Lucene search
K
ExploitpackMost viewed

41207 matches found

exploitpack
exploitpack
added 2000/04/12 12:0 a.m.32 views

AVM KEN! 1.3.101.4.30 - Remote Denial of Service

AVM KEN! 1.3.101.4.30 - Remote Denial of Service source: https://www.securityfocus.com/bid/1103/info A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN!. This is accomplished by appending ../ to a URL utilizing port 3128 to escape the regular...

Exploits0
exploitpack
exploitpack
added 1997/04/28 12:0 a.m.32 views

SGI IRIX 6.5.4 Solaris 2.5.1 - ps(1) Buffer Overflow

SGI IRIX 6.5.4 Solaris 2.5.1 - ps1 Buffer Overflow source: https://www.securityfocus.com/bid/220/info The ps command prints information about active processes on a system. Due to insufficient bounds checking on arguments supplied to ps, it is possible to overwrite the internal data space of the p...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2020/02/24 12:0 a.m.31 views

AMSS++ v 4.31 - id SQL Injection

AMSS++ v 4.31 - id SQL Injection Title : AMSS++ v 4.31 - 'id' SQL Injection Author : indoushka Tested on: windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor: http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork: แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2020/02/06 12:0 a.m.31 views

AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC)

AbsoluteTelnet 11.12 - license name Denial of Service PoC Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link :...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2019/12/30 12:0 a.m.31 views

HomeAutomation 3.3.2 - Authentication Bypass

HomeAutomation 3.3.2 - Authentication Bypass Exploit: HomeAutomation 3.3.2 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/12/03 12:0 a.m.31 views

Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass

Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Exploit Title: Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Discovery by: hyp3rlinx Date: 2019-12-03 Vendor Homepage: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/12/02 12:0 a.m.31 views

Nsauditor 3.1.8.0 - Name Denial of Service (PoC)

Nsauditor 3.1.8.0 - Name Denial of Service PoC Exploit Title: Nsauditor 3.1.8.0 - 'Name' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2019/10/08 12:0 a.m.31 views

Zabbix 4.4 - Authentication Bypass

Zabbix 4.4 - Authentication Bypass Exploit Title: Zabbix 4.4 - Authentication Bypass Date: 2019-10-06 Exploit Author: Todor Donev Software Link: https://www.zabbix.com/download Version: Zabbix 4.4 Tested on: Linux Apache/2 PHP/7.2 Zabbix Initializing the browser Referer = User-Agent = Opera/9.61...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/10/07 12:0 a.m.31 views

Joomla 3.4.6 - configuration.php Remote Code Execution

Joomla 3.4.6 - configuration.php Remote Code Execution Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link:...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2019/08/30 12:0 a.m.31 views

WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting

WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage:...

4.3CVSS5.5AI score0.03213EPSS
Exploits5
exploitpack
exploitpack
added 2019/08/28 12:0 a.m.31 views

Outlook Password Recovery 2.10 - Denial of Service

Outlook Password Recovery 2.10 - Denial of Service Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2019/08/27 12:0 a.m.31 views

Tableau - XML External Entity

Tableau - XML External Entity Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads: https://www.tableau.com/products/desktop/download...

5.5CVSS0.14314EPSS
Exploits5
exploitpack
exploitpack
added 2019/08/15 12:0 a.m.31 views

Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList

Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2019/08/08 12:0 a.m.31 views

Open-School 3.0 Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0 Community Edition 2.3 - Cross-Site Scripting Exploit Title: title Date: 2019 08 06 Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE : CVE-2019-14696 Open-School 3.0, and...

4.3CVSS6.1AI score0.15439EPSS
Exploits5
exploitpack
exploitpack
added 2019/08/07 12:0 a.m.31 views

WordPress Plugin JoomSport 3.3 - SQL Injection

WordPress Plugin JoomSport 3.3 - SQL Injection Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link:...

7.5CVSS0.21091EPSS
Exploits5
exploitpack
exploitpack
added 2019/07/15 12:0 a.m.31 views

CISCO Small Business 200 300 500 Switches - Multiple Vulnerabilities

CISCO Small Business 200 300 500 Switches - Multiple Vulnerabilities Exploit Title: CISCO Small Business 200, 300, 500 Switches Multiple Vulnerabilities. Shodan query: /config/logoffpage.html Discovered Date: 07/03/2014 Reported Date: 08/04/2019 Exploit Author: Ramikan Website:...

5.8CVSS0.1AI score0.1051EPSS
Exploits3
exploitpack
exploitpack
added 2019/07/10 12:0 a.m.31 views

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Unbounded iFD

Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Unbounded iFD -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Exploits0
exploitpack
exploitpack
added 2019/06/25 12:0 a.m.31 views

SuperDoctor5 - NRPE Remote Code Execution

SuperDoctor5 - NRPE Remote Code Execution SuperMicro implemented a Remote Command Execution plugin in their implementation of NRPE in SuperDocter 5, which is their monitoring utility for SuperMicro chassis'. This is an intended feature but leaves the system open by default to unauthenticated remo...

8.1AI score
Exploits0
exploitpack
exploitpack
added 2019/06/18 12:0 a.m.31 views

Sahi pro 8.x - SQL Injection

Sahi pro 8.x - SQL Injection Exploit Title: Sahi pro :/s/dyn/pro/DBReports?sql=SELECT DISTINCT memoryused AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS. FROM SUITEREPORTS,SCRIPTREPORTS...

7.5CVSS0.7AI score0.18539EPSS
Exploits5
exploitpack
exploitpack
added 2019/06/10 12:0 a.m.31 views

UliCMS 2019.1 Spitting Lama - Persistent Cross-Site Scripting

UliCMS 2019.1 Spitting Lama - Persistent Cross-Site Scripting Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting Google Dork: intext:"by UliCMS" Date: 2019-05-12 Exploit Author: Unk9vvN Vendor Homepage: https://en.ulicms.de Software Link:...

4.3CVSS6.1AI score0.03473EPSS
Exploits9
exploitpack
exploitpack
added 2019/05/24 12:0 a.m.31 views

Cyberoam General Authentication Client 2.1.2.7 - Server Address Denial of Service (PoC)

Cyberoam General Authentication Client 2.1.2.7 - Server Address Denial of Service PoC Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link:...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/04/22 12:0 a.m.31 views

UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting

UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...

4.3CVSS6.1AI score0.03473EPSS
Exploits9
exploitpack
exploitpack
added 2019/04/17 12:0 a.m.31 views

ASUS HG100 - Denial of Service

ASUS HG100 - Denial of Service Exploit Title:ASUS HG100 devices denial of serviceDOS via IPv4 packets/SlowHTTPDOS Date: 2019-04-14 Exploit Author: YinT Wang; Vendor Homepage: www.asus.com Version: Hardware version: HG100 、Firmware version: 1.05.12 Tested on: Currnet 1.05.12 CVE : CVE-2018-11492 1...

7.8CVSS7.6AI score0.11386EPSS
Exploits5
exploitpack
exploitpack
added 2019/04/16 12:0 a.m.31 views

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition Privilege Escalation Windows: LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Window...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/04/10 12:0 a.m.31 views

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-5...

3.5CVSS5.1AI score0.01515EPSS
Exploits5
exploitpack
exploitpack
added 2019/04/05 12:0 a.m.31 views

AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow

AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow Date: 2019-04-02 Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2019/04/04 12:0 a.m.31 views

FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)

FreeSMS 2.1.2 - SQL Injection Authentication Bypass Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Date: 2019-04-03 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2019/03/18 12:0 a.m.31 views

TheCarProject 2 - Multiple SQL Injection

TheCarProject 2 - Multiple SQL Injection =========================================================================================== Exploit Title: TheCarProject v2 - 'manid' SQL Inj. Dork: N/A Date: 17-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://thecarproject.org/ Software...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2019/03/13 12:0 a.m.31 views

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion ============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel García Cárdenas - Severity: 7/10 CVSS Base Score - CVE-ID:...

7.5CVSS0.4AI score0.40771EPSS
Exploits5
exploitpack
exploitpack
added 2019/03/13 12:0 a.m.31 views

Core FTP Server FTP SFTP Server v2 Build 674 - MDTM Directory Traversal

Core FTP Server FTP SFTP Server v2 Build 674 - MDTM Directory Traversal Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Google Dork: N/A Date: 3/13/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link:...

5CVSS0.1AI score0.14535EPSS
Exploits8
exploitpack
exploitpack
added 2019/03/04 12:0 a.m.31 views

Craft CMS 3.1.12 Pro - Cross-Site Scripting

Craft CMS 3.1.12 Pro - Cross-Site Scripting Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro...

4.3CVSS6.1AI score0.02591EPSS
Exploits5
exploitpack
exploitpack
added 2019/03/01 12:0 a.m.31 views

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2019/03/01 12:0 a.m.31 views

Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module

Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/02/20 12:0 a.m.31 views

FaceTime - Texture Processing Memory Corruption

FaceTime - Texture Processing Memory Corruption There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. thread 7, stop reason = EXCBADACCESS code=EXCI386GPFLT frame 0: 0x00007fff56baaa92...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2019/02/15 12:0 a.m.31 views

qdPM 9.1 - search_by_extrafields[] SQL Injection

qdPM 9.1 - searchbyextrafields SQL Injection =========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2019/02/14 12:0 a.m.31 views

DomainMOD 4.11.01 - category.php CatagoryName_ StakeHolder Cross-Site Scripting

DomainMOD 4.11.01 - category.php CatagoryName StakeHolder Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod...

3.5CVSS5.3AI score0.04428EPSS
Exploits6
exploitpack
exploitpack
added 2019/02/11 12:0 a.m.31 views

IP-Tools 2.5 - Log to file Local Buffer Overflow (SEH) (Egghunter)

IP-Tools 2.5 - Log to file Local Buffer Overflow SEH Egghunter !/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: IP-Tools 2.5 - Local Buffer OverflowEggHunter Date: 2019-02-06 Author:...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/01/28 12:0 a.m.31 views

Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)

Faleemi Desktop Software 1.8 - Local Buffer Overflow SEH DEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow SEHDEP Bypass Date: 01-26-19 Vulnerable Software: Faleemi Desktop Software 1.8 Vendor Homepage:...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2018/11/20 12:0 a.m.31 views

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...

5CVSS0.3AI score0.02426EPSS
Exploits5
exploitpack
exploitpack
added 2018/11/05 12:0 a.m.31 views

SiAdmin 1.1 - id SQL Injection

SiAdmin 1.1 - id SQL Injection Exploit Title: SiAdmin 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.bubul.net/ Software Link: https://kent.dl.sourceforge.net/project/siadmin/SiAdmin%201.1/SiAdmin%201.1.zip Version: 1.1 Category: Webap...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2018/10/29 12:0 a.m.31 views

School Attendance Monitoring System 1.0 - SQL Injection

School Attendance Monitoring System 1.0 - SQL Injection Exploit Title: School Attendance Monitoring System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

7.5CVSS0.3AI score0.03213EPSS
Exploits5
exploitpack
exploitpack
added 2018/10/16 12:0 a.m.31 views

Kados R10 GreenBee - release_id SQL Injection

Kados R10 GreenBee - releaseid SQL Injection Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapp...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2018/09/13 12:0 a.m.31 views

InduSoft Web Studio 8.1 SP1 - Tag Name Buffer Overflow (SEH)

InduSoft Web Studio 8.1 SP1 - Tag Name Buffer Overflow SEH Exploit Title: InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-11 Vendor Homepage: http://www.indusoft.com/ Software Link: http://www.indusoft.com/Products-Downloads Tested...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/09/07 12:0 a.m.31 views

MedDream PACS Server Premium 6.7.1.1 - email SQL Injection

MedDream PACS Server Premium 6.7.1.1 - email SQL Injection Exploit Title: MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Date: 2018-05-23 Software https://www.softneta.com/products/meddream-pacs-server/downloads.html Version: MedDreamPACS Premium 6.7.1.1 Exploit Author: Carlos Avila...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2018/09/05 12:0 a.m.31 views

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version:...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2018/08/29 12:0 a.m.31 views

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Exploit Title: Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Date: 2018-07-16 WebPage: https://CTRLu.net/ Vendor Homepage: http://www.eaton.com/ Vendor Advisory:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/08/15 12:0 a.m.31 views

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution SQL Injection

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution SQL Injection Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and...

7.5CVSS0.8AI score0.4476EPSS
Exploits13
exploitpack
exploitpack
added 2018/08/14 12:0 a.m.31 views

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Cloudme 1.9 - Buffer Overflow DEP Metasploit Exploit Title: Cloudme 1.9 - Buffer Overflow DEP Metasploit Date: 2018-08-13 Exploit Author: Raymond Wellnitz Vendor Homepage: https://www.cloudme.com Version: 1.8.x/1.9.x Tested on: Windows 7 x64 CVE : 2018-6892 This module requires Metasploit:...

7.5CVSS0.3AI score0.93597EPSS
Exploits29
exploitpack
exploitpack
added 2018/07/31 12:0 a.m.31 views

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact:...

5CVSS7.8AI score0.33034EPSS
Exploits3
exploitpack
exploitpack
added 2018/07/02 12:0 a.m.31 views

VMware NSX SD-WAN Edge 3.1.2 - Command Injection

VMware NSX SD-WAN Edge 3.1.2 - Command Injection !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start...

6.8CVSS0.3AI score0.86431EPSS
Exploits6
Total number of security vulnerabilities5000