Merge remote-tracking branch 'exploitdb/main'

This commit is contained in:
Brendan McDevitt 2025-04-15 00:01:40 +00:00
commit f2ad90c38c
52 changed files with 230 additions and 246 deletions

View file

@ -1,4 +1,4 @@
# Exploit Title: Microchip TimeProvider 4100 Grandmaster Config File - Remote Code Execution (RCE)
# Exploit Title: Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
# Exploit Author: Armando Huesca Prida

View file

@ -1,4 +1,4 @@
# Exploit Title: Microchip TimeProvider 4100 Grandmaster (banner) - Stored XSS
# Exploit Title: Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Armando Huesca Prida

View file

@ -1,4 +1,4 @@
# Exploit Title: Microchip TimeProvider 4100 Grandmaster - Unauthenticated SQL Injection
# Exploit Title: Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
# Exploit Author: Armando Huesca Prida, Marco Negro

View file

@ -1,13 +1,11 @@
################################################################
############################ #
#- Exploit Title: DataEase Database Creds Extractor #
#- Shodan Dork: http.html:"dataease" #
#- FOFA Dork: body="dataease" && title=="DataEase" #
#- Exploit Author: ByteHunter #
#- Email: 0xByteHunter@proton.me #
#- vulnerable Versions: 2.4.0-2.5.0 #
#- Tested on: 2.4.0 #
#- CVE : CVE-2024-30269 #
# Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure
# Shodan Dork: http.html:"dataease" #
# FOFA Dork: body="dataease" && title=="DataEase" #
# Exploit Author: ByteHunter #
# Email: 0xByteHunter@proton.me #
# vulnerable Versions: 2.4.0-2.5.0 #
# Tested on: 2.4.0 #
# CVE : CVE-2024-30269 #
############################ #
################################################################

View file

@ -1,4 +1,4 @@
# Exploit Title: Apache HugeGraph < 1.2.0 Remote Code Execution (Unauthenticated)
# Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)
# Exploit Author: Yesith Alvarez
# Vendor Homepage: https://hugegraph.apache.org/docs/download/download/
# Version: Apache HugeGraph 1.0.0 - 1.2.0

View file

@ -1,24 +1,4 @@
Hey,
Overview: The Ewon Cosy+ is a VPN gateway used for remote access and
maintenance in industrial environments. The manufacturer describes the
product as follows (see [1]): "The Ewon Cosy+ gateway establishes a secure
VPN connection between the machine (PLC, HMI, or other devices) and the
remote engineer. The connection happens through Talk2m, a highly secured
industrial cloud service. The Ewon Cosy+ makes industrial remote access
easy and secure like never before!" Due to improper neutralization of
parameters read from a user-controlled configuration file, an authenticated
attacker is able to inject and execute OS commands on the device.
Vulnerability Details: Authenticated attackers are able to upload a custom
OpenVPN configuration. This configuration can contain the OpenVPN
paramaters "--up" and "--down", which execute a specified script or
executable. Since the process itself runs with the highest privileges
(root), this allows the device to be completely compromised.
PoC:
# Exploit Title: Ewon Cosy+ Command Injection
# Exploit Title: Cosy+ firmware 21.2s7 - Command Injection
# Google Dork: N/A
# Date: 2024-8-20
# Exploit Author: CodeB0ss
@ -50,4 +30,22 @@ create_malicious_openvpn_config(config) print(f" - --> config_created
GitHub:
https://github.com/codeb0ss/CVE-2024-33896-PoC
https://github.com/codeb0ss/CVE-2024-33896-PoC
Hey,
Overview: The Ewon Cosy+ is a VPN gateway used for remote access and
maintenance in industrial environments. The manufacturer describes the
product as follows (see [1]): "The Ewon Cosy+ gateway establishes a secure
VPN connection between the machine (PLC, HMI, or other devices) and the
remote engineer. The connection happens through Talk2m, a highly secured
industrial cloud service. The Ewon Cosy+ makes industrial remote access
easy and secure like never before!" Due to improper neutralization of
parameters read from a user-controlled configuration file, an authenticated
attacker is able to inject and execute OS commands on the device.
Vulnerability Details: Authenticated attackers are able to upload a custom
OpenVPN configuration. This configuration can contain the OpenVPN
paramaters "--up" and "--down", which execute a specified script or
executable. Since the process itself runs with the highest privileges
(root), this allows the device to be completely compromised.

View file

@ -1,6 +1,4 @@
#!/bin/python3
# Exploit Title: Unauthenticated RCE via Angular-Base64-Upload Library
# Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
# Date: 10 October 2024
# Discovered by : Ravindu Wickramasinghe | rvz (@rvizx9)
# Exploit Author: Ravindu Wickramasinghe | rvz (@rvizx9)
@ -26,6 +24,7 @@
# It is your responsibility to ensure compliance with all applicable laws and regulations governing your use of this software.
# Proceed with caution and use this code responsibly.
#!/bin/python3
import re
import subprocess

View file

@ -1,4 +1,4 @@
# Title: K7 Ultimate Security < v17.0.2019 "K7RKScan.sys" Null Pointer Dereference
# Exploit Title: K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
# Date: 13.08.2024
# Author: M. Akil Gündoğan
# Vendor Homepage: https://k7computing.com/

View file

@ -1,4 +1,4 @@
# Exploit Title: IDOR Vulnerability in KubeSphere v3.4.0 & KubeSphere Enterprise v4.1.1
# Exploit Title: KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
# Date: 3 September
# Exploit Author: Okan Kurtulus
# Vendor Homepage: https://kubesphere.io

View file

@ -1,4 +1,4 @@
# Exploit Title: CVE-2024-4956: Unauthenticated Path Traversal in Nexus Repository Manager 3
# Exploit Title: Sonatype Nexus Repository 3.53.0-01 - Path Traversal
# Google Dork: header="Server: Nexus/3.53.0-01 (OSS)"
# Date: 2024-09-22
# Exploit Author: VeryLazyTech

View file

@ -1,4 +1,4 @@
# Exploit Title: CVE-2024-4358: Telerik Report Server Authentication Bypass
# Exploit Title: Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
# Fofa Dork: title="Telerik Report Server"
# Date: 2024-09-22
# Exploit Author: VeryLazyTech

View file

@ -1,5 +1,4 @@
ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution
# Exploit Title : ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
Vendor: ABB Ltd.
Product web page: https://www.global.abb

View file

@ -1,4 +1,4 @@
ABB Cylon Aspect 3.07.02 (downloadDb.php) Authenticated File Disclosure
# Exploit Title : ABB Cylon Aspect 3.07.02 - File Disclosure
Vendor: ABB Ltd.

View file

@ -1,5 +1,4 @@
- IBM Security Verify Access >= 10.0.0 <= 10.0.8 - Open Redirect during OAuth Flow
# Exploit Title : IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
======== < Table of Contents > ================================================
0. Overview

View file

@ -1,13 +1,11 @@
################################################################################################
############################ #
#- Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool #
#- Shodan Dork: html:"expedition project" #
#- FOFA Dork: "expedition project" && icon_hash="1499876150" #
#- Exploit Author: ByteHunter #
#- Email: 0xByteHunter@proton.me #
#- Vulnerable Versions: 1.2 < 1.2.92 #
#- Tested on: 1.2.90.1 & 1.2.75 #
#- CVE : CVE-2024-5910 #
# Exploit Title: Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
# Shodan Dork: html:"expedition project" #
# FOFA Dork: "expedition project" && icon_hash="1499876150" #
# Exploit Author: ByteHunter #
# Email: 0xByteHunter@proton.me #
# Vulnerable Versions: 1.2 < 1.2.92 #
# Tested on: 1.2.90.1 & 1.2.75 #
# CVE : CVE-2024-5910 #
############################ #
################################################################################################

View file

@ -1,3 +1,4 @@
# Exploit Title : Watcharr 1.43.0 - Remote Code Execution (RCE)
# CVE-2024-48827 exploit by Suphawith Phusanbai
# Affected Watcharr version 1.43.0 and below.
import argparse

View file

@ -1,4 +1,4 @@
# Exploit Title: MaxTime Database Editor 1.9 Authentication Bypass
# Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)
# Google Dork: N/A
# Date: 07/09/2024
# Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com

View file

@ -1,4 +1,4 @@
# Exploit Title: Cisco SSM On-Prem; Account Takeover (CVE-2024-20419)
# Exploit Title: Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover
# Google Dork: N/A
# Date: 21/07/2024
# Exploit Author: Mohammed Adel

View file

@ -1,15 +1,17 @@
# Exploit Title: [MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/magnussolution/magnusbilling7]
# Software Link: [https://github.com/magnussolution/magnusbilling7]
# Version: [7.3.0]
# Tested on: [Centos]
# CVE : [CVE-2023-30258]
# Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/magnussolution/magnusbilling7
# Software Link: https://github.com/magnussolution/magnusbilling7
# Version: 7.3.0
# Tested on: Centos
# CVE : CVE-2023-30258
PoC:
# PoC URL for Command Injection
http://magnusbilling/lib/icepay/icepay.php?democ=testfile; id > /tmp/injected.txt
Result: This PoC attempts to inject the id command.
[Replace Your Domain Name]

View file

@ -1,4 +1,4 @@
# Exploit Title: CyberPanel v2.3.5, v2.3.6 - Remote Code Execution (RCE) (Unauthenticated)
# Exploit Title: CyberPanel 2.3.6 - Remote Code Execution (RCE)
# Date: 10/29/2024
# Exploit Author: Luka Petrovic (refr4g)
# Vendor Homepage: https://cyberpanel.net/

View file

@ -1,4 +1,4 @@
# Exploit Title: Usermin 2.100 - Username Enumeration
# Exploit Title: Webmin Usermin 2.100 - Username Enumeration
# Date: 10.02.2024
# Exploit Author: Kjesper
# Vendor Homepage: https://www.webmin.com/usermin.html

View file

@ -1,4 +1,4 @@
# Exploit Title: MoziloCMS 3.0 - Remote Code Execution (RCE) (Authenticated)
# Exploit Title: MoziloCMS 3.0 - Remote Code Execution (RCE)
# Date: 10/09/2024
# Exploit Author: Secfortress (https://github.com/sec-fortress)
# Vendor Homepage: https://mozilo.de/

View file

@ -1,4 +1,4 @@
# Exploit Title: X2CRM v8.5 Stored Cross-Site Scripting (XSS) (Authenticated)
# Exploit Title: X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
# Date: 12 September 2024
# Exploit Author: Okan Kurtulus
# Vendor Homepage: https://x2engine.com/

View file

@ -1,4 +1,4 @@
# Exploit Title: Litespeed unauthorized account takeover
# Exploit Title: Litespeed Cache 6.5.0.1 - Authentication Bypass
# Google Dork: [if applicable]
# Date: reported on 17 September 2024
# Exploit Author: Gnzls

View file

@ -1,6 +1,4 @@
########PROOF OF CONCEPT####################
# CVE: CVE-2024-8945
# Exploit Title: RISE Ultimate Project Manager 3.7 sql injection POC
# Exploit Title: CodeCanyon RISE CRM 3.7.0 - SQL Injection
# Google Dork: N/A
# Date: September 19, 2024
# Exploit Author: Jobyer Ahmed
@ -9,7 +7,7 @@
# Patched Version: 3.7.1
# Tested on: Ubuntu 24.04, Debian Testing
##########################################
# CVE: CVE-2024-8945
############Instruction#######################
# 1. Login to Ultimate Project Manager 3.7
# 2. Add a New Dashboard

View file

@ -1,4 +1,4 @@
# Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17
# Exploit Title: Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
# Date: 09/2024
# Exploit Author: Haythem Arfaoui (CBTW Team)
# Vendor Homepage: https://www.elaine.io/

View file

@ -1,5 +1,4 @@
ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete
# Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
Vendor: ABB Ltd.
Product web page: https://www.global.abb

View file

@ -1,4 +1,4 @@
ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin
# Exploit Title : ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
Vendor: ABB Ltd.

View file

@ -1,6 +1,4 @@
# Exploit Title: CVE-2024-2054 Artica-Proxy administrative web
application insecure deserialization (RCE)
# Google Dork:
# Exploit Title: Artica Proxy 4.50 - Remote Code Execution (RCE)
# Date: 23-04-2024
# Exploit Author: Madan
# Vendor Homepage: https://artica-proxy.com/

View file

@ -1,5 +1,4 @@
# Exploit Title: ResidenceCMS <= 2.10.1 Stored Cross-Site Scripting
via Content Form
# Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)
# Date: 8-7-2024
# Category: Web Application
# Exploit Author: Jeremia Geraldi Sihombing

View file

@ -1,18 +1,18 @@
## Exploit Title: ChurchCRM v4.5.3-121fcc1 - SQL Injection
# Exploit Title: ChurchCRM 5.9.1 - SQL Injection
## Author: Sanan Qasimzada
# Author: Sanan Qasimzada
## Date: 06.07.2024
# Date: 06.07.2024
## Vendor: http://churchcrm.io/
# Vendor: http://churchcrm.io/
## Software: https://github.com/ChurchRM/CRM
# Software: https://github.com/ChurchRM/CRM
## Reference: https://portswigger.net/web-security/sql-injection
# Reference: https://portswigger.net/web-security/sql-injection
## Description:
# Description:
In the manual insertion point 1 - parameter `EID` appears to be
@ -85,7 +85,7 @@ UNION ALL SELECT
## Reproduce:
# Reproduce:
[href](
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ChurchCRM/2023/ChurchCRM-4.5.3-121fcc1
@ -93,13 +93,13 @@ https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ChurchCRM/202
## Proof and Exploit:
# Proof and Exploit:
[href](https://streamable.com/1eqhw2)
## Time spend:
# Time spend:
01:00:00

View file

@ -1,5 +1,4 @@
# Exploit Title: pz-frontend-manager <= 1.0.5 - CSRF change user profile
picture
# Exploit Title: PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
# Date: 2024-07-01
# Exploit Author: Vuln Seeker Cybersecurity Team
# Vendor Homepage: https://wordpress.org/plugins/pz-frontend-manager/

View file

@ -1,4 +1,4 @@
# Exploit Title: Blind SQL Injection - FengOffice
# Exploit Title: Feng Office 3.11.1.2 - SQL Injection
# Date: 7/2024
# Exploit Author: Andrey Stoykov
# Version: 3.11.1.2

View file

@ -1,4 +1,4 @@
#!/usr/bin/env python3
# Exploit Title : Centron 19.04 - Remote Code Execution (RCE)
# Tested on Centreon API 19.04.0
# Centreon 19.04 - Login Password Bruteforcer
# Written on 6 Nov 2019
@ -8,6 +8,8 @@
# Centreon Download Link: https://download.centreon.com/#version-Older
# Dependencies: sys, requests, argparse, termcolor, os
#!/usr/bin/env python3
import sys
import requests
import argparse

View file

@ -1,4 +1,4 @@
# Exploit Title: PandoraFMS console v7.0NG.772 - SQL Injection (Authenticated)
# Exploit Title: PandoraFMS 7.0NG.772 - SQL Injection
# Date: 21/11/2023
# Exploit Author: Osama Yousef
# Vendor Homepage: https://pandorafms.com/

View file

@ -1,4 +1,4 @@
# Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0
# Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)
# Date: 2024-08-15
# Exploit Author: Raj Nandi
# Vendor Homepage: https://codeastro.com/

View file

@ -1,14 +1,14 @@
// Exploit Title: Typecho <= 1.3.0 Race Condition
// Google Dork: intext:"Powered by Typecho" inurl:/index.php
// Date: 18/08/2024
// Exploit Author: Michele 'cyberaz0r' Di Bonaventura
// Vendor Homepage: https://typecho.org
// Software Link: https://github.com/typecho/typecho
// Version: 1.3.0
// Tested on: Typecho 1.3.0 Docker Image with PHP 7.4 (https://hub.docker.com/r/joyqi/typecho)
// CVE: CVE-2024-35539
# Exploit Title: Typecho 1.3.0 - Race Condition
# Google Dork: intext:"Powered by Typecho" inurl:/index.php
# Date: 18/08/2024
# Exploit Author: Michele 'cyberaz0r' Di Bonaventura
# Vendor Homepage: https://typecho.org
# Software Link: https://github.com/typecho/typecho
# Version: 1.3.0
# Tested on: Typecho 1.3.0 Docker Image with PHP 7.4 (https://hub.docker.com/r/joyqi/typecho)
# CVE: CVE-2024-35539
// For more information, visit the blog post: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
# For more information, visit the blog post: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
package main

View file

@ -1,14 +1,14 @@
// Exploit Title: Typecho <= 1.3.0 Stored Cross-Site Scripting (XSS)
// Google Dork: intext:"Powered by Typecho" inurl:/index.php
// Date: 18/08/2024
// Exploit Author: Michele 'cyberaz0r' Di Bonaventura
// Vendor Homepage: https://typecho.org
// Software Link: https://github.com/typecho/typecho
// Version: 1.3.0
// Tested on: Typecho 1.3.0 Docker Image with PHP 7.4 (https://hub.docker.com/r/joyqi/typecho)
// CVE: CVE-2024-35540
# Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
# Google Dork: intext:"Powered by Typecho" inurl:/index.php
# Date: 18/08/2024
# Exploit Author: Michele 'cyberaz0r' Di Bonaventura
# Vendor Homepage: https://typecho.org
# Software Link: https://github.com/typecho/typecho
# Version: 1.3.0
# Tested on: Typecho 1.3.0 Docker Image with PHP 7.4 (https://hub.docker.com/r/joyqi/typecho)
# CVE: CVE-2024-35540
// For more information, visit the blog post: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
# For more information, visit the blog post: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
package main

View file

@ -1,4 +1,4 @@
# Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution (RCE) (Unauthenticated)
# Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution (RCE)
# Date: 2024-10-25
# Exploit Author: Eui Chul Chung
# Vendor Homepage: https://www.aquila-cms.com/

View file

@ -1,11 +1,11 @@
# Exploit Title: [flatCore Arbitrary .php File Upload via acp/acp.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/flatCore/flatCore-CMS]
# Software Link: [https://github.com/flatCore/flatCore-CMS]
# Version: [1.5.5]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2019-10652]
# Exploit Title: flatCore 1.5.5 - Arbitrary File Upload
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/flatCore/flatCore-CMS
# Software Link: https://github.com/flatCore/flatCore-CMS
# Version: 1.5.5
# Tested on: Ubuntu Windows
# CVE : CVE-2019-10652
PoC
1)
1. Access the flatCore Admin Panel

View file

@ -1,11 +1,11 @@
# Exploit Title: [ flatCore < 1.5 CSRF Vulnerability for Arbitrary .php File Upload via files.upload-script.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/flatCore/flatCore-CMS]
# Software Link: [https://github.com/flatCore/flatCore-CMS]
# Version: [d3a5168]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2019-13961]
# Exploit Title: flatCore 1.5 - Cross Site Request Forgery (CSRF)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/flatCore/flatCore-CMS
# Software Link: https://github.com/flatCore/flatCore-CMS
# Version: d3a5168
# Tested on: Ubuntu Windows
# CVE : CVE-2019-13961
PoC:
<!DOCTYPE html>

View file

@ -1,11 +1,11 @@
# Exploit Title: [Gnuboard5 <= 5.3.2.8 SQL Injection via table_prefix Parameter]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/gnuboard/gnuboard5]
# Software Link: [https://github.com/gnuboard/gnuboard5]
# Version: [5.3.2.8]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2020-18662]
# Exploit Title: Gnuboard5 5.3.2.8 - SQL Injection
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/gnuboard/gnuboard5
# Software Link: https://github.com/gnuboard/gnuboard5
# Version: 5.3.2.8
# Tested on: Ubuntu Windows
# CVE : CVE-2020-18662
PoC:
1)

View file

@ -1,11 +1,11 @@
# Exploit Title: [GetSimpleCMS < 3.3.16 Remote Code Execution via PHAR File Upload in admin/upload.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/GetSimpleCMS/GetSimpleCMS]
# Software Link: [https://github.com/GetSimpleCMS/GetSimpleCMS]
# Version: [3.3.16]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2021-28976]
# Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS
# Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS
# Version: 3.3.16
# Tested on: Ubuntu Windows
# CVE : CVE-2021-28976
PoC-1:
1)Create a .phar file.

View file

@ -1,13 +1,14 @@
# Exploit Title: [RosarioSIS < 7.6.1 Unauthenticated SQL Injection via votes Parameter in PortalPollsNotes.fnc.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://gitlab.com/francoisjacquet/rosariosis]
# Software Link: [https://gitlab.com/francoisjacquet/rosariosis]
# Version: [7.6]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2021-44567]
# Exploit Title: RosarioSIS 7.6 - SQL Injection
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis
# Software Link: https://gitlab.com/francoisjacquet/rosariosis
# Version: 7.6
# Tested on: Ubuntu Windows
# CVE : CVE-2021-44567
PoC:
POST /ProgramFunctions/PortalPollsNotes.fnc.php HTTP/1.1
X-Requested-With: XMLHttpRequest

View file

@ -1,9 +1,4 @@
My name: Francisco Moraga (BTshell)
@BTshell
https://www.linkedin.com/in/btshell/
# Exploit Title: LearnPress WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
# Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
# Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7"
# Date: [Current Date, e.g., October 30, 2024]
# Exploit Author: [Your Name or Username]

View file

@ -1,4 +1,4 @@
# Exploit Title: Roundcube mail server exploit for CVE-2024-37383 (Stored XSS)
# Exploit Title: Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
# Google Dork:
# Exploit Author: AmirZargham
# Vendor Homepage: Roundcube - Free and Open Source Webmail Software

View file

@ -1,4 +1,4 @@
# Exploit Title: NEWS-BUZZ News Management System - SQL Injection
# Exploit Title: NEWS-BUZZ News Management System 1.0 - SQL Injection
# Google Dork: N/A
# Exploit Author: egsec
# Date: 2024-11-03

View file

@ -1,16 +1,15 @@
# Exploit Title: [MiniCMS 1.1 Cross-Site Scripting (XSS) in date Parameter of mc-admin/page.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/bg5sbk/MiniCMS]
# Software Link: [https://github.com/bg5sbk/MiniCMS]
# Version: [1.10]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2018-1000638]
# Exploit Title: MiniCMS 1.1 - Cross Site Scripting (XSS)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/bg5sbk/MiniCMS
# Software Link: https://github.com/bg5sbk/MiniCMS
# Version: 1.10
# Tested on: Ubuntu Windows
# CVE : CVE-2018-1000638
PoC:
GET http://minicms/mc-admin/page.php?date=\"><script>alert('XSS')</script>
Details:
{ "Sink": "echo $filter_date;", "Vulnerable Variable": "filter_date", "Source": "GET parameter 'date'", "Sanitization Mechanisms Before Patch": "None (directly echoed without encoding)", "Sink Context Constraints": "Injected in HTML attribute (URL query string)", "Attack Payload": ""><script>alert('XSS')</script>", "Execution Path Constraints": "The 'date' GET parameter must be set in the URL query string and passed without filtering", "Request URL": "http://minicms/mc-admin/page.php?date=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E", "Request Parameter":"date","Request Method": "GET", "Final PoC": "http://minicms/mc-admin/page.php?date=\"><script>alert('XSS')</script>" }
"Sink": "echo $filter_date;", "Vulnerable Variable": "filter_date", "Source": "GET parameter 'date'", "Sanitization Mechanisms Before Patch": "None (directly echoed without encoding)", "Sink Context Constraints": "Injected in HTML attribute (URL query string)", "Attack Payload": ""><script>alert('XSS')</script>", "Execution Path Constraints": "The 'date' GET parameter must be set in the URL query string and passed without filtering", "Request URL": "http://minicms/mc-admin/page.php?date=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E", "Request Parameter":"date","Request Method": "GET", "Final PoC": "http://minicms/mc-admin/page.php?date=\"><script>alert('XSS')</script>"
[Replace Your Domain Name]

View file

@ -1,16 +1,16 @@
# Exploit Title: [phpIPAM 1.6 Reflected XSS via closeClass Parameter in popup.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/phpipam/phpipam]
# Software Link: [https://github.com/phpipam/phpipam]
# Version: [1.5.1]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2023-24657]
# Exploit Title: phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpipam/phpipam
# Software Link: https://github.com/phpipam/phpipam
# Version: 1.5.1
# Tested on: Ubuntu Windows
# CVE : CVE-2023-24657
PoC:
1)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
2)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22
Details:
{
"Sink": "print @$_REQUEST['closeClass']",
"Vulnerable Variable": "closeClass",
"Source": "$_REQUEST['closeClass']",
@ -21,7 +21,7 @@ Details:
"Request URL": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22",
"Request Method": "GET",
"Final PoC": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22"
}
[Replace Your Domain Name]

View file

@ -1,4 +1,4 @@
# Exploit Title: CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server
# Exploit Title: Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
# Fofa Dork: "HttpFileServer" && server=="HFS 2.3m"
# Date: 2024-09-22
# Exploit Author: VeryLazyTech

View file

@ -1,4 +1,4 @@
# Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability
# Exploit Title: Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://www.office.com/
# Software Link: https://www.office.com/

View file

@ -3760,9 +3760,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51850,exploits/hardware/remote/51850.txt,"Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)",2024-03-03,"Alok kumar",remote,hardware,,2024-03-03,2024-03-03,0,,,,,,
40120,exploits/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution / Escalate Privileges",2016-07-17,b0yd,remote,hardware,,2016-07-18,2016-12-09,0,CVE-2016-3989;CVE-2016-3962,,,,,https://www.securifera.com/blog/2016/07/17/time-to-patch-rce-on-meinberg-ntp-time-server/
40589,exploits/hardware/remote/40589.html,"MiCasaVerde VeraLite - Remote Code Execution",2016-10-20,"Jacob Baines",remote,hardware,,2016-10-20,2016-10-27,0,CVE-2013-4863;CVE-2016-6255,,,,,
52119,exploits/hardware/remote/52119.NA,"Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection",2025-04-04,"Armando Huesca Prida",remote,hardware,,2025-04-04,2025-04-04,0,CVE-2024-9054,,,,,
52120,exploits/hardware/remote/52120.NA,"Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)",2025-04-04,"Armando Huesca Prida",remote,hardware,,2025-04-04,2025-04-04,0,CVE-2024-43687,,,,,
52122,exploits/hardware/remote/52122.NA,"Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection",2025-04-05,"Armando Huesca Prida",remote,hardware,,2025-04-05,2025-04-05,0,CVE-2024-7801,,,,,
52119,exploits/hardware/remote/52119.NA,"Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection",2025-04-04,"Armando Huesca Prida",remote,hardware,,2025-04-04,2025-04-13,0,CVE-2024-9054,,,,,
52120,exploits/hardware/remote/52120.NA,"Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)",2025-04-04,"Armando Huesca Prida",remote,hardware,,2025-04-04,2025-04-13,0,CVE-2024-43687,,,,,
52122,exploits/hardware/remote/52122.NA,"Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection",2025-04-05,"Armando Huesca Prida",remote,hardware,,2025-04-05,2025-04-13,0,CVE-2024-7801,,,,,
45040,exploits/hardware/remote/45040.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials",2018-07-17,LiquidWorm,remote,hardware,,2018-07-17,2018-07-17,0,,,,,,
45578,exploits/hardware/remote/45578.cpp,"MicroTik RouterOS < 6.43rc3 - Remote Root",2018-10-10,"Jacob Baines",remote,hardware,,2018-10-10,2018-10-10,0,CVE-2018-14847,Remote,,,,
41718,exploits/hardware/remote/41718.txt,"Miele Professional PG 8528 - Directory Traversal",2017-03-24,"Jens Regel",remote,hardware,,2017-03-24,2017-03-24,0,CVE-2017-7240,,,,,
@ -5471,7 +5471,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
39886,exploits/java/webapps/39886.txt,"Apache Continuum 1.4.2 - Multiple Vulnerabilities",2016-06-06,"David Shanahan",webapps,java,,2016-06-06,2016-06-14,1,,,,,http://www.exploit-db.comapache-continuum-1.4.2-bin.tar.gz,
49398,exploits/java/webapps/49398.rb,"Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)",2021-01-08,"SunCSR Team",webapps,java,,2021-01-08,2021-01-08,1,CVE-2020-17519,,,,,
48978,exploits/java/webapps/48978.py,"Apache Flink 1.9.x - File Upload RCE (Unauthenticated)",2020-11-02,bigger.wing,webapps,java,,2020-11-02,2020-11-02,0,,,,,,
52149,exploits/java/webapps/52149.py,"Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)",2025-04-09,"Yesith Alvarez",webapps,java,,2025-04-09,2025-04-09,0,CVE-2024-27348,,,,,
52149,exploits/java/webapps/52149.py,"Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)",2025-04-09,"Yesith Alvarez",webapps,java,,2025-04-09,2025-04-13,0,CVE-2024-27348,,,,,
37110,exploits/java/webapps/37110.py,"Apache JackRabbit - WebDAV XML External Entity",2015-05-26,"Mikhail Egorov",webapps,java,8080,2015-05-26,2017-11-02,0,CVE-2015-1833;OSVDB-122382,,,,,
45673,exploits/java/webapps/45673.py,"Apache OFBiz 16.11.04 - XML External Entity Injection",2018-10-24,"Jamie Parfet",webapps,java,,2018-10-24,2018-10-25,0,,"XML External Entity (XXE)",,,,
48408,exploits/java/webapps/48408.txt,"Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)",2020-05-01,"Faiz Ahmed Zaidi",webapps,java,,2020-05-01,2020-05-01,0,CVE-2019-0235,,,,,
@ -5514,7 +5514,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50952,exploits/java/webapps/50952.py,"Confluence Data Center 7.18.0 - Remote Code Execution (RCE)",2022-06-10,"Fellipe Oliveira",webapps,java,,2022-06-10,2022-06-10,0,CVE-2022-26134,,,,,
50243,exploits/java/webapps/50243.py,"Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)",2021-09-01,"Fellipe Oliveira",webapps,java,,2021-09-01,2021-09-01,0,CVE-2021-26084,,,,,
36548,exploits/java/webapps/36548.txt,"Contus Job Portal - 'Category' SQL Injection",2012-01-13,Lazmania61,webapps,java,,2012-01-13,2015-03-30,1,,,,,,https://www.securityfocus.com/bid/51404/info
52128,exploits/java/webapps/52128.py,"DataEase 2.4.0 - Database Configuration Information Exposure",2025-04-06,ByteHunter,webapps,java,,2025-04-06,2025-04-06,0,CVE-2024-30269,,,,,
52128,exploits/java/webapps/52128.py,"DataEase 2.4.0 - Database Configuration Information Exposure",2025-04-06,ByteHunter,webapps,java,,2025-04-06,2025-04-13,0,CVE-2024-30269,,,,,
33048,exploits/java/webapps/33048.txt,"DirectAdmin 1.33.6 - 'CMD_REDIRECT' Cross-Site Scripting",2009-05-19,r0t,webapps,java,,2009-05-19,2014-04-27,1,CVE-2009-2216;OSVDB-55296,,,,,https://www.securityfocus.com/bid/35450/info
34293,exploits/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Cross-Site Scripting",2010-07-12,"David K",webapps,java,,2010-07-12,2014-08-08,1,,,,,,https://www.securityfocus.com/bid/41541/info
33286,exploits/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Cross-Site Scripting",2009-10-14,"Michele Orru",webapps,java,,2009-10-14,2014-05-10,1,CVE-2009-4521;OSVDB-58941,,,,,https://www.securityfocus.com/bid/36674/info
@ -10404,7 +10404,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
52186,exploits/multiple/hardware/52186.txt,"ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)",2025-04-11,LiquidWorm,hardware,multiple,,2025-04-11,2025-04-11,0,CVE-2024-48841,,,,,
52178,exploits/multiple/hardware/52178.txt,"ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure",2025-04-11,LiquidWorm,hardware,multiple,,2025-04-11,2025-04-11,0,CVE-2024-48852,,,,,
52184,exploits/multiple/hardware/52184.txt,"ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning",2025-04-11,LiquidWorm,hardware,multiple,,2025-04-11,2025-04-11,0,CVE-2024-48849,,,,,
52160,exploits/multiple/hardware/52160.py,"Cosy+ firmware 21.2s7 - Command Injection",2025-04-10,CodeB0ss,hardware,multiple,,2025-04-10,2025-04-10,0,CVE-2024-33896,,,,,
52160,exploits/multiple/hardware/52160.py,"Cosy+ firmware 21.2s7 - Command Injection",2025-04-10,CodeB0ss,hardware,multiple,,2025-04-10,2025-04-13,0,CVE-2024-33896,,,,,
52183,exploits/multiple/hardware/52183.txt,"Netman 204 - Remote command without authentication",2025-04-11,"Parsa Rezaie Khiabanloo",hardware,multiple,,2025-04-11,2025-04-11,0,,,,,,
11651,exploits/multiple/local/11651.sh,"(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Local Privilege Escalation",2010-03-07,kingcope,local,multiple,,2010-03-06,,1,,,,,,
51849,exploits/multiple/local/51849.py,"A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc",2024-03-03,"George Washington",local,multiple,,2024-03-03,2024-03-03,0,,,,,,
@ -10647,7 +10647,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
21116,exploits/multiple/remote/21116.pl,"Amtote Homebet - Account Information Brute Force",2001-09-28,"Gary O'Leary-Steele",remote,multiple,,2001-09-28,2012-09-06,1,CVE-2001-1528;OSVDB-20236,,,,,https://www.securityfocus.com/bid/3371/info
21115,exploits/multiple/remote/21115.pl,"AmTote Homebet - World Accessible Log",2001-09-28,"Gary O'Leary-Steele",remote,multiple,,2001-09-28,2012-09-06,1,CVE-2001-1170;OSVDB-9788,,,,,https://www.securityfocus.com/bid/3370/info
22130,exploits/multiple/remote/22130.txt,"AN HTTPD 1.41 e - Cross-Site Scripting",2003-01-06,D4rkGr3y,remote,multiple,,2003-01-06,2012-10-21,1,CVE-2003-1271;OSVDB-59639,,,,,https://www.securityfocus.com/bid/6529/info
52121,exploits/multiple/remote/52121.py,"Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)",2025-04-04,"Ravindu Wickramasinghe",remote,multiple,,2025-04-04,2025-04-04,0,CVE-2024-42640,,,,,
52121,exploits/multiple/remote/52121.py,"Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)",2025-04-04,"Ravindu Wickramasinghe",remote,multiple,,2025-04-04,2025-04-13,0,CVE-2024-42640,,,,,
33497,exploits/multiple/remote/33497.txt,"AOLServer Terminal 4.5.1 - Escape Sequence in Logs Command Injection",2010-01-11,evilaliv3,remote,multiple,,2010-01-11,2014-05-26,1,CVE-2009-4494;OSVDB-61772,,,,,https://www.securityfocus.com/bid/37712/info
18442,exploits/multiple/remote/18442.html,"Apache - httpOnly Cookie Disclosure",2012-01-31,pilate,remote,multiple,,2012-01-31,2012-01-31,1,CVE-2012-0053;OSVDB-78556,,,,,https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08
21067,exploits/multiple/remote/21067.c,"Apache 1.0/1.2/1.3 - Server Address Disclosure",2001-08-21,magnum,remote,multiple,,2001-08-21,2012-09-04,1,OSVDB-86902,,,,,https://www.securityfocus.com/bid/3169/info
@ -11088,7 +11088,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
17068,exploits/multiple/remote/17068.py,"jHTTPd 0.1a - Directory Traversal",2011-03-29,"AutoSec Tools",remote,multiple,,2011-03-29,2011-03-29,0,,,,,,
25191,exploits/multiple/remote/25191.txt,"JoWood Chaser 1.0/1.50 - Remote Buffer Overflow",2005-03-07,"Luigi Auriemma",remote,multiple,,2005-03-07,2013-05-06,1,,,,,,https://www.securityfocus.com/bid/12733/info
24981,exploits/multiple/remote/24981.txt,"JPegToAvi 1.5 - File List Buffer Overflow",2004-12-15,"James Longstreet",remote,multiple,,2004-12-15,2013-04-30,1,,,,,,https://www.securityfocus.com/bid/11976/info
52158,exploits/multiple/remote/52158.py,"K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)",2025-04-10,"M. Akil Gündoğan",remote,multiple,,2025-04-10,2025-04-10,0,CVE-2024-36424,,,,,
52158,exploits/multiple/remote/52158.py,"K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)",2025-04-10,"M. Akil Gündoğan",remote,multiple,,2025-04-10,2025-04-13,0,CVE-2024-36424,,,,,
11817,exploits/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)",2010-03-20,emgent,remote,multiple,,2010-03-19,,1,,,,,,
24414,exploits/multiple/remote/24414.txt,"Keene Digital Media Server 1.0.2 - Directory Traversal",2004-08-26,"GulfTech Security",remote,multiple,,2004-08-26,2018-01-05,1,"BID: 11057;GTSA-00044",,,,,http://gulftech.org/advisories/Digital%20Media%20Server%20Arbitrary%20File%20Access/44
20181,exploits/multiple/remote/20181.txt,"Kerberos 4 4.0/5 5.0 - KDC Spoofing",2000-08-28,"Dug Song",remote,multiple,,2000-08-28,2012-08-05,1,OSVDB-84635,,,,,https://www.securityfocus.com/bid/1616/info
@ -11665,8 +11665,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
44151,exploits/multiple/remote/44151.txt,"μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure",2018-02-20,"Google Security Research",remote,multiple,,2018-02-20,2018-02-21,1,,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
34111,exploits/multiple/webapps/34111.txt,"(GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections",2010-06-09,"L0rd CrusAd3r",webapps,multiple,,2010-06-09,2014-07-19,1,,,,,,https://www.securityfocus.com/bid/40676/info
33760,exploits/multiple/webapps/33760.txt,"(Multiple Products) - 'banner.swf' Cross-Site Scripting",2010-03-15,MustLive,webapps,multiple,,2010-03-15,2014-06-15,1,,,,,,https://www.securityfocus.com/bid/38732/info
52115,exploits/multiple/webapps/52115.NA,"ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated)",2025-04-03,LiquidWorm,webapps,multiple,,2025-04-03,2025-04-03,0,CVE-na,,,,,
52107,exploits/multiple/webapps/52107.NA,"ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)",2025-04-02,LiquidWorm,webapps,multiple,,2025-04-02,2025-04-02,0,CVE-2024-6298,,,,,
52115,exploits/multiple/webapps/52115.NA,"ABB Cylon Aspect 3.07.02 - File Disclosure",2025-04-03,LiquidWorm,webapps,multiple,,2025-04-03,2025-04-13,0,CVE-na,,,,,
52107,exploits/multiple/webapps/52107.NA,"ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)",2025-04-02,LiquidWorm,webapps,multiple,,2025-04-02,2025-04-13,0,CVE-2024-6298,,,,,
43378,exploits/multiple/webapps/43378.py,"Ability Mail Server 3.3.2 - Cross-Site Scripting",2017-12-20,"Aloyce J. Makalanga",webapps,multiple,,2017-12-20,2017-12-20,0,CVE-2017-17752,,,,http://www.exploit-db.comams3.exe,
49298,exploits/multiple/webapps/49298.txt,"Academy-LMS 4.3 - Stored XSS",2020-12-21,"Vinicius Alves",webapps,multiple,,2020-12-21,2022-06-03,0,,,,,,
49991,exploits/multiple/webapps/49991.txt,"Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)",2021-06-14,"Abdulazeez Alaseeri",webapps,multiple,,2021-06-14,2021-06-14,0,CVE-2021-34369,,,,,
@ -11805,7 +11805,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50601,exploits/multiple/webapps/50601.txt,"Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration",2021-12-16,"Daniel Morales",webapps,multiple,,2021-12-16,2021-12-16,0,CVE-2021-44848,,,,,
11403,exploits/multiple/webapps/11403.txt,"Cisco Collaboration Server 5 - Cross-Site Scripting / Source Code Disclosure",2010-02-11,s4squatch,webapps,multiple,80,2010-02-10,,1,OSVDB-62460;CVE-2010-0642;OSVDB-62459;CVE-2010-0641,,,,,
44324,exploits/multiple/webapps/44324.py,"Cisco node-jos < 0.11.0 - Re-sign Tokens",2018-03-20,zioBlack,webapps,multiple,,2018-03-21,2019-07-25,0,CVE-2018-0114,,,,,https://github.com/zi0Black/POC-CVE-2018-0114/tree/d3bddb421726a9eddbabfd6a1ca58ff4abca93af
52155,exploits/multiple/webapps/52155.py,"Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover",2025-04-10,"Mohammed Adel",webapps,multiple,,2025-04-10,2025-04-10,0,CVE-2024-20419,,,,,
52155,exploits/multiple/webapps/52155.py,"Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover",2025-04-10,"Mohammed Adel",webapps,multiple,,2025-04-10,2025-04-13,0,CVE-2024-20419,,,,,
37816,exploits/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",webapps,multiple,,2015-08-18,2015-08-18,0,CVE-2014-8008;CVE-2014-6271;OSVDB-126132;OSVDB-126131;OSVDB-117422,,,,,http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
48975,exploits/multiple/webapps/48975.py,"Citadel WebCit < 926 - Session Hijacking Exploit",2020-10-30,"Simone Quatrini",webapps,multiple,,2020-10-30,2020-10-30,0,,,,,,
47930,exploits/multiple/webapps/47930.txt,"Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal",2020-01-16,"Dhiraj Mishra",webapps,multiple,,2020-01-16,2020-01-16,0,CVE-2019-19781,,,,,
@ -11847,7 +11847,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
18473,exploits/multiple/webapps/18473.txt,"Cyberoam Central Console 2.00.2 - Remote File Inclusion",2012-02-08,Vulnerability-Lab,webapps,multiple,,2012-02-08,2012-02-08,0,OSVDB-79326;CVE-2012-1047,,,,,https://www.vulnerability-lab.com/get_content.php?id=405
47063,exploits/multiple/webapps/47063.html,"CyberPanel 1.8.4 - Cross-Site Request Forgery",2019-07-01,"Bilgi Birikim Sistemleri",webapps,multiple,,2019-07-01,2019-07-03,0,,"Cross-Site Request Forgery (CSRF)",,,,
50230,exploits/multiple/webapps/50230.py,"CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated)",2021-08-27,"numan türle",webapps,multiple,,2021-08-27,2021-08-27,0,,,,,,
52172,exploits/multiple/webapps/52172.py,"CyberPanel 2.3.6 - Remote Code Execution (RCE)",2025-04-11,"Luka Petrovic (refr4g)",webapps,multiple,,2025-04-11,2025-04-11,0,CVE-2024-51378,,,,,
52172,exploits/multiple/webapps/52172.py,"CyberPanel 2.3.6 - Remote Code Execution (RCE)",2025-04-11,"Luka Petrovic (refr4g)",webapps,multiple,,2025-04-11,2025-04-13,0,CVE-2024-51378,,,,,
50909,exploits/multiple/webapps/50909.txt,"Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)",2022-05-11,"Tin Pham",webapps,multiple,,2022-05-11,2022-05-11,0,CVE-2021-31673,,,,,
50908,exploits/multiple/webapps/50908.txt,"Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)",2022-05-11,"Tin Pham",webapps,multiple,,2022-05-11,2022-05-11,0,CVE-2021-31674,,,,,
43847,exploits/multiple/webapps/43847.py,"DarkComet (C2 Server) - File Upload",2018-01-15,"Pseudo Laboratories",webapps,multiple,,2018-01-21,2018-01-21,0,,Malware,,,,https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/
@ -11983,7 +11983,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
15473,exploits/multiple/webapps/15473.html,"IBM OmniFind - Cross-Site Request Forgery",2010-11-09,"Fatih Kilic",webapps,multiple,,2010-11-09,2010-11-09,0,CVE-2010-3891;OSVDB-69083,,,,,
46017,exploits/multiple/webapps/46017.txt,"IBM Operational Decision Manager 8.x - XML External Entity Injection",2018-12-19,"Mohamed M.Fouad",webapps,multiple,9443,2018-12-19,2018-12-19,1,CVE-2018-1821,"XML External Entity (XXE)",,,,
32631,exploits/multiple/webapps/32631.txt,"IBM Rational ClearCase 7/8 - Cross-Site Scripting",2008-12-01,IBM,webapps,multiple,,2008-12-01,2014-04-01,1,CVE-2008-5330;OSVDB-50369,,,,,https://www.securityfocus.com/bid/32574/info
52123,exploits/multiple/webapps/52123.NA,"IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow",2025-04-05,"Giulio Garzia",webapps,multiple,,2025-04-05,2025-04-05,0,CVE-2024-35133,,,,,
52123,exploits/multiple/webapps/52123.NA,"IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow",2025-04-05,"Giulio Garzia",webapps,multiple,,2025-04-05,2025-04-13,0,CVE-2024-35133,,,,,
45190,exploits/multiple/webapps/45190.txt,"IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting",2018-08-13,"Vikas Khanna",webapps,multiple,,2018-08-13,2018-08-13,1,CVE-2018-1563;CVE-2018-1513,,,,,
34908,exploits/multiple/webapps/34908.txt,"IBM Tivoli Access Manager for E-Business - '/ibm/wpm/acl?method' Cross-Site Scripting",2010-10-22,IBM,webapps,multiple,,2010-10-22,2014-10-06,1,CVE-2010-4120;OSVDB-68885,,,,,https://www.securityfocus.com/bid/44382/info
34909,exploits/multiple/webapps/34909.txt,"IBM Tivoli Access Manager for E-Business - '/ibm/wpm/domain?method' Cross-Site Scripting",2010-10-22,IBM,webapps,multiple,,2010-10-22,2014-10-06,1,CVE-2010-4120;OSVDB-68886,,,,,https://www.securityfocus.com/bid/44382/info
@ -12008,7 +12008,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49351,exploits/multiple/webapps/49351.html,"IncomCMS 2.0 - Insecure File Upload",2021-01-05,MoeAlBarbari,webapps,multiple,,2021-01-05,2021-01-05,0,CVE-2020-29597,,,,,
48693,exploits/multiple/webapps/48693.go,"INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution",2020-07-26,"Patrick Hener",webapps,multiple,,2020-07-26,2020-07-26,0,CVE-2020-15492,,,,,
34408,exploits/multiple/webapps/34408.txt,"Innovaphone PBX Admin-GUI - Cross-Site Request Forgery",2014-08-25,"Rainer Giedat",webapps,multiple,80,2014-08-25,2014-08-25,0,CVE-2014-5335;OSVDB-110269,,,,,
52151,exploits/multiple/webapps/52151.txt,"Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)",2025-04-09,"Andrew Lemon/Red Threat",webapps,multiple,,2025-04-09,2025-04-09,0,CVE-2024-38944,,,,,
52151,exploits/multiple/webapps/52151.txt,"Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)",2025-04-09,"Andrew Lemon/Red Threat",webapps,multiple,,2025-04-09,2025-04-13,0,CVE-2024-38944,,,,,
14004,exploits/multiple/webapps/14004.txt,"Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation",2010-06-23,"Ivan Huertas",webapps,multiple,,2010-06-23,2010-06-23,1,OSVDB-65973,,cybsec_advisory_2010_0604_InterScan_Web_Security_5_0_Local_Privilege_Escalation.pdf,,,
14001,exploits/multiple/webapps/14001.txt,"Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download",2010-06-23,"Ivan Huertas",webapps,multiple,,2010-06-23,2010-06-23,1,OSVDB-65774,,cybsec_advisory_2010_0606_InterScan_Web_Security_5_0_Arbitrary_File_Download.pdf,,,
49188,exploits/multiple/webapps/49188.txt,"Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting",2020-12-03,"Hemant Patidar",webapps,multiple,,2020-12-03,2021-01-06,0,CVE-2020-29477,,,,,
@ -12051,7 +12051,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
44487,exploits/multiple/webapps/44487.txt,"Kodi 17.6 - Persistent Cross-Site Scripting",2018-04-18,"Manuel García Cárdenas",webapps,multiple,,2018-04-18,2018-04-18,0,CVE-2018-8831,"Cross-Site Scripting (XSS)",,,,
50521,exploits/multiple/webapps/50521.py,"KONGA 0.14.9 - Privilege Escalation",2021-11-15,"Fabricio Salomao",webapps,multiple,,2021-11-15,2021-11-15,0,,,,,http://www.exploit-db.comkonga-0.14.9.zip,
34224,exploits/multiple/webapps/34224.txt,"Kryn.cms 6.0 - Cross-Site Request Forgery / HTML Injection",2010-06-29,TurboBorland,webapps,multiple,,2010-06-29,2014-08-01,1,,,,,,https://www.securityfocus.com/bid/41229/info
52097,exploits/multiple/webapps/52097.NA,"KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)",2025-03-27,"Okan Kurtulus",webapps,multiple,,2025-03-27,2025-03-27,0,CVE-2024-46528,,,,,https://github.com/advisories/GHSA-p26r-gfgc-c47h
52097,exploits/multiple/webapps/52097.NA,"KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)",2025-03-27,"Okan Kurtulus",webapps,multiple,,2025-03-27,2025-04-13,0,CVE-2024-46528,,,,,https://github.com/advisories/GHSA-p26r-gfgc-c47h
52125,exploits/multiple/webapps/52125.py,"Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)",2025-04-05,4m3rr0r,webapps,multiple,,2025-04-05,2025-04-05,0,CVE-2025-2294,,,,,
49733,exploits/multiple/webapps/49733.txt,"Latrix 0.6.0 - 'txtaccesscode' SQL Injection",2021-04-01,cptsticky,webapps,multiple,,2021-04-01,2021-04-01,0,,,,,,
48453,exploits/multiple/webapps/48453.txt,"LibreNMS 1.46 - 'search' SQL Injection",2020-05-11,Punt,webapps,multiple,,2020-05-11,2020-05-11,0,,,,,,
@ -12078,7 +12078,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49081,exploits/multiple/webapps/49081.py,"M/Monit 3.7.4 - Password Disclosure",2020-11-19,"Dolev Farhi",webapps,multiple,,2020-11-19,2020-11-19,0,,,,,,
49080,exploits/multiple/webapps/49080.py,"M/Monit 3.7.4 - Privilege Escalation",2020-11-19,"Dolev Farhi",webapps,multiple,,2020-11-19,2020-11-19,0,,,,,,
51847,exploits/multiple/webapps/51847.txt,"Magento ver. 2.4.6 - XSLT Server Side Injection",2024-03-03,tmrswrr,webapps,multiple,,2024-03-03,2024-03-03,0,,,,,,
52170,exploits/multiple/webapps/52170.txt,"MagnusSolution magnusbilling 7.3.0 - Command Injection",2025-04-11,CodeSecLab,webapps,multiple,,2025-04-11,2025-04-11,0,CVE-2023-30258,,,,,
52170,exploits/multiple/webapps/52170.txt,"MagnusSolution magnusbilling 7.3.0 - Command Injection",2025-04-11,CodeSecLab,webapps,multiple,,2025-04-11,2025-04-13,0,CVE-2023-30258,,,,,
50971,exploits/multiple/webapps/50971.txt,"Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)",2022-06-27,Vulnz,webapps,multiple,,2022-06-27,2022-06-27,0,,,,,,
9714,exploits/multiple/webapps/9714.txt,"Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion",2009-10-18,"Don Tukulesto",webapps,multiple,,2009-10-17,,1,OSVDB-58288;CVE-2009-3333,,,,,
39236,exploits/multiple/webapps/39236.py,"Manage Engine Application Manager 12.5 - Arbitrary Command Execution",2016-01-14,"Bikramaditya Guha",webapps,multiple,,2016-01-14,2016-01-14,0,OSVDB-133027,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5291.php
@ -12220,7 +12220,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51646,exploits/multiple/webapps/51646.txt,"Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)",2023-08-04,"Ahmet Ümit BAYRAM",webapps,multiple,,2023-08-04,2023-08-04,0,,,,,,
43440,exploits/multiple/webapps/43440.txt,"P-Synch < 6.2.5 - Multiple Vulnerabilities",2003-05-30,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00005,,,,,http://gulftech.org/advisories/P-Synch%20Multiple%20Vulnerabilities/5
51343,exploits/multiple/webapps/51343.txt,"Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)",2023-04-08,omurugur,webapps,multiple,,2023-04-08,2023-04-08,0,CVE-2022-0020,,,,,
52129,exploits/multiple/webapps/52129.py,"Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover",2025-04-06,ByteHunter,webapps,multiple,,2025-04-06,2025-04-06,0,CVE-2024-5910,,,,,
52129,exploits/multiple/webapps/52129.py,"Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover",2025-04-06,ByteHunter,webapps,multiple,,2025-04-06,2025-04-13,0,CVE-2024-5910,,,,,
51391,exploits/multiple/webapps/51391.py,"PaperCut NG/MG 22.0.4 - Authentication Bypass",2023-04-25,MaanVader,webapps,multiple,,2023-04-25,2023-04-25,0,CVE-2023-27350,,,,,
51452,exploits/multiple/webapps/51452.py,"PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)",2023-05-23,MaanVader,webapps,multiple,,2023-05-23,2023-05-23,0,CVE-2023-27350,,,,,
35210,exploits/multiple/webapps/35210.txt,"Password Manager Pro / Pro MSP - Blind SQL Injection",2014-11-10,"Pedro Ribeiro",webapps,multiple,,2014-11-10,2018-01-25,0,CVE-2014-8499;CVE-2014-8498;OSVDB-114485;OSVDB-114484;OSVDB-114483,,,,,https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/ManageEngine/me_pmp_privesc.txt
@ -12254,7 +12254,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
44276,exploits/multiple/webapps/44276.txt,"Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials",2018-03-12,LiquidWorm,webapps,multiple,,2018-03-12,2018-03-12,0,,,,,,
50229,exploits/multiple/webapps/50229.txt,"ProcessMaker 3.5.4 - Local File inclusion",2021-08-26,"Ai Ho",webapps,multiple,,2021-08-26,2021-08-26,0,,,,,,
9728,exploits/multiple/webapps/9728.txt,"ProdLer 2.0 - Remote File Inclusion",2009-09-21,cr4wl3r,webapps,multiple,,2009-09-20,,1,OSVDB-58298;CVE-2009-3324,,,,,
52103,exploits/multiple/webapps/52103.py,"Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass",2025-03-28,VeryLazyTech,webapps,multiple,,2025-03-28,2025-03-28,0,CVE-2024-4358,,,,,
52103,exploits/multiple/webapps/52103.py,"Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass",2025-03-28,VeryLazyTech,webapps,multiple,,2025-03-28,2025-04-13,0,CVE-2024-4358,,,,,
35219,exploits/multiple/webapps/35219.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection (1)",2014-11-13,"Onur Alanbel (BGA)",webapps,multiple,,2014-11-17,2014-11-17,0,OSVDB-114840;CVE-2014-9237,,,,,
51264,exploits/multiple/webapps/51264.txt,"Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)",2023-04-05,"Andreas Finstad",webapps,multiple,,2023-04-05,2023-04-05,0,CVE-2023-23286,,,,,
12730,exploits/multiple/webapps/12730.txt,"ProWeb Design - SQL Injection",2010-05-24,cyberlog,webapps,multiple,,2010-05-23,,1,,,,,,
@ -12323,7 +12323,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49986,exploits/multiple/webapps/49986.txt,"Solar-Log 500 2.8.2 - Incorrect Access Control",2021-06-11,Luca.Chiou,webapps,multiple,,2021-06-11,2021-06-11,0,,,,,,
49987,exploits/multiple/webapps/49987.txt,"Solar-Log 500 2.8.2 - Unprotected Storage of Credentials",2021-06-11,Luca.Chiou,webapps,multiple,,2021-06-11,2021-06-11,0,,,,,,
52055,exploits/multiple/webapps/52055.py,"SolarWinds Platform 2024.1 SR1 - Race Condition",2024-06-26,"Elhussain Fathy",webapps,multiple,,2024-06-26,2024-06-26,0,CVE-2024-28999,,,,,
52101,exploits/multiple/webapps/52101.py,"Sonatype Nexus Repository 3.53.0-01 - Path Traversal",2025-03-28,VeryLazyTech,webapps,multiple,,2025-03-28,2025-03-28,0,CVE-2024-4956,,,,,
52101,exploits/multiple/webapps/52101.py,"Sonatype Nexus Repository 3.53.0-01 - Path Traversal",2025-03-28,VeryLazyTech,webapps,multiple,,2025-03-28,2025-04-13,0,CVE-2024-4956,,,,,
22852,exploits/multiple/webapps/22852.txt,"SonicWALL CDP 5040 6.x - Multiple Vulnerabilities",2012-11-20,Vulnerability-Lab,webapps,multiple,,2012-11-20,2012-11-20,0,OSVDB-87640;OSVDB-87639;OSVDB-87638,,,,,https://www.vulnerability-lab.com/get_content.php?id=549
24204,exploits/multiple/webapps/24204.pl,"SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution",2013-01-18,"Nikolas Sotiriu",webapps,multiple,,2013-01-18,2016-12-04,0,CVE-2013-1359;OSVDB-89347,,,,,
24203,exploits/multiple/webapps/24203.txt,"SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass",2013-01-18,"Nikolas Sotiriu",webapps,multiple,,2013-01-18,2013-01-18,0,CVE-2013-1360;OSVDB-89346,,,,,
@ -12408,7 +12408,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
12610,exploits/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",webapps,multiple,,2010-05-13,,1,CVE-2010-1143,,,,,
48804,exploits/multiple/webapps/48804.py,"VTENEXT 19 CE - Remote Code Execution",2020-09-11,"Marco Ruela",webapps,multiple,,2020-09-11,2020-09-11,0,,,,,,
10999,exploits/multiple/webapps/10999.txt,"W-Agora 4.2.1 - Multiple Vulnerabilities",2010-01-04,indoushka,webapps,multiple,,2010-01-03,,0,OSVDB-63644,,,,http://www.exploit-db.comw-agora-4.2.1-php.zip,
52130,exploits/multiple/webapps/52130.py,"Watcharr 1.43.0 - Remote Code Execution (RCE)",2025-04-06,"Suphawith Phusanbai",webapps,multiple,,2025-04-06,2025-04-06,0,CVE-2024-48827,,,,,
52130,exploits/multiple/webapps/52130.py,"Watcharr 1.43.0 - Remote Code Execution (RCE)",2025-04-06,"Suphawith Phusanbai",webapps,multiple,,2025-04-06,2025-04-13,0,CVE-2024-48827,,,,,
52132,exploits/multiple/webapps/52132.sh,"WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)",2025-04-06,Swammers8,webapps,multiple,,2025-04-06,2025-04-06,0,,,,,,
31233,exploits/multiple/webapps/31233.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc?camnum' Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",webapps,multiple,,2008-02-18,2014-01-28,1,CVE-2008-5674;OSVDB-42927,,,,,https://www.securityfocus.com/bid/27875/info
31234,exploits/multiple/webapps/31234.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic?id' Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",webapps,multiple,,2008-02-18,2014-01-28,1,CVE-2008-5674;OSVDB-42928,,,,,https://www.securityfocus.com/bid/27875/info
@ -12899,7 +12899,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
44216,exploits/perl/webapps/44216.txt,"Routers2 2.24 - Cross-Site Scripting",2018-02-28,"Lorenzo Di Fuccia",webapps,perl,,2018-02-28,2018-02-28,1,CVE-2018-6193,,,,,
51509,exploits/perl/webapps/51509.py,"Thruk Monitoring Web Interface 3.06 - Path Traversal",2023-06-09,"Galoget Latorre",webapps,perl,,2023-06-09,2023-06-09,0,CVE-2023-34096,,,,,
44386,exploits/perl/webapps/44386.txt,"VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal",2018-04-02,LiquidWorm,webapps,perl,,2018-04-02,2018-04-02,0,,,,,,
52114,exploits/perl/webapps/52114.py,"Webmin Usermin 2.100 - Username Enumeration",2025-04-03,Kjesper,webapps,perl,,2025-04-03,2025-04-03,0,CVE-2024-44762,,,,,
52114,exploits/perl/webapps/52114.py,"Webmin Usermin 2.100 - Username Enumeration",2025-04-03,Kjesper,webapps,perl,,2025-04-03,2025-04-13,0,CVE-2024-44762,,,,,
1651,exploits/php/dos/1651.php,"ADODB < 4.70 - 'tmssql.php' Denial of Service",2006-04-09,rgod,dos,php,,2006-04-08,2016-07-07,1,,,,,http://www.exploit-db.comadodb468.tgz,
30753,exploits/php/dos/30753.txt,"AutoIndex PHP Script 2.2.2/2.2.3 - 'index.php' Denial of Service",2007-11-12,L4teral,dos,php,,2007-11-12,2014-01-06,1,CVE-2007-5984;OSVDB-45282,,,,,https://www.securityfocus.com/bid/26410/info
40996,exploits/php/dos/40996.txt,"DirectAdmin 1.50.1 - Denial of Service",2017-01-08,"IeDb ir",dos,php,,2017-01-08,2017-01-09,0,,,,,,
@ -13466,8 +13466,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51058,exploits/php/webapps/51058.txt,"Abantecart v1.3.2 - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-06-23,1,CVE-2022-26521,,,,,
27934,exploits/php/webapps/27934.txt,"Abarcar Realty Portal 5.1.5 - 'content.php' SQL Injection",2006-06-01,SpC-x,webapps,php,,2006-06-01,2013-08-29,1,CVE-2006-2853;OSVDB-26226,,,,,https://www.securityfocus.com/bid/18218/info
28944,exploits/php/webapps/28944.txt,"Abarcar Realty Portal 5.1.5/6.0.1 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",webapps,php,,2006-11-08,2013-10-14,1,,,,,,https://www.securityfocus.com/bid/20970/info
52112,exploits/php/webapps/52112.NA,"ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials",2025-04-03,LiquidWorm,webapps,php,,2025-04-03,2025-04-03,0,CVE-2024-4007,,,,,
52108,exploits/php/webapps/52108.NA,"ABB Cylon Aspect 3.08.01 - Arbitrary File Delete",2025-04-02,LiquidWorm,webapps,php,,2025-04-02,2025-04-02,0,CVE-2024-6209,,,,,
52112,exploits/php/webapps/52112.NA,"ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials",2025-04-03,LiquidWorm,webapps,php,,2025-04-03,2025-04-13,0,CVE-2024-4007,,,,,
52108,exploits/php/webapps/52108.NA,"ABB Cylon Aspect 3.08.01 - Arbitrary File Delete",2025-04-02,LiquidWorm,webapps,php,,2025-04-02,2025-04-13,0,CVE-2024-6209,,,,,
8555,exploits/php/webapps/8555.txt,"ABC Advertise 1.0 - Admin Password Disclosure",2009-04-27,SirGod,webapps,php,,2009-04-26,,1,OSVDB-54287;CVE-2009-1550,,,,,
45836,exploits/php/webapps/45836.txt,"ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)",2018-11-13,"Ihsan Sencan",webapps,php,80,2018-11-13,2018-11-13,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comabc_v_0_6_4.zip,
4338,exploits/php/webapps/4338.pl,"ABC estore 3.0 - 'cat_id' Blind SQL Injection",2007-08-29,k1tk4t,webapps,php,,2007-08-28,,1,OSVDB-38434;CVE-2007-4627,,,,,
@ -14247,7 +14247,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
10816,exploits/php/webapps/10816.txt,"Aptgp.1.3.0c - Cross-Site Scripting",2009-12-30,indoushka,webapps,php,,2009-12-29,,0,,,,,,
12567,exploits/php/webapps/12567.html,"Aqar Script 1.0 - Remote Bypass",2010-05-11,indoushka,webapps,php,,2010-05-10,,0,,,,,,
8432,exploits/php/webapps/8432.txt,"Aqua CMS - 'Username' SQL Injection",2009-04-14,halkfild,webapps,php,,2009-04-13,,1,OSVDB-53691;CVE-2009-1317;OSVDB-53690,,,,,http://crackfor.me/bugtraq/aquacms.v1.1.txt
52164,exploits/php/webapps/52164.py,"AquilaCMS 1.409.20 - Remote Command Execution (RCE)",2025-04-10,"Eui Chul Chung",webapps,php,,2025-04-10,2025-04-10,0,CVE-2024-48573,,,,,
52164,exploits/php/webapps/52164.py,"AquilaCMS 1.409.20 - Remote Command Execution (RCE)",2025-04-10,"Eui Chul Chung",webapps,php,,2025-04-10,2025-04-13,0,CVE-2024-48573,,,,,
2931,exploits/php/webapps/2931.txt,"AR Memberscript - 'usercp_menu.php' Remote File Inclusion",2006-12-14,ex0,webapps,php,,2006-12-13,,1,OSVDB-57302;CVE-2006-6590,,,,,
38015,exploits/php/webapps/38015.txt,"AR Web Content Manager (AWCM) - 'cookie_gen.php' Arbitrary Cookie Generation",2012-11-08,"Sooel Son",webapps,php,,2012-11-08,2017-10-20,1,CVE-2012-2437;OSVDB-87922,,,,,https://www.securityfocus.com/bid/56465/info
27642,exploits/php/webapps/27642.txt,"AR-Blog 5.2 - 'print.php' Cross-Site Scripting",2006-04-14,ALMOKANN3,webapps,php,,2006-04-14,2013-08-17,1,CVE-2006-1893;OSVDB-24863,,,,,https://www.securityfocus.com/bid/17522/info
@ -14309,7 +14309,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51215,exploits/php/webapps/51215.txt,"Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated",2023-04-03,"Rahul Patwari",webapps,php,,2023-04-03,2023-04-28,1,CVE-2023-23162,,,,,
51216,exploits/php/webapps/51216.txt,"Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated",2023-04-03,"Rahul Patwari",webapps,php,,2023-04-03,2023-04-28,1,CVE-2023-23163,,,,,
34560,exploits/php/webapps/34560.html,"ArtGK CMS - Cross-Site Scripting / HTML Injection",2010-09-01,"High-Tech Bridge SA",webapps,php,,2010-09-01,2014-09-08,1,,,,,,https://www.securityfocus.com/bid/42923/info
52146,exploits/php/webapps/52146.py,"Artica Proxy 4.50 - Remote Code Execution (RCE)",2025-04-09,Madan,webapps,php,,2025-04-09,2025-04-09,0,CVE-2024-2054,,,,,
52146,exploits/php/webapps/52146.py,"Artica Proxy 4.50 - Remote Code Execution (RCE)",2025-04-09,Madan,webapps,php,,2025-04-09,2025-04-13,0,CVE-2024-2054,,,,,
43206,exploits/php/webapps/43206.txt,"Artica Web Proxy 3.06 - Remote Code Execution",2017-12-01,hyp3rlinx,webapps,php,,2017-12-01,2017-12-01,0,CVE-2017-17055,,,,,
31028,exploits/php/webapps/31028.txt,"Article Dashboard - '/admin/login.php' Multiple SQL Injections",2008-01-15,Xcross87,webapps,php,,2008-01-15,2014-01-19,1,CVE-2008-0286;OSVDB-40273,,,,,https://www.securityfocus.com/bid/27286/info
4221,exploits/php/webapps/4221.txt,"Article Directory - 'index.php' Remote File Inclusion",2007-07-24,mozi,webapps,php,,2007-07-23,,1,OSVDB-39107;CVE-2007-4007,,,,,
@ -15686,7 +15686,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
38339,exploits/php/webapps/38339.txt,"Centreon 2.6.1 - Multiple Vulnerabilities",2015-09-28,LiquidWorm,webapps,php,80,2015-09-28,2015-09-28,0,,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5263.php
23362,exploits/php/webapps/23362.py,"Centreon Enterprise Server 2.3.3 < 2.3.9-4 - Blind SQL Injection",2012-12-13,modpr0be,webapps,php,,2012-12-13,2012-12-13,0,CVE-2012-5967;OSVDB-88430,,,,,
11979,exploits/php/webapps/11979.pl,"Centreon IT & Network Monitoring 2.1.5 - SQL Injection",2010-03-31,"Jonathan Salwan",webapps,php,,2010-03-30,,1,OSVDB-63347;CVE-2010-1301,,,,,
52156,exploits/php/webapps/52156.py,"Centron 19.04 - Remote Code Execution (RCE)",2025-04-10,"Starry Sky",webapps,php,,2025-04-10,2025-04-10,0,CVE-2019-13024,,,,,
52156,exploits/php/webapps/52156.py,"Centron 19.04 - Remote Code Execution (RCE)",2025-04-10,"Starry Sky",webapps,php,,2025-04-10,2025-04-13,0,CVE-2019-13024,,,,,
38074,exploits/php/webapps/38074.txt,"Cerb 7.0.3 - Cross-Site Request Forgery",2015-09-02,"High-Tech Bridge SA",webapps,php,80,2015-09-02,2015-09-02,0,CVE-2015-6545;OSVDB-126097,,,,http://www.exploit-db.comcerb-7.0.3.tar.gz,https://www.htbridge.com/advisory/HTB23269
39526,exploits/php/webapps/39526.sh,"Cerberus Helpdesk (Cerb5) 5 < 6.7 - Password Hash Disclosure",2016-03-07,asdizzle_,webapps,php,80,2016-03-07,2016-03-10,1,,,,http://www.exploit-db.com/screenshots/idlt40000/kali-20-clean-2016-03-10-19-35-06.png,http://www.exploit-db.comcerb5-5_4_4.zip,
25803,exploits/php/webapps/25803.txt,"Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-06-08,"Dedi Dwianto",webapps,php,,2005-06-08,2013-05-29,1,,,,,,https://www.securityfocus.com/bid/13897/info
@ -15814,7 +15814,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50116,exploits/php/webapps/50116.py,"Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE",2021-07-09,"Eleonora Guardini",webapps,php,,2021-07-09,2021-07-09,0,,,,,,
50965,exploits/php/webapps/50965.txt,"ChurchCRM 4.4.5 - SQLi",2022-06-14,nu11secur1ty,webapps,php,,2022-06-14,2022-06-14,0,CVE-2022-31325,,,,,
51319,exploits/php/webapps/51319.py,"ChurchCRM 4.5.1 - Authenticated SQL Injection",2023-04-07,Arvandy,webapps,php,,2023-04-07,2023-04-07,0,CVE-2023-24787,,,,,
52152,exploits/php/webapps/52152.NA,"ChurchCRM 5.9.1 - SQL Injection",2025-04-09,"Sanan Qasimzada",webapps,php,,2025-04-09,2025-04-09,0,CVE-2024-39304,,,,,
52152,exploits/php/webapps/52152.NA,"ChurchCRM 5.9.1 - SQL Injection",2025-04-09,"Sanan Qasimzada",webapps,php,,2025-04-09,2025-04-13,0,CVE-2024-39304,,,,,
51296,exploits/php/webapps/51296.txt,"ChurchCRM v4.5.3-121fcc1 - SQL Injection",2023-04-06,nu11secur1ty,webapps,php,,2023-04-06,2023-04-06,0,,,,,,
51477,exploits/php/webapps/51477.txt,"ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-23,0,CVE-2023-31699,,,,,
15887,exploits/php/webapps/15887.txt,"ChurchInfo 1.2.12 - SQL Injection",2011-01-01,dun,webapps,php,,2011-01-01,2011-01-01,1,OSVDB-70253,,,,http://www.exploit-db.comchurchinfo-1.2.12.zip,
@ -16216,11 +16216,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
44567,exploits/php/webapps/44567.txt,"Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery",2018-05-02,"Qian Wu_ Bo Wang_ Jiawang Zhang",webapps,php,80,2018-05-02,2018-05-02,0,CVE-2018-9302,"Server-Side Request Forgery (SSRF)",,,http://www.exploit-db.comcockpit-0.5.5.tar.gz,
49390,exploits/php/webapps/49390.txt,"Cockpit CMS 0.6.1 - Remote Code Execution",2021-01-07,"Rafael Resende",webapps,php,,2021-01-07,2021-01-07,0,,,,,,
3251,exploits/php/webapps/3251.txt,"CoD2: DreamStats 4.2 - 'index.php' Remote File Inclusion",2007-02-02,"ThE dE@Th",webapps,php,,2007-02-01,,1,OSVDB-33095;CVE-2007-0757,,,,,
52159,exploits/php/webapps/52159.txt,"CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)",2025-04-10,"Raj Nandi",webapps,php,,2025-04-10,2025-04-10,0,CVE-2024-7815,,,,,
52159,exploits/php/webapps/52159.txt,"CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)",2025-04-10,"Raj Nandi",webapps,php,,2025-04-10,2025-04-13,0,CVE-2024-7815,,,,,
3599,exploits/php/webapps/3599.txt,"CodeBB 1.0 Beta 2 - 'phpbb_root_path' Remote File Inclusion",2007-03-28,"Alkomandoz Hacker",webapps,php,,2007-03-27,,1,OSVDB-35423;CVE-2007-1839;OSVDB-35422,,,,,
3711,exploits/php/webapps/3711.html,"CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion",2007-04-11,"John Martinelli",webapps,php,,2007-04-10,2016-11-14,1,OSVDB-34831;CVE-2007-1996,,,,,
41550,exploits/php/webapps/41550.txt,"Codecanyon Clone Script - SQL Injection",2017-03-08,"Ihsan Sencan",webapps,php,,2017-03-08,2017-03-08,0,,,,,,
52100,exploits/php/webapps/52100.py,"CodeCanyon RISE CRM 3.7.0 - SQL Injection",2025-03-28,"Jobyer From Bytium",webapps,php,,2025-03-28,2025-03-28,0,CVE-2024-8945,,,,,
52100,exploits/php/webapps/52100.py,"CodeCanyon RISE CRM 3.7.0 - SQL Injection",2025-03-28,"Jobyer From Bytium",webapps,php,,2025-03-28,2025-04-13,0,CVE-2024-8945,,,,,
6071,exploits/php/webapps/6071.txt,"CodeDB 1.1.1 - 'list.php' Local File Inclusion",2008-07-14,cOndemned,webapps,php,,2008-07-13,2016-12-13,1,OSVDB-47027;CVE-2008-3190,,,,,
26505,exploits/php/webapps/26505.txt,"Codegrrl - 'Protection.php' Code Execution",2005-11-14,"Robin Verton",webapps,php,,2005-11-14,2013-07-01,1,CVE-2005-3571;OSVDB-20816,,,,,https://www.securityfocus.com/bid/15417/info
33751,exploits/php/webapps/33751.txt,"CodeIgniter 1.0 - 'BASEPATH' Multiple Remote File Inclusions",2010-03-11,eidelweiss,webapps,php,,2010-03-11,2014-06-14,1,,,,,,https://www.securityfocus.com/bid/38672/info
@ -17993,7 +17993,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
33874,exploits/php/webapps/33874.txt,"Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities",2010-04-26,"Richard Moore",webapps,php,,2010-04-26,2016-12-18,1,,,,,,https://www.securityfocus.com/bid/39679/info
45681,exploits/php/webapps/45681.txt,"Ekushey Project Manager CRM 3.1 - Cross-Site Scripting",2018-10-25,"Ismail Tasdelen",webapps,php,80,2018-10-25,2018-10-25,0,CVE-2018-18417,"Cross-Site Scripting (XSS)",,,,
46869,exploits/php/webapps/46869.py,"eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution",2019-05-20,liquidsky,webapps,php,,2019-05-20,2021-06-17,0,CVE-2019-12185,,,,,
52106,exploits/php/webapps/52106.NA,"Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS",2025-04-02,"arfaoui haythem",webapps,php,,2025-04-02,2025-04-02,0,CVE-2024-42831,,,,,
52106,exploits/php/webapps/52106.NA,"Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS",2025-04-02,"arfaoui haythem",webapps,php,,2025-04-02,2025-04-13,0,CVE-2024-42831,,,,,
48705,exploits/php/webapps/48705.txt,"elaniin CMS - Authentication Bypass",2020-07-26,BKpatron,webapps,php,,2020-07-26,2020-07-26,0,,,,,,
47858,exploits/php/webapps/47858.txt,"elaniin CMS 1.0 - Authentication Bypass",2020-01-06,riamloo,webapps,php,,2020-01-06,2020-04-13,1,,,,,,
37054,exploits/php/webapps/37054.py,"ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal",2015-05-18,pandujar,webapps,php,,2015-05-21,2015-05-21,0,CVE-2015-3337;OSVDB-121335,,,,,https://github.com/pandujar/elasticpwn/
@ -18605,7 +18605,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
17099,exploits/php/webapps/17099.txt,"Feng Office 1.7.3.3 - Cross-Site Request Forgery",2011-04-01,"High-Tech Bridge SA",webapps,php,,2011-04-01,2011-04-01,1,OSVDB-71472,,,,,http://www.htbridge.ch/advisory/xsrf_csrf_in_feng_office.html
35041,exploits/php/webapps/35041.py,"Feng Office 1.7.4 - Arbitrary File Upload",2014-10-23,"AutoSec Tools",webapps,php,,2014-10-23,2014-10-23,0,,,,,,
35042,exploits/php/webapps/35042.txt,"Feng Office 1.7.4 - Cross-Site Scripting",2014-10-23,"AutoSec Tools",webapps,php,,2014-10-23,2016-11-12,0,,,,,,https://www.securityfocus.com/bid/47049/info
52154,exploits/php/webapps/52154.NA,"Feng Office 3.11.1.2 - SQL Injection",2025-04-10,"Andrey Stoykov",webapps,php,,2025-04-10,2025-04-10,0,CVE-2024-6039,,,,,
52154,exploits/php/webapps/52154.NA,"Feng Office 3.11.1.2 - SQL Injection",2025-04-10,"Andrey Stoykov",webapps,php,,2025-04-10,2025-04-13,0,CVE-2024-6039,,,,,
46471,exploits/php/webapps/46471.rb,"Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)",2019-02-28,AkkuS,webapps,php,,2019-02-28,2019-03-08,0,CVE-2019-9623,,,,,
35914,exploits/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen Rösemann",webapps,php,80,2015-01-26,2015-01-26,1,OSVDB-117806;OSVDB-117612;OSVDB-117533;OSVDB-117532;CVE-2015-1374;CVE-2015-1373;CVE-2015-1372;OSVDB-117531;CVE-2015-1371;OSVDB-117530,,,,,
10552,exploits/php/webapps/10552.txt,"FestOs 2.2.1 - Multiple Remote File Inclusions",2009-12-19,cr4wl3r,webapps,php,,2009-12-18,,0,,,,,http://www.exploit-db.comfestos_2_2_1.tar.gz,
@ -18706,8 +18706,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
52054,exploits/php/webapps/52054.txt,"Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)",2024-06-26,tmrswrr,webapps,php,,2024-06-26,2024-06-26,0,,,,,,
8549,exploits/php/webapps/8549.txt,"Flatchat 3.0 - 'pmscript.php' Local File Inclusion",2009-04-27,SirGod,webapps,php,,2009-04-26,,1,OSVDB-54111;CVE-2009-1486,,,,,
1405,exploits/php/webapps/1405.pl,"FlatCMS 1.01 - 'file_editor.php' Remote Command Execution",2006-01-04,cijfer,webapps,php,,2006-01-03,,1,,,,,,
52166,exploits/php/webapps/52166.txt,"flatCore 1.5 - Cross Site Request Forgery (CSRF)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-11,0,CVE-2019-13961,,,,,
52165,exploits/php/webapps/52165.txt,"flatCore 1.5.5 - Arbitrary File Upload",2025-04-10,CodeSecLab,webapps,php,,2025-04-10,2025-04-10,0,CVE-2019-10652,,,,,
52166,exploits/php/webapps/52166.txt,"flatCore 1.5 - Cross Site Request Forgery (CSRF)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-13,0,CVE-2019-13961,,,,,
52165,exploits/php/webapps/52165.txt,"flatCore 1.5.5 - Arbitrary File Upload",2025-04-10,CodeSecLab,webapps,php,,2025-04-10,2025-04-13,0,CVE-2019-10652,,,,,
50262,exploits/php/webapps/50262.py,"FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)",2021-09-06,"Mason Soroka-Gill",webapps,php,,2021-09-06,2021-09-06,0,CVE-2021-39608,,,,http://www.exploit-db.comflatCore-CMS-2.0.7.tar.gz,
51068,exploits/php/webapps/51068.txt,"FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)",2023-03-27,"Sinem Şahin",webapps,php,,2023-03-27,2023-03-27,0,,,,,,
11515,exploits/php/webapps/11515.txt,"FlatFile Login System - Remote Password Disclosure",2010-02-20,ViRuSMaN,webapps,php,,2010-02-19,,1,,,,,http://www.exploit-db.com269_flatfile_login.zip,
@ -19360,7 +19360,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49798,exploits/php/webapps/49798.py,"GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting",2021-04-23,boku,webapps,php,,2021-04-23,2021-11-01,0,,,,,,
48745,exploits/php/webapps/48745.txt,"GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)",2020-08-13,boku,webapps,php,,2020-08-13,2020-08-13,0,,,,,,
51475,exploits/php/webapps/51475.py,"GetSimple CMS v3.3.16 - Remote Code Execution (RCE)",2023-05-23,"Youssef Muhammad",webapps,php,,2023-05-23,2023-05-26,1,CVE-2022-41544,,,,,
52168,exploits/php/webapps/52168.txt,"GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-11,0,CVE-2021-28976,,,,,
52168,exploits/php/webapps/52168.txt,"GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-13,0,CVE-2021-28976,,,,,
4738,exploits/php/webapps/4738.txt,"gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion",2007-12-18,MhZ91,webapps,php,,2007-12-17,2016-10-20,1,OSVDB-44780;CVE-2007-6476;OSVDB-44779;CVE-2007-6475;OSVDB-41376;CVE-2007-6474;OSVDB-41375,,,,http://www.exploit-db.comGF-3XPLORER_2.4_.rar,
645,exploits/php/webapps/645.pl,"GFHost PHP GMail - Remote Command Execution",2004-11-21,spabam,webapps,php,,2004-11-20,,1,OSVDB-11626,,,,,http://www.zone-h.org/advisories/read/id=4904
25693,exploits/php/webapps/25693.txt,"GForge 3.x - Arbitrary Command Execution",2005-05-24,"Filippo Spike Morelli",webapps,php,,2005-05-24,2013-05-24,1,CVE-2005-1752;OSVDB-16930,,,,,https://www.securityfocus.com/bid/13716/info
@ -19454,7 +19454,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
17992,exploits/php/webapps/17992.txt,"GNUBoard 4.33.02 - 'tp.php?PATH_INFO' SQL Injection",2011-10-17,flyh4t,webapps,php,,2011-10-17,2017-10-17,0,CVE-2011-4066;OSVDB-76614,,,,,
36973,exploits/php/webapps/36973.txt,"GNUBoard 4.34.20 - 'download.php' HTML Injection",2012-03-20,wh1ant,webapps,php,,2012-03-20,2015-05-11,1,CVE-2012-4873;OSVDB-80217,,,,,https://www.securityfocus.com/bid/52622/info
39116,exploits/php/webapps/39116.txt,"GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections",2014-03-19,"Claepo Wang",webapps,php,,2014-03-19,2015-12-29,1,CVE-2014-2339;OSVDB-104445,,,,,https://www.securityfocus.com/bid/66228/info
52167,exploits/php/webapps/52167.txt,"Gnuboard5 5.3.2.8 - SQL Injection",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-11,0,CVE-2020-18662,,,,,
52167,exploits/php/webapps/52167.txt,"Gnuboard5 5.3.2.8 - SQL Injection",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-13,0,CVE-2020-18662,,,,,
3876,exploits/php/webapps/3876.txt,"GNUEDU 1.3b2 - Multiple Remote File Inclusions",2007-05-08,GoLd_M,webapps,php,,2007-05-07,,1,OSVDB-38256;CVE-2007-2609;OSVDB-38255;OSVDB-38254;OSVDB-38253;OSVDB-38252;OSVDB-38251;OSVDB-38250;OSVDB-38249;OSVDB-38248,,,,,
32207,exploits/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",webapps,php,80,2014-03-12,2014-03-12,1,OSVDB-104385;OSVDB-104384,,,,http://www.exploit-db.comgnupanel_lenny_squeeze_wheezy_precise_0.3.5_R4.tar.bz2,
30082,exploits/php/webapps/30082.txt,"GNUTurk - 'Mods.php' Cross-Site Scripting",2007-05-25,vagrant,webapps,php,,2007-05-25,2013-12-06,1,CVE-2007-2879;OSVDB-38139,,,,,https://www.securityfocus.com/bid/24152/info
@ -22659,7 +22659,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
40545,exploits/php/webapps/40545.txt,"Learning Management System 0.1 - Authentication Bypass",2016-10-14,lahilote,webapps,php,,2016-10-17,2016-10-19,0,,,,,http://www.exploit-db.comlms.zip,
45635,exploits/php/webapps/45635.txt,"Learning with Texts 1.6.2 - 'start' SQL Injection",2018-10-18,"Ihsan Sencan",webapps,php,,2018-10-18,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comlwt_v_1_6_2.zip,
4680,exploits/php/webapps/4680.txt,"LearnLoop 2.0beta7 - 'sFilePath' Remote File Disclosure",2007-11-29,GoLd_M,webapps,php,,2007-11-28,2016-10-20,1,OSVDB-39698;CVE-2007-6214,,,,http://www.exploit-db.comlearnloop2.0beta7.tar.gz,
52171,exploits/php/webapps/52171.txt,"LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection",2025-04-11,"Francisco Moraga (BTshell)",webapps,php,,2025-04-11,2025-04-11,0,CVE-2024-8522,,,,,
52171,exploits/php/webapps/52171.txt,"LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection",2025-04-11,"Francisco Moraga (BTshell)",webapps,php,,2025-04-11,2025-04-13,0,CVE-2024-8522,,,,,
23313,exploits/php/webapps/23313.txt,"Ledscripts LedForums - Multiple HTML Injections",2003-10-30,ProXy,webapps,php,,2003-10-30,2012-12-12,1,CVE-2003-1197;OSVDB-8934,,,,,https://www.securityfocus.com/bid/8934/info
38908,exploits/php/webapps/38908.txt,"Leed - 'id' SQL Injection",2013-12-18,"Alexandre Herzog",webapps,php,,2013-12-18,2015-12-08,1,CVE-2013-2627;OSVDB-101156,,,,,https://www.securityfocus.com/bid/64426/info
10930,exploits/php/webapps/10930.txt,"Left 4 Dead Stats 1.1 - SQL Injection",2010-01-02,Sora,webapps,php,,2010-01-01,,1,OSVDB-61472;CVE-2010-0980,,,,http://www.exploit-db.coml4d_stats_web.zip,
@ -22850,7 +22850,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
6206,exploits/php/webapps/6206.txt,"LiteNews 0.1 - Insecure Cookie Handling",2008-08-05,Scary-Boys,webapps,php,,2008-08-04,,1,OSVDB-47552;CVE-2008-3508,,,,,
17528,exploits/php/webapps/17528.txt,"LiteRadius 3.2 - Multiple Blind SQL Injections",2011-07-13,"Robert Cooper",webapps,php,,2011-07-13,2012-10-28,1,,,,,,
26535,exploits/php/webapps/26535.txt,"Litespeed 2.1.5 - 'ConfMgr.php' Cross-Site Scripting",2005-11-17,"Gama Sec",webapps,php,,2005-11-17,2013-07-02,1,CVE-2005-3695;OSVDB-20908,,,,,https://www.securityfocus.com/bid/15485/info
52099,exploits/php/webapps/52099.py,"Litespeed Cache 6.5.0.1 - Authentication Bypass",2025-03-28,"Caner Tercan",webapps,php,,2025-03-28,2025-03-28,0,CVE-2024-44000,,,,,
52099,exploits/php/webapps/52099.py,"Litespeed Cache 6.5.0.1 - Authentication Bypass",2025-03-28,"Caner Tercan",webapps,php,,2025-03-28,2025-04-13,0,CVE-2024-44000,,,,,
11503,exploits/php/webapps/11503.txt,"Litespeed Web Server 4.0.12 - Cross-Site Request Forgery (Add Admin) / Cross-Site Scripting",2010-02-19,d1dn0t,webapps,php,,2010-02-18,2010-08-31,1,OSVDB-62449,,,,http://www.exploit-db.comlsws-4.0.12-std-i386-linux.tar.gz,
49523,exploits/php/webapps/49523.txt,"LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)",2021-02-05,SunCSR,webapps,php,,2021-02-05,2021-02-05,0,,,,,,
25787,exploits/php/webapps/25787.txt,"LiteWEB Web Server 2.5 - Authentication Bypass",2005-06-03,"Ziv Kamir",webapps,php,,2005-06-03,2013-05-28,1,,,,,,https://www.securityfocus.com/bid/13850/info
@ -23694,7 +23694,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
27125,exploits/php/webapps/27125.txt,"miniBloggie 1.0 - 'login.php' SQL Injection",2006-01-24,"Aliaksandr Hartsuyeu",webapps,php,,2006-01-24,2013-07-27,1,CVE-2006-0417;OSVDB-22729,,,,,https://www.securityfocus.com/bid/16367/info
2519,exploits/php/webapps/2519.txt,"Minichat 6.0 - 'ftag.php' Remote File Inclusion",2006-10-11,Zickox,webapps,php,,2006-10-10,,1,OSVDB-29693;CVE-2006-5283,,,,,
18410,exploits/php/webapps/18410.txt,"MiniCMS 1.0/2.0 - PHP Code Injection",2012-01-22,Or4nG.M4N,webapps,php,,2012-01-22,2012-01-22,0,OSVDB-82331;OSVDB-82330;CVE-2012-5231,,,,,
52175,exploits/php/webapps/52175.txt,"MiniCMS 1.1 - Cross Site Scripting (XSS)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-11,0,CVE-2018-1000638,,,,,
52175,exploits/php/webapps/52175.txt,"MiniCMS 1.1 - Cross Site Scripting (XSS)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-13,0,CVE-2018-1000638,,,,,
49193,exploits/php/webapps/49193.txt,"MiniCMS 1.10 - 'content box' Stored XSS",2020-12-04,yudp,webapps,php,,2020-12-04,2020-12-04,0,,,,,,
44362,exploits/php/webapps/44362.html,"MiniCMS 1.10 - Cross-Site Request Forgery",2018-03-30,zixian,webapps,php,80,2018-03-30,2018-03-30,0,CVE-2018-9092,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comMiniCMS-1.10.tar.gz,
2796,exploits/php/webapps/2796.php,"miniCWB 1.0.0 - 'contact.php' Local File Inclusion",2006-11-17,Kacper,webapps,php,,2006-11-16,,1,,,,,,
@ -23941,7 +23941,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
6194,exploits/php/webapps/6194.pl,"moziloCMS 1.10.1 - 'download.php' Arbitrary Download File",2008-08-02,Ams,webapps,php,,2008-08-01,,1,OSVDB-47327;CVE-2008-3589,,,,,
8394,exploits/php/webapps/8394.txt,"moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting",2009-04-10,SirGod,webapps,php,,2009-04-09,2016-12-15,1,OSVDB-54907;CVE-2009-4209;OSVDB-54906;OSVDB-54905;OSVDB-54891;CVE-2009-1369;OSVDB-48644;CVE-2009-1368;CVE-2009-1367;CVE-2008-6126,,,,,
48781,exploits/php/webapps/48781.txt,"moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)",2020-09-01,"Abdulkadir Kaya",webapps,php,,2020-09-01,2020-09-01,0,,,,,,
52096,exploits/php/webapps/52096.NA,"MoziloCMS 3.0 - Remote Code Execution (RCE)",2025-03-27,"Olakojo Olaoluwa Joshua",webapps,php,,2025-03-27,2025-03-27,0,CVE-2024-44871,,,,,
52096,exploits/php/webapps/52096.NA,"MoziloCMS 3.0 - Remote Code Execution (RCE)",2025-03-27,"Olakojo Olaoluwa Joshua",webapps,php,,2025-03-27,2025-04-13,0,CVE-2024-44871,,,,,
3761,exploits/php/webapps/3761.txt,"Mozzers SubSystem final - 'subs.php' Remote Code Execution",2007-04-18,Dj7xpl,webapps,php,,2007-04-17,2016-09-30,1,OSVDB-42404;CVE-2007-2169,,,,http://www.exploit-db.comSubSystem-final1-ns.zip,
12219,exploits/php/webapps/12219.txt,"Mp3 Online Id Tag Editor - Remote File Inclusion",2010-04-14,indoushka,webapps,php,,2010-04-13,,0,,,,,,
4650,exploits/php/webapps/4650.txt,"Mp3 ToolBox 1.0 Beta 5 - 'skin_file' Remote File Inclusion",2007-11-23,Crackers_Child,webapps,php,,2007-11-22,2016-10-20,1,OSVDB-39681;CVE-2007-6139,,,,http://www.exploit-db.commp3_toolbox_beta-5.zip,
@ -24661,7 +24661,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
44030,exploits/php/webapps/44030.txt,"News Website Script 2.0.4 - 'search' SQL Injection",2018-02-13,"Varun Bagaria",webapps,php,,2018-02-13,2018-02-13,0,,,,,,
46456,exploits/php/webapps/46456.txt,"News Website Script 2.0.5 - SQL Injection",2019-02-25,"Mr Winst0n",webapps,php,,2019-02-25,2019-02-25,0,,,,,,
23012,exploits/php/webapps/23012.txt,"News Wizard 2.0 - Full Path Disclosure",2003-08-11,G00db0y,webapps,php,,2003-08-11,2012-11-29,1,,,,,,https://www.securityfocus.com/bid/8389/info
52174,exploits/php/webapps/52174.txt,"NEWS-BUZZ News Management System 1.0 - SQL Injection",2025-04-11,egsec,webapps,php,,2025-04-11,2025-04-11,0,CVE-2024-10758,,,,,
52174,exploits/php/webapps/52174.txt,"NEWS-BUZZ News Management System 1.0 - SQL Injection",2025-04-11,egsec,webapps,php,,2025-04-11,2025-04-13,0,CVE-2024-10758,,,,,
3406,exploits/php/webapps/3406.pl,"News-Letterman 1.1 - 'eintrag.php?sqllog' Remote File Inclusion",2007-03-04,bd0rk,webapps,php,,2007-03-03,2016-09-27,1,OSVDB-35355;CVE-2007-1340,,,,http://www.exploit-db.comletterman1.1.zip,
31447,exploits/php/webapps/31447.txt,"News-Template 0.5beta - 'print.php' Multiple Cross-Site Scripting Vulnerabilities",2008-03-20,ZoRLu,webapps,php,,2008-03-20,2014-02-06,1,,,,,,https://www.securityfocus.com/bid/28353/info
26458,exploits/php/webapps/26458.txt,"News2Net 3.0 - 'index.php' SQL Injection",2005-11-02,Mousehack,webapps,php,,2005-11-02,2013-06-26,1,CVE-2005-3469;OSVDB-20450,,,,,https://www.securityfocus.com/bid/15274/info
@ -25833,7 +25833,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50961,exploits/php/webapps/50961.py,"Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)",2022-06-14,UNICORD,webapps,php,,2022-06-14,2022-06-14,0,CVE-2020-5844,,,,,
48064,exploits/php/webapps/48064.py,"PANDORAFMS 7.0 - Authenticated Remote Code Execution",2020-02-13,"Engin Demirbilek",webapps,php,,2020-02-13,2020-02-13,0,CVE-2020-8947,,,,,
48707,exploits/php/webapps/48707.txt,"PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting",2020-07-26,AppleBois,webapps,php,,2020-07-26,2020-07-26,0,CVE-2020-11749,,,,,
52157,exploits/php/webapps/52157.py,"PandoraFMS 7.0NG.772 - SQL Injection",2025-04-10,"Osama Yousef",webapps,php,,2025-04-10,2025-04-10,0,CVE-2023-44088,,,,,
52157,exploits/php/webapps/52157.py,"PandoraFMS 7.0NG.772 - SQL Injection",2025-04-10,"Osama Yousef",webapps,php,,2025-04-10,2025-04-13,0,CVE-2023-44088,,,,,
48700,exploits/php/webapps/48700.txt,"PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting",2020-07-26,"Emre ÖVÜNÇ",webapps,php,,2020-07-26,2020-12-07,0,,,,,,
25111,exploits/php/webapps/25111.txt,"PaNews 2.0 - Cross-Site Scripting",2005-02-16,pi3ch,webapps,php,,2005-02-16,2013-05-01,1,,,,,,https://www.securityfocus.com/bid/12576/info
25145,exploits/php/webapps/25145.txt,"PANews 2.0 - PHP Remote Code Execution",2005-02-21,tjomka,webapps,php,,2005-02-21,2013-05-02,1,,,,,,https://www.securityfocus.com/bid/12611/info
@ -27341,7 +27341,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
47438,exploits/php/webapps/47438.py,"phpIPAM 1.4 - SQL Injection",2019-09-30,"Kevin Kirsche",webapps,php,80,2019-09-30,2019-09-30,0,CVE-2019-16692,"SQL Injection (SQLi)",,,http://www.exploit-db.comphpipam-1.4.tar.gz,
50684,exploits/php/webapps/50684.py,"PHPIPAM 1.4.4 - SQLi (Authenticated)",2022-01-25,"Rodolfo Tavares",webapps,php,,2022-01-25,2022-01-25,0,CVE-2022-23046,,,,,
50963,exploits/php/webapps/50963.py,"phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)",2022-06-14,"Guilherme Alves",webapps,php,,2022-06-14,2022-06-14,0,,,,,,
52176,exploits/php/webapps/52176.txt,"phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-11,0,CVE-2023-24657,,,,,
52176,exploits/php/webapps/52176.txt,"phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-13,0,CVE-2023-24657,,,,,
20278,exploits/php/webapps/20278.txt,"phpix 1.0 - Directory Traversal",2000-10-07,Synnergy.net,webapps,php,,2000-10-07,2012-08-06,1,CVE-2000-0919;OSVDB-472,,,,,https://www.securityfocus.com/bid/1773/info
23558,exploits/php/webapps/23558.txt,"PHPix 2.0.3 - Arbitrary Command Execution",2004-01-20,"Max Stepanov",webapps,php,,2004-01-20,2012-12-20,1,OSVDB-3745,,,,,https://www.securityfocus.com/bid/9458/info
48138,exploits/php/webapps/48138.txt,"PhpIX 2012 Professional - 'id' SQL Injection",2020-02-26,indoushka,webapps,php,,2020-02-26,2020-02-26,0,,,,,,
@ -28715,7 +28715,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
8095,exploits/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,webapps,php,,2009-02-22,,1,,,,,,
29632,exploits/php/webapps/29632.txt,"Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",webapps,php,,2007-02-22,2017-02-14,1,CVE-2007-1152;OSVDB-37398,,,,,https://www.securityfocus.com/bid/22667/info
26018,exploits/php/webapps/26018.txt,"Pyrox Search 1.0.5 - 'Newsearch.php' Whatdoreplace Cross-Site Scripting",2005-07-21,rgod,webapps,php,,2005-07-21,2013-06-08,1,,,,,,https://www.securityfocus.com/bid/14343/info
52153,exploits/php/webapps/52153.NA,"PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)",2025-04-09,"Vuln Seeker Cybersecurity Team",webapps,php,,2025-04-09,2025-04-09,0,CVE-2024-6244,,,,,
52153,exploits/php/webapps/52153.NA,"PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)",2025-04-09,"Vuln Seeker Cybersecurity Team",webapps,php,,2025-04-09,2025-04-13,0,CVE-2024-6244,,,,,
8031,exploits/php/webapps/8031.pph,"Q-News 2.0 - Remote Command Execution",2009-02-10,Fireshot,webapps,php,,2009-02-09,2017-02-08,1,,,,,,
26600,exploits/php/webapps/26600.txt,"Q-News 2.0 - Remote File Inclusion",2005-11-26,[GB],webapps,php,,2005-11-26,2013-07-05,1,CVE-2005-3859;OSVDB-21137,,,,,https://www.securityfocus.com/bid/15576/info
16116,exploits/php/webapps/16116.txt,"Qcodo Development Framework 0.3.3 - Full Information Disclosure",2011-02-05,"Daniel Godoy",webapps,php,,2011-02-05,2011-02-05,1,,,,,,
@ -29076,7 +29076,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
52133,exploits/php/webapps/52133.txt,"Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)",2025-04-06,"Ilteris Kaan Pehlivan",webapps,php,,2025-04-06,2025-04-06,0,CVE-2024-9458,,,,,
43676,exploits/php/webapps/43676.txt,"Reservo Image Hosting Script 1.5 - Cross-Site Scripting",2018-01-17,"Dennis Veninga",webapps,php,,2018-01-17,2018-01-17,0,CVE-2018-5705,,,,,
48627,exploits/php/webapps/48627.txt,"Reside Property Management 3.0 - 'profile' SQL Injection",2020-06-30,"Behzad Khalifeh",webapps,php,,2020-06-30,2020-06-30,0,,,,,,
52150,exploits/php/webapps/52150.NA,"ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)",2025-04-09,"Jeremia Geraldi Sihombing",webapps,php,,2025-04-09,2025-04-09,0,CVE-2024-39143,,,,,
52150,exploits/php/webapps/52150.NA,"ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)",2025-04-09,"Jeremia Geraldi Sihombing",webapps,php,,2025-04-09,2025-04-13,0,CVE-2024-39143,,,,,
35541,exploits/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",webapps,php,,2014-12-15,2014-12-15,0,OSVDB-115821;OSVDB-115820;OSVDB-115819;OSVDB-115818,,,,,
46274,exploits/php/webapps/46274.txt,"ResourceSpace 8.6 - 'collection_edit.php' SQL Injection",2019-01-28,dd_,webapps,php,80,2019-01-28,2019-01-28,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comResourceSpace_8_6_12117.zip,
46308,exploits/php/webapps/46308.txt,"ResourceSpace 8.6 - 'watched_searches.php' SQL Injection",2019-02-04,dd_,webapps,php,80,2019-02-04,2019-02-05,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comResourceSpace_8_6_12117.zip,
@ -29182,7 +29182,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
8198,exploits/php/webapps/8198.pl,"RoomPHPlanning 1.6 - 'userform.php' Create Admin User",2009-03-10,"Jonathan Salwan",webapps,php,,2009-03-09,2016-12-02,1,,,,,http://www.exploit-db.comrp_1.6.zip,
8797,exploits/php/webapps/8797.txt,"roomphplanning 1.6 - Multiple Vulnerabilities",2009-05-26,"ThE g0bL!N",webapps,php,,2009-05-25,2016-12-02,1,OSVDB-62791;CVE-2009-4671;OSVDB-54772;CVE-2009-4670;OSVDB-54771;CVE-2009-4669;OSVDB-54770;OSVDB-54769,,,,http://www.exploit-db.comrp_1.6.zip,
51622,exploits/php/webapps/51622.txt,"RosarioSIS 10.8.4 - CSV Injection",2023-07-28,"Ranjeet Jaiswal",webapps,php,,2023-07-28,2023-07-31,1,CVE-2023-29918,,,,,
52169,exploits/php/webapps/52169.txt,"RosarioSIS 7.6 - SQL Injection",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-11,0,CVE-2021-44567,,,,,
52169,exploits/php/webapps/52169.txt,"RosarioSIS 7.6 - SQL Injection",2025-04-11,CodeSecLab,webapps,php,,2025-04-11,2025-04-13,0,CVE-2021-44567,,,,,
10793,exploits/php/webapps/10793.txt,"RoseOnlineCMS 3 B1 - 'admin' Local File Inclusion",2009-12-30,cr4wl3r,webapps,php,,2009-12-29,,1,OSVDB-61563;CVE-2009-4581,,,,,
11158,exploits/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Authentication Bypass",2010-01-16,cr4wl3r,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comRoseOnlineCMS_v3_b1.rar,
3548,exploits/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - 'op' Local File Inclusion",2007-03-23,GoLd_M,webapps,php,,2007-03-22,2016-09-30,1,OSVDB-38601;CVE-2007-1636,,,,http://www.exploit-db.comRoseOnlineCMS_v3_B1.rar,
@ -29201,7 +29201,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
20549,exploits/php/webapps/20549.py,"Roundcube Webmail 0.8.0 - Persistent Cross-Site Scripting",2012-08-16,"Shai rod",webapps,php,,2012-08-16,2012-08-16,1,CVE-2012-4668;CVE-2012-3508;OSVDB-85142;OSVDB-84741,,,,http://www.exploit-db.comroundcubemail-0.8.0.tar.gz,
39245,exploits/php/webapps/39245.txt,"Roundcube Webmail 1.1.3 - Directory Traversal",2016-01-15,"High-Tech Bridge SA",webapps,php,80,2016-01-15,2016-12-28,0,CVE-2015-8770;OSVDB-132194,,,,http://www.exploit-db.comroundcubemail-1.1.3-complete.tar.gz,https://www.htbridge.com/advisory/HTB23283
49510,exploits/php/webapps/49510.py,"Roundcube Webmail 1.2 - File Disclosure",2021-02-01,stonepresto,webapps,php,,2021-02-01,2021-02-01,0,,,,,,
52173,exploits/php/webapps/52173.txt,"Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)",2025-04-11,AmirZargham,webapps,php,,2025-04-11,2025-04-11,0,CVE-2024-37383,,,,,
52173,exploits/php/webapps/52173.txt,"Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)",2025-04-11,AmirZargham,webapps,php,,2025-04-11,2025-04-13,0,CVE-2024-37383,,,,,
39963,exploits/php/webapps/39963.txt,"Roxy Fileman 1.4.4 - Arbitrary File Upload",2016-06-16,"Tyrell Sassen",webapps,php,80,2016-06-16,2016-06-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.4-php.zip,
46172,exploits/php/webapps/46172.txt,"Roxy Fileman 1.4.5 - Arbitrary File Download",2019-01-16,"Ihsan Sencan",webapps,php,80,2019-01-16,2019-01-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip,
46085,exploits/php/webapps/46085.txt,"Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal",2019-01-07,"Pongtorn Angsuchotmetee_ Vittawat Masaree",webapps,php,80,2019-01-07,2019-01-07,0,CVE-2018-20526;CVE-2018-20525,Traversal,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip,
@ -31498,8 +31498,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
29704,exploits/php/webapps/29704.txt,"Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting",2007-02-26,CorryL,webapps,php,,2007-02-26,2013-11-19,1,CVE-2007-1291;OSVDB-33858,,,,,https://www.securityfocus.com/bid/22799/info
29705,exploits/php/webapps/29705.txt,"Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting",2007-02-26,CorryL,webapps,php,,2007-02-26,2013-11-19,1,CVE-2007-1291;OSVDB-33859,,,,,https://www.securityfocus.com/bid/22799/info
29703,exploits/php/webapps/29703.txt,"Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php?s' SQL Injection",2007-02-26,CorryL,webapps,php,,2007-02-26,2013-11-19,1,CVE-2007-1289;OSVDB-35817,,,,,https://www.securityfocus.com/bid/22799/info
52161,exploits/php/webapps/52161.go,"Typecho 1.3.0 - Race Condition",2025-04-10,cyberaz0r,webapps,php,,2025-04-10,2025-04-10,0,CVE-2024-35539,,,,,
52162,exploits/php/webapps/52162.go,"Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)",2025-04-10,cyberaz0r,webapps,php,,2025-04-10,2025-04-10,0,CVE-2024-35540,,,,,
52161,exploits/php/webapps/52161.go,"Typecho 1.3.0 - Race Condition",2025-04-10,cyberaz0r,webapps,php,,2025-04-10,2025-04-13,0,CVE-2024-35539,,,,,
52162,exploits/php/webapps/52162.go,"Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)",2025-04-10,cyberaz0r,webapps,php,,2025-04-10,2025-04-13,0,CVE-2024-35540,,,,,
49128,exploits/php/webapps/49128.txt,"TypeSetter 5.1 - CSRF (Change admin e-mail)",2020-12-01,"Alperen Ergel",webapps,php,,2020-12-01,2020-12-01,0,,,,,,
44028,exploits/php/webapps/44028.txt,"TypeSetter CMS 5.1 - 'Host' Header Injection",2018-02-13,"Navina Asrani",webapps,php,,2018-02-13,2018-02-13,0,CVE-2018-6889,,,,,
48852,exploits/php/webapps/48852.txt,"Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting",2020-10-01,"Alperen Ergel",webapps,php,,2020-10-01,2020-10-01,0,,,,,,
@ -34395,7 +34395,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
7074,exploits/php/webapps/7074.txt,"X10media Mp3 Search Engine 1.6 - Remote File Disclosure",2008-11-09,THUNDER,webapps,php,,2008-11-08,,1,OSVDB-49797;CVE-2008-6960,,,,,
8408,exploits/php/webapps/8408.txt,"X10media Mp3 Search Engine < 1.6.2 - Admin Access",2009-04-13,THUNDER,webapps,php,,2009-04-12,2017-01-02,1,,,,,,
28557,exploits/php/webapps/28557.txt,"X2CRM 3.4.1 - Multiple Vulnerabilities",2013-09-25,"High-Tech Bridge SA",webapps,php,80,2013-09-25,2013-09-25,0,CVE-2013-5693;CVE-2013-5692;OSVDB-97366;OSVDB-97365,,,,,https://www.htbridge.com/advisory/HTB23172
52098,exploits/php/webapps/52098.NA,"X2CRM 8.5 - Stored Cross-Site Scripting (XSS)",2025-03-27,"Okan Kurtulus",webapps,php,,2025-03-27,2025-03-27,0,CVE-2024-48120,,,,,
52098,exploits/php/webapps/52098.NA,"X2CRM 8.5 - Stored Cross-Site Scripting (XSS)",2025-03-27,"Okan Kurtulus",webapps,php,,2025-03-27,2025-04-13,0,CVE-2024-48120,,,,,
51346,exploits/php/webapps/51346.txt,"X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)",2023-04-08,"Betul Denizler",webapps,php,,2023-04-08,2023-04-08,0,CVE-2022-48177,,,,,
51345,exploits/php/webapps/51345.txt,"X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-04-08,"Betul Denizler",webapps,php,,2023-04-08,2023-04-08,0,CVE-2022-48178,,,,,
38323,exploits/php/webapps/38323.txt,"X2Engine 4.2 - Arbitrary File Upload",2015-09-25,Portcullis,webapps,php,80,2015-09-25,2015-09-25,0,CVE-2015-5074;OSVDB-128086,,,,http://www.exploit-db.comX2CRM-4.2.tar.gz,https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5074/
@ -35418,7 +35418,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
52001,exploits/typescript/webapps/52001.txt,"Flowise 1.6.5 - Authentication Bypass",2024-04-21,"Maerifat Majeed",webapps,typescript,,2024-04-21,2024-04-21,0,CVE-2024-31621,,,,,
51385,exploits/typescript/webapps/51385.txt,"FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)",2023-04-20,"Rodolfo Mariano",webapps,typescript,,2023-04-20,2023-04-20,0,,,,,,
51073,exploits/typescript/webapps/51073.txt,"Grafana <=6.2.4 - HTML Injection",2023-03-27,"SimranJeet Singh",webapps,typescript,,2023-03-27,2023-06-09,1,CVE-2019-13068,,,,,
52102,exploits/typescript/webapps/52102.py,"Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)",2025-03-28,VeryLazyTech,webapps,typescript,,2025-03-28,2025-03-28,0,CVE-2024-23692,,,,,
52102,exploits/typescript/webapps/52102.py,"Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)",2025-03-28,VeryLazyTech,webapps,typescript,,2025-03-28,2025-04-13,0,CVE-2024-23692,,,,,
19817,exploits/ultrix/dos/19817.txt,"Data General DG/UX 5.4 - inetd Service Exhaustion Denial of Service",2000-03-16,"The Unicorn",dos,ultrix,,2000-03-16,2012-07-14,1,OSVDB-83869,,,,,https://www.securityfocus.com/bid/1071/info
698,exploits/ultrix/local/698.c,"Ultrix 4.5/MIPS - dxterm 0 Local Buffer Overflow",2004-12-20,"Kristoffer Brånemyr",local,ultrix,,2004-12-19,,1,OSVDB-12626;CVE-2004-1326,,,,,
22068,exploits/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,dos,unix,,2002-12-04,2016-12-19,1,CVE-2002-2272;OSVDB-7394,,,,,https://www.securityfocus.com/bid/6320/info
@ -44380,7 +44380,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
38968,exploits/windows/remote/38968.txt,"Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)",2015-12-14,"Google Security Research",remote,windows,,2015-12-14,2015-12-14,1,CVE-2015-6132;OSVDB-131342;MS15-132,,,,,https://code.google.com/p/google-security-research/issues/detail?id=556
28198,exploits/windows/remote/28198.py,"Microsoft Office 2000/2002 - Property Code Execution",2006-07-11,anonymous,remote,windows,,2006-07-11,2013-09-10,1,CVE-2006-2389;OSVDB-27149,,,,,https://www.securityfocus.com/bid/18911/info
24526,exploits/windows/remote/24526.py,"Microsoft Office 2010 - Download Execute",2013-02-20,g11tch,remote,windows,,2013-02-20,2013-02-23,1,OSVDB-69085;CVE-2010-3333,,,http://www.exploit-db.com/screenshots/idlt25000/screen-shot-2013-02-20-at-92423-am.png,,
52113,exploits/windows/remote/52113.NA,"Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure",2025-04-03,"Metin Yunus Kandemir",remote,windows,,2025-04-03,2025-04-03,0,CVE-2024-38200,,,,,
52113,exploits/windows/remote/52113.NA,"Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure",2025-04-03,"Metin Yunus Kandemir",remote,windows,,2025-04-03,2025-04-13,0,CVE-2024-38200,,,,,
20122,exploits/windows/remote/20122.rb,"Microsoft Office SharePoint Server 2007 - Remote Code Execution (MS10-104) (Metasploit)",2012-07-31,Metasploit,remote,windows,8082,2012-07-31,2012-07-31,1,CVE-2010-3964;OSVDB-69817;MS10-104,"Metasploit Framework (MSF)",,,,http://www.zerodayinitiative.com/advisories/ZDI-10-287/
16537,exploits/windows/remote/16537.rb,"Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (MS09-043) (Metasploit)",2010-07-20,Metasploit,remote,windows,,2010-07-20,2016-10-27,1,CVE-2009-1136;OSVDB-55806;MS09-043,"Metasploit Framework (MSF)",,,,http://www.microsoft.com/technet/security/advisory/973472.mspx
9224,exploits/windows/remote/9224.py,"Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow",2009-07-21,"Ahmed Obied",remote,windows,,2009-07-20,2017-11-22,1,,,,,,

Can't render this file because it is too large.