Lucene search
K
PacketstormRecent

50786 matches found

Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.388 views

Safari Type Confusion / Sandbox Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari in Operator Side Effect Exploit', 'Description' = %q This module exploits an incorrect side-effect modeling of the 'in' operator. The DFG...

7.5CVSS0.2AI score0.77246EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.275 views

GetSimple CMS 3.3.16 Cross Site Scripting

Exploit Title: GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download Version: 3.3.16 Tested on: Linux Ubuntu 18.04 CVE: N/A 1...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.207 views

Qiata FTA 1.70.19 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Versions: ' by flipping the direction of the special character. Also, quotation marks are escaped properly. An attacker can use the behavior to construct a malicious...

0.2AI score0.01235EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.171 views

Corona Exposure Notifications API Data Leakage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Corona Exposure Notifications API for Apple iOS and Google Android risk of coercion/data leakage post notification CVE-2020-24721 / CVSS v3.1 score: 5.9 AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:H/RL:U/RC:C/CR:H/IR:L...

5.7AI score0.00318EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.260 views

DOMOS 5.8 Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-025 Product: DOMOS Manufacturer: Secudos GmbH Affected Versions: = DOMOS 5.8 Tested Versions: DOMOS 5.8 Vulnerability Type: OS Command Injection CWE-78 Risk Level: Low Solution Status: Solved Manufacturer Notification:...

7.7AI score0.05261EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.326 views

MailDepot 2032 SP2 Session Expiration

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Insufficient Session Expiration CWE-613 Risk Level: Low Solution Status: Fixed...

7.6AI score0.01164EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.166 views

WebsiteBaker 2.12.2 Remote Code Execution

Exploit Title: WebsiteBaker 2.12.2 - Remote Code Execution Date: 2020-07-04 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/downloads Version: 2.12.2 Tested on: Windows 10 and Ubuntu...

Exploits0
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.154 views

BearShare Lite 5.2.5 Buffer Overflow

Title: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in PoC Date: 2020-09-29 Author: Christian Vierschilling Vendor Homepage: http://www.bearshareofficial.com/ Software Link: http://www.oldversion.com.de/windows/bearshare-lite-5-2-5 Versions: 5.1.0 - 5.2.5 Tested on: Windows 10 x64 EN/D...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.640 views

Cisco AnyConnect Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco AnyConnect Privilege Escalations CVE-2020-3153 and CVE-2020-3433', 'Description' = %q The installer component of Cisco AnyConnect Secure...

7.2CVSS0.9AI score0.28307EPSS
Exploits16
Packet Storm
Packet Storm
added 2020/09/29 12:0 a.m.255 views

CloudMe 1.11.2 Buffer Overflow

Exploit Title: CloudMe 1.11.2 - Turing Complete Add-Admin ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: September 29th, 2020 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x6...

7.5CVSS0.6AI score0.93597EPSS
Exploits29
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.154 views

Joplin 1.0.245 Cross Site Scripting / Code Execution

Exploit Title: Joplin 1.0.245 - Arbitrary Code Execution PoC Date: 2020-09-21 Exploit Author: Ademar Nowasky Junior @nowaskyjr Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/download/v1.0.245/Joplin-Setup-1.0.245.exe Version: 1.0.190 to 1.0.245...

6.3AI score0.04377EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.219 views

Mida eFramework 2.8.9 Remote Code Execution

Exploit Title: Mida eFramework 2.8.9 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

10CVSS0.6AI score0.57326EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.238 views

MaraCMS 7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MaraCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in MaraCMS 7.5 and prior in...

6.5CVSS0.2AI score0.18107EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.335 views

Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/exploit/exe' require 'msf/core/post/windows/registry'...

6.8CVSS0.39967EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.223 views

MSI Ambient Link Driver 1.0.0.8 Privilege Escalation

/ Exploit Title: MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation Date: 2020-09-24 Exploit Author: Matteo Malvica Vendor Homepage: https://www.msi.com Software Link: https://msi.gm/ABLTMNB Driver: MSIO64.sys SHA256: 525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD...

0.7AI score0.02075EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/25 12:0 a.m.449 views

Anchor CMS 0.12.7 Cross Site Scripting

Exploit Title: Anchor CMS 0.12.7 - Persistent Cross-Site Scripting Authenticated Date: 2020-09-24 Exploit Author: Sinem Şahin Vendor Homepage: https://anchorcms.com/ Version: 0.12.7 Tested on: Windows & XAMPP == Tutorial http://HOST/admin/ 2- Login to admin panel. 3- Press "Posts" button. 4- Writ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/25 12:0 a.m.339 views

BigTree CMS 4.4.10 Remote Code Execution

Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution Google Dork: " BigTree CMS " Date: 2020-25-09 Exploit Author: SunCSR ThienNV and HoaVT - Sun Cyber Security Research Vendor Homepage: https://www.bigtreecms.org/ Software Link: https://www.bigtreecms.org/ Version: 4.4.10 Tested on: Windows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/24 12:0 a.m.523 views

Simple Online Food Ordering System 1.0 SQL Injection

Exploit Title: Simple Online Food Ordering System 1.0 - 'id' SQL Injection Unauthenticated Google Dork: N/A Date: 2020-09-22 Exploit Author: Eren 'Aporlorxl23' Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14460/simple-online-food-ordering-system-using-phpmysql.html Software Link:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/23 12:0 a.m.300 views

Online Food Ordering System 1.0 Remote Code Execution

Exploit Title: Online Food Ordering System 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-09-22 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14460/simple-online-food-ordering-system-using-phpmysql.html Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.222 views

Visitor Management System In PHP 1.0 Cross Site Scripting

Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Window...

6.4AI score0.01825EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.267 views

Flatpress Add Blog 1.0.3 Cross Site Scripting

Exploit Title: Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting Google Dork: - Date: 2020-09-19 Exploit Author: Alperen Ergel Vendor Homepage: https://www.flatpress.org/ Software Link: https://github.com/evacchi/flatpress/releases/tag/v1.0.3 Version: 1.0.3 Tested on: windows 10 / xampp...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.299 views

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection', 'Description' = %q This module exploits an authenticated command...

9CVSS1.1AI score0.93967EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.235 views

Seat Reservation System 1.0 SQL Injection

Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version: 1.0...

0.11301EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.295 views

Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution

Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...

7.5CVSS0.83912EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.237 views

Visitor Management System In PHP 1.0 SQL Injection

Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Windo...

0.7AI score0.02169EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/22 12:0 a.m.495 views

Jenkins 2.56 CLI Deserialization / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins CLI Deserialization', 'Description' = %q An unauthenticated Java object deserialization vulnerability exists in the CLI component for...

7.5CVSS0.4AI score0.99679EPSS
Exploits36
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.689 views

BlackCat CMS 1.3.6 Cross Site Request Forgery

Exploit Title: BlackCat CMS 1.3.6 - Cross-Site Request Forgery Date: 2020-06-01 Exploit Author: Noth Vendor Homepage: https://github.com/BlackCatDevelopment/BlackCatCMS Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Version: v1.3.6 CVE : CVE-2020-25453 BlackCat CMS v1.3.6 has a...

6.8CVSS0.5AI score0.06281EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.436 views

Online Shop Project 1.0 SQL Injection

Exploit Title: Online Shop Project 1.0 - 'p' SQL Injection Date: 2020-09-20 Exploit Author: Augkim Vendor Homepage: https://www.sourcecodester.com/php/14448/online-shop-project-using-phpmysql.html Software Link:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.260 views

Seat Reservation System 1.0 SQL Injection

Exploit Title: Seat Reservation System 1.0 - 'id' SQL Injection Date: 2020-09-20 Exploit Author: Augkim Vendor Homepage: https://www.sourcecodester.com/php/14452/seat-reservation-system-movie-theater-project-using-phpmysql.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.297 views

ForensiTAppxService 2.2.0.4 Unquoted Service Path

Exploit Title: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path Discovery by: Burhanettin Özgenç Discovery Date: 2020-09-15 Vendor Homepage: https://www.forensit.com/downloads.html Tested Version: 2.2.0.4 Vulnerability Type: Unquoted Service Path Tested on OS: Windows...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.230 views

B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution Vendor: B-Swiss SARL | b-tween Sarl Product web page: https://www.b-swiss.com Affected version: 3.6.5 3.6.2 3.6.1 3.6.0 3.5.80 3.5.40 3.5.20 3.5.00 3.2.00 3.1.00 Summary: Intelligent...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.193 views

Seat Reservation System 1.0 Shell Upload

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files. Vendor Homepage: www.sourcecodester.com Software Link:...

9.7AI score0.04984EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.389 views

Mida eFramework 2.9.0 Backdoor Access

Exploit Title: Mida eFramework 2.9.0 - Back Door Access Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

7.5CVSS0.3AI score0.18293EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/21 12:0 a.m.461 views

VyOS restricted-shell Escape / Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'VyOS restricted-shell Escape and Privilege Escalation', 'Description' = %q This module exploits...

9CVSS0.8AI score0.15411EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/20 12:0 a.m.205 views

B-swiss 3 Digital Signage System 3.6.5 Cross Site Request Forgery

!-- B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin Vendor: B-Swiss SARL | b-tween Sarl Product web page: https://www.b-swiss.com Affected version: 3.6.5 3.6.2 3.6.1 3.6.0 3.5.80 3.5.40 3.5.20 3.5.00 3.2.00 3.1.00 Summary: Intelligent digital signage made easy. To go beyond the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/19 12:0 a.m.282 views

B-swiss 3 Digital Signage System 3.6.5 Database Disclosure

B-swiss 3 Digital Signage System 3.6.5 Database Disclosure Vendor: B-Swiss SARL | b-tween Sarl Product web page: https://www.b-swiss.com Affected version: 3.6.5 3.6.2 3.6.1 3.6.0 3.5.80 3.5.40 3.5.20 3.5.00 3.2.00 3.1.00 Summary: Intelligent digital signage made easy. To go beyond the possibiliti...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/18 12:0 a.m.406 views

SpamTitan 7.07 Remote Code Execution

Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

7.6AI score0.09644EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/09/18 12:0 a.m.923 views

Navy Federal Cross Site Scripting

Vendor ------------------------------------------------- Navy Federal - https://www.navyfederal.org/ Product ------------------------------------------------- Front pubic facing application Credit ------------------------------------------------- Arthrocyber http://arthrocyber.com/research/findin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/18 12:0 a.m.1317 views

Mantis Bug Tracker 2.3.0 Remote Code Execution

Exploit Title: Mantis Bug Tracker 2.3.0 - Remote Code Execution Unauthenticated Date: 2020-09-17 Vulnerability Discovery: hyp3rlinx, permanull Exploit Author: Nikolas Geiselman Vendor Homepage: https://mantisbt.org/ Software Link: https://mantisbt.org/download.php Version: 1.3.0/2.3.0 Tested on:...

6.5CVSS0.3AI score0.90856EPSS
Exploits12
Packet Storm
Packet Storm
added 2020/09/18 12:0 a.m.898 views

TP-Link Cloud Cameras NCXXX Bonjour Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TP-Link Cloud Cameras NCXXX Bonjour Command Injection', 'Description' = %q TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250,...

9CVSS0.1AI score0.74338EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/09/18 12:0 a.m.406 views

D-Link DGS-1210-28 Denial Of Service

Exploit Title: D-Link DGS-1210-28 Denial of Service Date: 18 Sep 2020 Exploit Author: Saeed Reza Zamanian Product : D-Link DGS-1210-28 Vendor Homepage: https://www.dlink.com/ Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch Version : DGS-1210-28...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/17 12:0 a.m.498 views

Microsoft Spooler Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Spooler Local Privilege Elevation Vulnerability', 'Description' = %q This exploit leverages a file write vulnerability in the print...

7.2CVSS0.5AI score0.16502EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/09/17 12:0 a.m.899 views

Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary co...

0.1AI score0.47145EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/09/17 12:0 a.m.2015 views

Microsoft SQL Server Reporting Services 2016 Remote Code Execution

Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Google Dork: inurl:ReportViewer.aspx Date: 2020-09-17 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft SQL Server 2016 32-bit/x64 SP2 CU/GDR, Microsoft SQL Server 2014...

6.5CVSS8.2AI score0.98842EPSS
Exploits14
Packet Storm
Packet Storm
added 2020/09/16 12:0 a.m.642 views

Mida Solutions eFramework ajaxreq.php Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mida Solutions eFramework ajaxreq.php Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Mida...

10CVSS0.4AI score0.98239EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/09/16 12:0 a.m.708 views

1CRM 8.6.7 Insecure Direct Object Reference

Security Advisory ARA-2020-005: Insecure Direct Object Reference CVE-2020-15958 Affected Products and Environments Product: 1CRM =8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System ENT-8.6.6 and Startup+ Edition 8.5.15 Environments: All host environments Security Risk Severity: High CVSS v3:...

8.8AI score0.02716EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/09/16 12:0 a.m.478 views

Piwigo 2.10.1 Cross Site Scripting

Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...

3.5CVSS5.5AI score0.23822EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/09/16 12:0 a.m.547 views

Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery CWE-918 Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: 8.3...

0.1AI score0.05505EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/09/15 12:0 a.m.768 views

ThinkAdmin 6 Arbitrary File Read

Exploit Title: ThinkAdmin 6 - Arbitrarily File Read Google Dork: N/A Date: 2020-09-14 Exploit Author: Hzllaga Vendor Homepage: https://github.com/zoujingli/ThinkAdmin/ Software Link: Before https://github.com/zoujingli/ThinkAdmin/commit/ff2ab47cfabd4784effbf72a2a386c5d25c43a9a Version: v6 =...

0.8AI score0.75881EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/09/15 12:0 a.m.574 views

Tailor MS 1.0 Cross Site Scripting

Exploit Title: Tailor MS 1.0 - Reflected Cross-Site Scripting Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-09-14 CVE ID: CVE-2020-23835 Vendor Homepage: https://www.sourcecodester.com Software Link:...

4.3CVSS6.4AI score0.02289EPSS
Exploits3
Total number of security vulnerabilities50786