exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Exploit-DB	a44e138f78	DB: 2024-04-03 28 changes to exploits/shellcodes/ghdb Casdoor < v1.331.0 - '/api/set-password' CSRF GL-iNet MT6000 4.5.5 - Arbitrary File Download Axigen < 10.5.7 - Persistent Cross-Site Scripting Blood Bank v1.0 - Stored Cross Site Scripting (XSS) CE Phoenix v1.0.8.20 - Remote Code Execution Daily Habit Tracker 1.0 - Broken Access Control Daily Habit Tracker 1.0 - SQL Injection Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS) E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS) Elementor Website Builder < 3.12.2 - Admin+ SQLi Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login) FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI) FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI) Gibbon LMS v26.0.00 - SSTI vulnerability Hospital Management System v1.0 - Stored Cross Site Scripting (XSS) LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated) Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) OpenCart Core 4.0.2.3 - 'search' SQLi Petrol Pump Management Software v1.0 - Remote Code Execution (RCE) Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal Smart School 6.4.1 - SQL Injection Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated) ASUS Control Center Express 01.06.15 - Unquoted Service Path Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path	2024-04-03 00:16:27 +00:00

Author

SHA1

Message

Date

Exploit-DB

a44e138f78

DB: 2024-04-03

28 changes to exploits/shellcodes/ghdb

Casdoor < v1.331.0 - '/api/set-password' CSRF

GL-iNet MT6000 4.5.5 - Arbitrary File Download

Axigen < 10.5.7 - Persistent Cross-Site Scripting

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

CE Phoenix v1.0.8.20 - Remote Code Execution
Daily Habit Tracker 1.0 - Broken Access Control
Daily Habit Tracker 1.0 - SQL Injection
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

Elementor Website Builder < 3.12.2 - Admin+ SQLi
Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection
Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login)
FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Gibbon LMS v26.0.00 - SSTI vulnerability

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

OpenCart Core 4.0.2.3 - 'search' SQLi

Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

Smart School 6.4.1 - SQL Injection

Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

ASUS Control Center Express 01.06.15 - Unquoted Service Path

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

2024-04-03 00:16:27 +00:00

1 commit