Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.272 views

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting

Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.433 views

V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery

Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID: ZSL-2019-5536 Advisory URL:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.398 views

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

Title: Mobatek MobaXterm 12.1 - Buffer Overflow SEH Author: Xavi Beltran Date: 2019-08-31 Vendor: xavibel.com Vedor Page: https://mobaxterm.mobatek.net/download.html Software Link: https://download.mobatek.net/1112019010310554/MobaXtermPortablev11.1.zip Exploit Development process:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.243 views

InoERP 0.7.2 - Persistent Cross-Site Scripting

Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/26 12:0 a.m.236 views

Chamillo LMS 1.11.8 - Arbitrary File Upload

Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload Google Dork: "powered by chamilo" Date: 2018-10-05 Exploit Author: Sohel Yousef jellyfish security team Software Link: https://chamilo.org/en/download/ Version: Chamilo 1.11.8 or lower to 1.8 Category: webapps 1. Description Any registere...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/26 12:0 a.m.174 views

all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting

Exploit Title: all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\all-in-one-seo-pack" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://semperplugins.com/all-in-one-seo-pack-pro-version Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/26 12:0 a.m.206 views

citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection

Exploit Title: citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection Author: Cakes Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/citecodecrashers/Pic-A-Point Software Link: https://github.com/citecodecrashers/Pic-A-Point/archive/master.zip Tested Version: 1.1 Tested on O...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/26 12:0 a.m.212 views

inoERP 4.15 - 'download' SQL Injection

Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/26 12:0 a.m.138 views

Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-06-11 Exploit Author: Unk9vvN Vendor Homepage: https://duplicate-post.lopo.it/ Software Link: https://wordpress.org/plugins/duplicate-post/ Version: 3.2.3 Tested on: Kali Linux CVE: N/A Description...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.757 views

Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting

Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Discovery Date: 2019-09-25 Vendor Homepage: https://www.microsoft.com Software Link:...

5.4CVSS7AI score0.02993EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.148 views

NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution

Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...

10CVSS9.8AI score0.59768EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.155 views

WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.181 views

YzmCMS 5.3 - 'Host' Header Injection

Exploit Title: YzmCMS 5.3 - 'Host' Header Injection Exploit Author: Debashis Pal Vendor Homepage: http://www.yzmcms.com/ Source: https://github.com/yzmcms/yzmcms Version: YzmCMS V5.3 CVE : N/A Tested on: Windows 7 SP164bit,XAMPP: 7.3.9 About YzmCMS ============== YzmCMS is a lightweight open sour...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.236 views

ABRT - sosreport Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT sosreport Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on RHEL systems with a vulnerable version o...

6.9CVSS7AI score0.03268EPSS
Exploits17
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.249 views

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service Date: 2019-20-09 Exploit Author: Emilio Revelo Vendor Homepage: http://www.nsauditor.com/ Software Link : http://www.nsauditor.com/downloads/spotiesetup.exe Tested on: Windows 10 Pro x64 es Version: 2.9.5...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.1075 views

Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...

10CVSS10AI score0.99999EPSS
Exploits123
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.257 views

iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds

When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated object. If initWithCoder: or any method it calls decodes the same object,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.325 views

Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service

There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric. I've been able to construct an X.509 certificate that triggers the bug. I've found that...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.1350 views

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

Exploit Title: Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Date: 23/09/2018 Author: Nassim Asrir Vendor Homepage: https://www.pfsense.org/ Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2019-16701 Tested On: Windows 1064bit | Pfsense 2.3.4 / 2.4.4-...

9CVSS7AI score0.19614EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.186 views

File Sharing Wizard 1.5.0 - POST SEH Overflow

import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724 File-sharing-wizard-seh...

9.8CVSS9.8AI score0.72158EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.208 views

DeviceViewer 3.12.0.1 - 'creating user' Denial of Service

!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/24 12:0 a.m.351 views

Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

!/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 local SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 Tested on: Windows 7 Exploit summary: When adding a new use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.222 views

Gila CMS < 1.11.1 - Local File Inclusion

Exploit Title: Authenticated Local File InclusionLFI in GilaCMS Google Dork: N/A Date: 04-08-2019 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://github.com/GilaCMS/gila Software Link: https://github.com/GilaCMS/gila Version: 1.10.9 Tested on: XAMPP version 3.2.2 in Windows 10 64bit, CV...

4.9CVSS5.5AI score0.07032EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.453 views

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure

!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.649 views

InputMapper 1.6.10 - Denial of Service

Exploit Title: InputMapper 1.6.10 Local Denial of Service Date: 20.09.2019 Vendor Homepage: https://inputmapper.com/ Software Link: https://inputmapper.com/downloads/category/2-input-mapper Exploit Author: elkoyote07 Tested Version: 1.6.10 Tested on: Windows 10 x64 1.- Start Input Mapper 2.- Clic...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.117 views

vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.164 views

iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation

Exploit Title: SockPuppet 3 Date: September 8, 2019 Exploit Author: Umang Raghuvanshi Vendor Homepage: https://apple.com Software Link: https://ipsw.me/ Version: iOS 11.0—12.2, iOS 12.4 Tested on: iOS 11.0—12.2, iOS 12.4 CVE: CVE-2019-8605 This is an alternative and complete exploit for...

9.3CVSS8AI score0.17438EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/09/23 12:0 a.m.235 views

HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure

!/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com Software Link:...

5.3CVSS6AI score0.07103EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/09/20 12:0 a.m.36 views

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service DoS Exploit Author: Emilio Revelo Date: 2019-09-20 Software Link : http://www.nsauditor.com/downloads/spotiesetup.exe Tested on: Windows 10 Pro x64 es Steps to produce the DoS: 1.- Run perl script : perl...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/20 12:0 a.m.25 views

Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)

// ref : https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e include // uac bypass via wsreset.exe // @404death // EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47755.zip int main printf"\n+ Run First...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/20 12:0 a.m.593 views

LayerBB < 1.1.4 - Cross-Site Request Forgery

Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1. Description: LayerBB is a free open-source forum...

8.8CVSS9AI score0.02549EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.253 views

DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection

Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection Date: 2019-09-19 Exploit Author: n1x MS-WEB Vendor Homepage: http://www.digit-rs.com/ Product Homepage: http://digit-rs.com/centris.html Version: Every version CVE : N/A Vulnerable parameters: datum1, datum2, KID, PID POST REQUEST POST...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.492 views

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

9.8CVSS9.8AI score0.07079EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.264 views

macOS 18.7.0 Kernel - Local Privilege Escalation

macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/19 12:0 a.m.271 views

GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/18 12:0 a.m.238 views

Hospital-Management 1.26 - 'fname' SQL Injection

Exploit Title: Hospital-Management 1.26 - 'fname' SQL Injection Author: Cakes Discovery Date: 2019-09-18 Vendor Homepage: https://github.com/Mugerwa-Joseph/hospital-management Software Link: https://github.com/Mugerwa-Joseph/hospital-management/archive/master.zip Tested Version: 1.26 Tested on OS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/18 12:0 a.m.124 views

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map using memory corruption. Description: We are need modifying...

8.8CVSS9AI score0.08725EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.281 views

CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection

Exploit Title: CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection Author: Cakes Discovery Date: 2019-09-16 Vendor Homepage: https://github.com/SaloniKumari123/CollegeManagementSystem Software Link: https://github.com/SaloniKumari123/CollegeManagementSystem/archive/master.zip Tested Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.206 views

docPrint Pro 8.0 - SEH Buffer Overflow

import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.385 views

Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload

===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed description Thanks & Acknowledgements References ==========Vulnerability...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.83 views

Notepad++ < 7.7 (x64) - Denial of Service

Exploit Title: Notepad++ all x64 versions before 7.7. Remote memory corruption via .ml file. Google Dork: N/A Date: 2019-09-14 Exploit Author: Bogdan Kurinnoy [email protected] Vendor Homepage: https://notepad-plus-plus.org/ Version: 7.7 Tested on: Windows x64 CVE : CVE-2019-16294 Description:...

7.8CVSS7.9AI score0.09832EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.34 views

NetGain EM Plus 10.1.68 - Remote Command Execution

/ Exploit Title: NetGain EM Plus = v10.1.68 - Unauthorized Local File Inclusion Date: 15 September 2019 Exploit Author: azams / @TheRealAzams Vendor Homepage: http://netgain-systems.com Software Link: http://www.netgain-systems.com/free/ Version: v10.1.68 Tested on: Linux Install golang:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.319 views

Inteno IOPSYS Gateway - Improper Access Restrictions

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

6.5CVSS6.7AI score0.02035EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.544 views

AppXSvc - Privilege Escalation

----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested...

7.8CVSS7.1AI score0.414EPSS
Exploits21
Exploit DB
Exploit DB
added 2019/09/14 12:0 a.m.417 views

College-Management-System 1.2 - Authentication Bypass

Exploit Title: College-Management-System 1.2 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System Software Link: https://github.com/ajinkyabodade/College-Management-System/archive/master.zip Tested Version: 1....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/14 12:0 a.m.503 views

Ticket-Booking 1.4 - Authentication Bypass

Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version: 1.4 Tested on OS: CentOS ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/13 12:0 a.m.343 views

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...

6.5CVSS7AI score0.10182EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/13 12:0 a.m.296 views

Folder Lock 7.7.9 - Denial of Service

Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Version: 7.7.9 Tested on: Windows 7 x64 1.-...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/13 12:0 a.m.374 views

Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting

Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux CVE:...

6.1CVSS6.5AI score0.0299EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/13 12:0 a.m.298 views

LimeSurvey 3.17.13 - Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...

5.4CVSS6.2AI score0.04611EPSS
Exploits8
Total number of security vulnerabilities47904