exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Exploit-DB	f3649a641f	DB: 2023-10-10 24 changes to exploits/shellcodes/ghdb Minio 2022-07-29T19-40-48Z - Path traversal Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service Atcom 2.7.x.x - Authenticated Command Injection Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE) Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction OpenPLC WebServer 3 - Denial of Service Splunk 9.0.5 - admin account take over BoidCMS v2.0.0 - authenticated file upload vulnerability Cacti 1.2.24 - Authenticated command injection when using SNMP options Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Clcknshop 1.0.0 - SQL Injection Coppermine Gallery 1.6.25 - RCE Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) GLPI GZIP(Py3) 9.4.5 - RCE Limo Booking Software v1.0 - CORS Media Library Assistant Wordpress Plugin - RCE and LFI Online ID Generator 1.0 - Remote Code Execution (RCE) Shuttle-Booking-Software v1.0 - Multiple-SQLi Webedition CMS v2.9.8.8 - Blind SSRF WEBIGniter v28.7.23 File Upload - Remote Code Execution Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Wordpress Sonaar Music Plugin 4.7 - Stored XSS Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)	2023-10-10 00:16:32 +00:00
Exploit-DB	cb5c64da21	DB: 2023-06-01 13 changes to exploits/shellcodes/ghdb Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download Pydio Cells 4.1.2 - Server-Side Request Forgery Pydio Cells 4.1.2 - Unauthorised Role Assignments Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit) MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI) Faculty Evaluation System 1.0 - Unauthenticated File Upload Online Security Guards Hiring System 1.0 - Reflected XSS Online shopping system advanced 1.0 - Multiple Vulnerabilities Rukovoditel 3.3.1 - CSV injection SCRMS 2023-05-27 1.0 - Multiple SQL Injection Service Provider Management System v1.0 - SQL Injection Ulicms-2023.1-sniffing-vicuna - Privilege escalation unilogies/bumsys v1.0.3 beta - Unrestricted File Upload	2023-06-01 00:16:25 +00:00
Exploit-DB	d46ab98863	DB: 2023-04-06 32 changes to exploits/shellcodes/ghdb Answerdev 1.0.3 - Account Takeover D-Link DIR-846 - Remote Command Execution (RCE) vulnerability Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow ERPNext 12.29 - Cross-Site Scripting (XSS) Liferay Portal 6.2.5 - Insecure Permissions GNU screen v4.9.0 - Privilege Escalation Apache Tomcat 10.1 - Denial Of Service PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated) BTCPay Server v1.7.4 - HTML Injection. Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE) Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS) ImageMagick 7.1.0-49 - DoS bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS) Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS) Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS) CKEditor 5 35.4.0 - Cross-Site Scripting (XSS) Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) Froxlor 2.0.3 Stable - Remote Code Execution (RCE) ImageMagick 7.1.0-49 - Arbitrary File Read itech TrainSmart r1044 - SQL injection Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) PhotoShow 3.0 - Remote Code Execution projectSend r1605 - Remote Code Exectution RCE Responsive FileManager 9.9.5 - Remote Code Execution (RCE) zstore 6.6.0 - Cross-Site Scripting (XSS) Binwalk v2.3.2 - Remote Command Execution (RCE) XWorm Trojan 2.1 - Null Pointer Derefernce DoS Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution) Linux/x86_64 - bash Shellcode with xor encoding	2023-04-06 00:16:31 +00:00

Author

SHA1

Message

Date

Exploit-DB

f3649a641f

DB: 2023-10-10

24 changes to exploits/shellcodes/ghdb

Minio 2022-07-29T19-40-48Z - Path traversal

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Atcom 2.7.x.x - Authenticated Command Injection

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

OpenPLC WebServer 3 - Denial of Service

Splunk 9.0.5 - admin account take over

BoidCMS v2.0.0 - authenticated file upload vulnerability

Cacti 1.2.24 - Authenticated command injection when using SNMP options

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

Clcknshop 1.0.0 - SQL Injection

Coppermine Gallery 1.6.25 - RCE

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

GLPI GZIP(Py3) 9.4.5 - RCE

Limo Booking Software v1.0 - CORS

Media Library Assistant Wordpress Plugin - RCE and LFI

Online ID Generator 1.0 - Remote Code Execution (RCE)

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Webedition CMS v2.9.8.8 - Blind SSRF

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

2023-10-10 00:16:32 +00:00

Exploit-DB

cb5c64da21

DB: 2023-06-01

13 changes to exploits/shellcodes/ghdb

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
Pydio Cells 4.1.2 - Server-Side Request Forgery
Pydio Cells 4.1.2 - Unauthorised Role Assignments

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Online Security Guards Hiring System 1.0 - Reflected XSS

Online shopping system advanced 1.0 - Multiple Vulnerabilities

Rukovoditel 3.3.1 - CSV injection

SCRMS 2023-05-27 1.0 - Multiple SQL Injection

Service Provider Management System v1.0 - SQL Injection

Ulicms-2023.1-sniffing-vicuna - Privilege escalation

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

2023-06-01 00:16:25 +00:00

Exploit-DB

d46ab98863

DB: 2023-04-06

32 changes to exploits/shellcodes/ghdb

Answerdev 1.0.3 - Account Takeover

D-Link DIR-846 - Remote Command Execution (RCE) vulnerability

Dell EMC Networking PC5500 firmware versions 4.1.0.22 and  Cisco Sx / SMB - Information Disclosure

SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow

ERPNext 12.29 - Cross-Site Scripting (XSS)

Liferay Portal 6.2.5 - Insecure Permissions

GNU screen v4.9.0 - Privilege Escalation

Apache Tomcat 10.1 - Denial Of Service

PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

BTCPay Server v1.7.4 - HTML Injection.

Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

ImageMagick 7.1.0-49 - DoS

bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

Bus Pass Management System 1.0  - Stored Cross-Site Scripting (XSS)

Calendar Event Multi View  1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

Control Web Panel 7 (CWP7) v0.9.8.1147 -  Remote Code Execution (RCE)

Froxlor 2.0.3 Stable - Remote Code Execution (RCE)

ImageMagick 7.1.0-49 - Arbitrary File Read

itech TrainSmart r1044 - SQL injection

Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)

PhotoShow 3.0 - Remote Code Execution

projectSend r1605 - Remote Code Exectution RCE

Responsive FileManager 9.9.5 - Remote Code Execution (RCE)

zstore 6.6.0 - Cross-Site Scripting (XSS)

Binwalk v2.3.2 - Remote Command Execution (RCE)

XWorm Trojan 2.1 - Null Pointer Derefernce DoS

Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)

Linux/x86_64 - bash Shellcode with xor encoding

2023-04-06 00:16:31 +00:00

3 commits