exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Exploit-DB	0a7adaa3fc	DB: 2023-05-24 40 changes to exploits/shellcodes/ghdb Optoma 1080PSTX Firmware C02 - Authentication Bypass Screen SFT DAB 600/C - Authentication Bypass Account Creation Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Screen SFT DAB 600/C - Authentication Bypass Erase Account Screen SFT DAB 600/C - Authentication Bypass Password Change Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx) PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Apache Superset 2.0.0 - Authentication Bypass FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting) PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE) Affiliate Me Version 5.0.1 - SQL Injection Best POS Management System v1.0 - Unauthenticated Remote Code Execution Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated) ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated) CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting) e107 v2.3.2 - Reflected XSS File Thingie 2.5.7 - Remote Code Execution (RCE) GetSimple CMS v3.3.16 - Remote Code Execution (RCE) LeadPro CRM v1.0 - SQL Injection PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS) Prestashop 8.0.4 - CSV injection Quicklancer v1.0 - SQL Injection SitemagicCMS 4.4.3 - Remote Code Execution (RCE) Smart School v1.0 - SQL Injection Stackposts Social Marketing Tool v1.0 - SQL Injection thrsrossi Millhouse-Project 1.414 - Remote Code Execution TinyWebGallery v2.5 - Remote Code Execution (RCE) WBiz Desk 1.2 - SQL Injection Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS) WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking MobileTrans 4.0.11 - Weak Service Privilege Escalation Trend Micro OfficeScan Client 10.0 - ACL Service LPE eScan Management Console 14.0.1400.2281 - Cross Site Scripting eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)	2023-05-24 00:16:34 +00:00

Author

SHA1

Message

Date

Exploit-DB

0a7adaa3fc

DB: 2023-05-24

40 changes to exploits/shellcodes/ghdb

Optoma 1080PSTX Firmware C02 - Authentication Bypass
Screen SFT DAB 600/C - Authentication Bypass Account Creation
Screen SFT DAB 600/C - Authentication Bypass Admin Password Change
Screen SFT DAB 600/C - Authentication Bypass Erase Account
Screen SFT DAB 600/C - Authentication Bypass Password Change
Screen SFT DAB 600/C - Authentication Bypass Reset Board Config
Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Apache Superset 2.0.0 - Authentication Bypass

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

Affiliate Me Version 5.0.1 - SQL Injection

Best POS Management System v1.0 - Unauthenticated Remote Code Execution

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

e107 v2.3.2 - Reflected XSS

File Thingie 2.5.7 - Remote Code Execution (RCE)

GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

LeadPro CRM v1.0 - SQL Injection

PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

Prestashop 8.0.4 - CSV injection

Quicklancer v1.0 - SQL Injection

SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

Smart School v1.0 - SQL Injection

Stackposts Social Marketing Tool v1.0 - SQL Injection

thrsrossi Millhouse-Project 1.414 - Remote Code Execution

TinyWebGallery v2.5 - Remote Code Execution (RCE)

WBiz Desk 1.2 - SQL Injection

Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

MobileTrans  4.0.11 - Weak Service Privilege Escalation

Trend Micro OfficeScan Client 10.0 - ACL Service LPE
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

2023-05-24 00:16:34 +00:00

1 commit