exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Exploit-DB	7ebfc36557	DB: 2025-04-17 24 changes to exploits/shellcodes/ghdb ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE) FLIR AX8 1.46.16 - Remote Command Injection ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF) Ethercreative Logs 3.0.3 - Path Traversal Garage Management System 1.0 (categoriesName) - Stored XSS Nagios Log Server 2024R1.3.1 - Stored XSS ProConf 6.0 - Insecure Direct Object Reference (IDOR) Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS) WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution Car Rental Project 1.0 - Remote Code Execution KodExplorer 4.52 - Open Redirect NagVis 1.9.33 - Arbitrary File Read phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS) phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames Smart Manager 8.27.0 - Post-Authenticated SQL Injection Zabbix 7.0.0 - SQL Injection Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE) Fortinet FortiOS_ FortiProxy_ and FortiSwitchManager 7.2.0 - Authentication bypass WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page	2025-04-17 00:16:29 +00:00
Exploit-DB	b905517ca9	DB: 2025-04-16 22 changes to exploits/shellcodes/ghdb Spring Boot common-user-management 0.1 - Remote Code Execution (RCE) ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE) ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS ABB Cylon Aspect 3.08.03 - Hard-coded Secrets Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE) IBMi Navigator 7.5 - HTTP Security Token Bypass IBMi Navigator 7.5 - Server Side Request Forgery (SSRF) Plane 0.23.1 - Server side request forgery (SSRF) ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS) ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated) OpenCMS 17.0 - Stored Cross Site Scripting (XSS) Really Simple Security 9.1.1.1 - Authentication Bypass Pymatgen 2024.1 - Remote Code Execution (RCE)	2025-04-16 00:16:24 +00:00

Author

SHA1

Message

Date

Exploit-DB

7ebfc36557

DB: 2025-04-17

24 changes to exploits/shellcodes/ghdb

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

Dell EMC iDRAC7/iDRAC8 2.52.52.52 -  Remote Code Execution (RCE)

FLIR AX8 1.46.16  - Remote Command Injection

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)

Ethercreative Logs 3.0.3 - Path Traversal

Garage Management System 1.0 (categoriesName) - Stored XSS

Nagios Log Server 2024R1.3.1 - Stored XSS

ProConf 6.0 -  Insecure Direct Object Reference (IDOR)

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php)  - File Write DoS
ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS
ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution

Car Rental Project 1.0 - Remote Code Execution

KodExplorer 4.52 - Open Redirect

NagVis 1.9.33 - Arbitrary File Read
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

Zabbix 7.0.0 - SQL Injection

Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)

Fortinet FortiOS_ FortiProxy_ and FortiSwitchManager 7.2.0 - Authentication bypass

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

2025-04-17 00:16:29 +00:00

Exploit-DB

b905517ca9

DB: 2025-04-16

22 changes to exploits/shellcodes/ghdb

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
IBMi Navigator 7.5 -  HTTP Security Token Bypass
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)

Plane 0.23.1 - Server side request forgery (SSRF)
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

Cacti 1.2.26 -  Remote Code Execution (RCE) (Authenticated)

OpenCMS 17.0 - Stored Cross Site Scripting (XSS)

Really Simple Security 9.1.1.1 - Authentication Bypass

Pymatgen 2024.1 - Remote Code Execution (RCE)

2025-04-16 00:16:24 +00:00

2 commits