.com/ Version: Check Point Endpoint Security VPN = E80.87 Build 986009514 Version: Check Point ZoneAlarm =...

7.8CVSS7.9AI score0.01038EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.255 views

freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow

Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow Date: 2019-09-01 Author: Chet Manly Software Link: https://download.cnet.com/FreeFTP/3000-21604-10047242.html Version: 1.0.8 CVE: N/A from ftplib import FTP buf = "" buf += "\x89\xe1\xdb\xdf\xd9\x71\xf4\x5e\x56\x59\x49\x49\x49" buf +=...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.241 views

IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload

Exploit Title: IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Date: 2018-12-11 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.ibm.com/ Version: IBM Bigfix Platform Software Add Software" menu. Here user needs to choose upload via URL option as only this one is vulnerable. U...

9.9CVSS9.6AI score0.14106EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.371 views

Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.325 views

Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting

Title: Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting Date: 2019-10-07 Author: Min Ko Ko Creatigon Vendor Homepage: https://subrion.org/ CVE : https://nvd.nist.gov/vuln/detail/CVE-2019-17225 Website : https://l33thacker.com Description : Allows XSS via the panel/members/ Username, Full...

5.4CVSS5.8AI score0.01938EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.306 views

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)

Exploit Title: ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP Google Dork: N/A Date: 2019-10-06 Exploit Author: max7253 Vendor Homepage: http://www.mini-stream.net/ Software Link: https://www.exploit-db.com/apps/f4da5b43ca4b035aae55dfa68daa67c9-ASXtoMP3Converter.exe Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.528 views

Zabbix 4.2 - Authentication Bypass

Exploit Title: Zabbix 4.2 - Authentication Bypass Date: 2019-10-06 Exploit Author: Milad Khoshdel Software Link: https://www.zabbix.com/download Version: Zabbix 2.x , 3.x , 4.x Tested on latest version Zabbix 4.2 Tested on: Linux Apache/2 PHP/7.2 Google Dork: inurl:zabbix/zabbix.php =========...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.328 views

logrotten 3.15.1 - Privilege Escalation

Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/07 12:0 a.m.316 views

vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution

?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability --------------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................:...

9.8CVSS9.8AI score0.1178EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/10/04 12:0 a.m.1196 views

Android - Binder Driver Use-After-Free

The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. As described in the upstream commit:...

7.8CVSS8.1AI score0.72105EPSS
Exploits28
Exploit DB
Exploit DB
added 2019/10/04 12:0 a.m.335 views

LabCollector 5.423 - SQL Injection

Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Date: 09/09/2019 Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author: Carlos Avila Category: webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/03 12:0 a.m.278 views

PHP 7.0 < 7.3 (Unix) - 'gc' disable_functions Bypass

= 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8 - 1; return $leak; function parseelf$base $etype =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/03 12:0 a.m.398 views

mintinstall 7.9.9 - Code Execution

Exploit Title: mintinstall aka Software Manager object injection Date: 10/02/2019 Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-17080 import os import sys def...

7.8CVSS7.9AI score0.08204EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/10/03 12:0 a.m.390 views

AnchorCMS < 0.12.3a - Information Disclosure

Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version: 0.12.3a Tested on: Linux CVE : CVE-2018-725...

9.8CVSS9.8AI score0.72272EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/10/02 12:0 a.m.1293 views

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DOUBLEPULSAR Payload Execution and Neutralization', 'Description' = %q This module executes a Metasploit payload against the Equation Group's...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/02 12:0 a.m.311 views

Detrix EDMS 1.2.3.1505 - SQL Injection

!/usr/bin/php / Exploit Title: Detrix EDMS cleartext user password remote SQLI exploit Google Dork: Date: Jul 2019 Exploit Author: Burov Konstantin Vendor Homepage: forum.detrix.kz Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.280 views

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)

!/usr/bin/env python Author: Xavi Beltran Contact: [email protected] Exploit Development: https://xavibel.com/2019/08/31/seh-based-local-buffer-overflow-dameware-remote-support-v-12-1-0-34/ Date: 14/7/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.1.0.34 Tools...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.917 views

DotNetNuke < 9.4.0 - Cross-Site Scripting

Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits a notification page. Exploit Author: MAYASEVEN CVE :...

6.1CVSS6.5AI score0.06175EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.196 views

WebKit - Universal XSS in WebCore::command

frame = document-frame; if !frame || frame-document != document // 1 return Editor::Command; document-updateStyleIfNeeded; // 2 return frame-editor.commandcommandName, userInterface ? CommandFromDOMWithUserInterface : CommandFromDOM; bool Document::execCommandconst String& commandName, bool...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.264 views

WebKit - Universal XSS Using Cached Pages

VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.58 views

DotNetNuke 9.3.2 - Cross-Site Scripting

/ Exploit Title: "Display Name" Stored Unauthenticated XSS in DNN v9.3.2 Date: 4th of July, 2019 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases Version: v9.3.2 CVE : CVE-2019-13293 A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.291 views

WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment

ReplacementFragment::insertFragmentForTestRenderingNode rootEditableElement auto holder = createDefaultParagraphElementdocument; holder-appendChildmfragment; rootEditableElement-appendChildholder; // 2 document.updateLayoutIgnorePendingStylesheets; return holder;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.241 views

WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads

VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where no new document has been attached, // and the old document has...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/01 12:0 a.m.236 views

kic 2.4a - Denial of Service

Exploit Title: Ciftokic 2.4a - DoS Buffer Overflow Date: September 30, 2019 Exploit Author: @JosueEncinar Software Link: http://launchpad.net/ubuntu/+source/kic/2.4a-1 Version: 2.4a Tested on: Ubuntu 18.04 ''' If we check the ciftokic.c file on line 52 we see the following code: char CIFFile81,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.45 views

WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion

!/usr/bin/env ruby Exploit Title: WordPress Arforms - 3.7.1 CVE ID: CVE-2019-16902 Date: 2019-09-27 Exploit Author: Ahmad Almorabea Author Website: http://almorabea.net Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link:...

7.5CVSS7.8AI score0.09726EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.682 views

GoAhead 2.5.0 - Host Header Injection

Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Discovered Date: 05/07/2019 Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.240 views

TheSystem 1.0 - Command Injection

Exploit Title: thesystem Command Injection Author: Sadik Cetin Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem |...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.508 views

vBulletin 5.x - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE exploit. This should work on all versions from 5.0.0...

9.8CVSS9.8AI score0.99728EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.200 views

thesystem 1.0 - Cross-Site Scripting

Exploit Title: thesystem Persistent XSS Author: Anıl Baran Yelken Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A Type: Webapps Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.295 views

phpIPAM 1.4 - SQL Injection

!/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...

9.8CVSS7AI score0.10318EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/09/30 12:0 a.m.383 views

Cisco Small Business 220 Series - Multiple Vulnerabilities

!/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/28 12:0 a.m.255 views

PHP 7.1 < 7.3 - 'json serializer' disable_functions Bypass

= 8; public function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; unable to leak ro segments public function leak1$addr global $spl1; $this-write$this-abc, 8, $addr - 0x10; return strlengetclass$spl1; the real deal public function leak2$addr, $p...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.393 views

V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download

Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Date: 2019-09-27 Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.4...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.399 views

thesystem App 1.0 - 'server_name' SQL Injection

Exploit Title: thesystem 1.0 - 'servername' SQL Injection Author: Sadik Cetin Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.486 views

V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation

Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID: ZSL-2019-5538 Advisory URL:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.386 views

thesystem App 1.0 - Persistent Cross-Site Scripting

Exploit Title: thesystem App 1.0 - Persistent Cross-Site Scripting Author: İsmail Güngör Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.1638 views

thesystem App 1.0 - 'username' SQL Injection

Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A...

7.4AI score
Exploits0
Total number of security vulnerabilities47904