Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

phpAnalyzer 2.0.4 Insecure Settings

Authored by indoushka phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation. Change Mirror Download ====================================================================================================================================| # Title : phpAnalyzer v2.0.4 Insecure Settings Vulnerability ...

Piyanas 0.1 Cross Site Request Forgery

Authored by indoushka Piyanas version 0.1 suffers from a cross site request forgery vulnerability. Change Mirror Download ====================================================================================================================================| # Title : Piyanas v0.1 User Login Page CSRF Vulnerability...

ProLogin 1.9 Insecure Direct Object Reference

Authored by indoushka ProLogin version 1.9 suffers from an insecure direct object reference vulnerability. Change Mirror Download ====================================================================================================================================| # Title : ProLogin V1.9 Insecure Direct Object Reference Vulnerability...

TerraMaster TOS 4.2.29 Remote Code Execution

Authored by h00die-gr3y, Octagon Networks, 0xf4n9x | Site metasploit.com This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing...

TerraMaster TOS 4.2.15 Remote Code Execution

Authored by n0tme, h00die-gr3y | Site metasploit.com This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable...

Oracle Weblogic PreAuth Remote Command Execution

Authored by Grant Willcox, 4ra1n, 14m3ta7k | Site metasploit.com Oracle Weblogic versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code...

MOVEit Transfer SQL Injection / Remote Code Execution

Authored by Horizon3 Attack Team | Site github.com This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that...

Xoops CMS 2.5.10 Cross Site Scripting

Authored by tmrswrr Xoops CMS version 2.5.10 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: Xoops CMS Version 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)# Date:...

BB Machine Forum 1.0 Cross Site Scripting

Authored by CraCkEr BB Machine Forum version 1.0 suffers from a cross site scripting vulnerability. Change Mirror Download ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ ...

LearnDesk 1.0 Cross Site Scripting

Authored by CraCkEr LearnDesk version 1.0 suffers from a cross site scripting vulnerability. Change Mirror Download ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ ...