Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Bumsys Business Management System 1.0.3-beta Shell Upload

Authored by AFFAN AHMED Bumsys Business Management System version 1.0.3-beta suffers from a remote shell upload vulnerability. advisories | CVE-2023-0455 Change Mirror Download Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File UploadGoogle Dork...

Rukovoditel 3.3.1 CSV Injection

Authored by Mirabbas Agalarov Rukovoditel version 3.3.1 suffers from a CSV injection vulnerability. Change Mirror Download Exploit Title: Rukovoditel 3.3.1 - CSV injectionVersion: 3.3.1Bugs: CSV InjectionTechnology: PHPVendor URL: https://www.rukovoditel.net/Software Link: https://www.rukovoditel.net/download.phpDate...

Online Security Guards Hiring System 1.0 Cross Site Scripting

Authored by AFFAN AHMED Online Security Guards Hiring System version 1.0 suffers from a cross site scripting vulnerability. advisories | CVE-2023-0527 Change Mirror Download #Exploit Title: Online Security Guards Hiring System 1.0 –...

Pydio Cells 4.1.2 Server-Side Request Forgery

Site redteam-pentesting.de Pydio Cells versions 4.1.2 and below suffer from a server-side request forgery vulnerability. advisories | CVE-2023-32750 Change Mirror Download For longer running processes, Pydio Cells allows for the creation ofjobs, which...

Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens

Authored by Fabian Densborn | Site sec-consult.com Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token...

Wekan 6.74 Cross Site Scripting

Authored by Heiner Liesegang | Site sec-consult.com Wekan versions 6.74 and below suffer from a persistent cross site scripting vulnerability. advisories | CVE-2023-28485 Change Mirror Download SEC Consult Vulnerability Lab Security Advisory <...

Vaskar Courier 3.2.0 Insecure Settings

Authored by indoushka Vaskar Courier version 3.2.0 appears to leave default credentials installed after installation. Change Mirror Download ================================================================================| # Title : Vaskar Courier Version 3.2.0 Insecure Settings...

Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection

Authored by indoushka Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ========================================================================================| # Title : Apple Zeed ALL...

Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path

Authored by tmrswrr Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability. Change Mirror Download # Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 -'GamingServicesNet' Unquoted Service Path# Exploit Author: tmrswrr# Exploit Date:...

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Authored by Akash Pandey Lost and Found Information System version 1.0 allows a staff level user to adjust administrative controls. advisories | CVE-2023-3018 Change Mirror Download Vulnerability: Broken Access ControlAuthor: Akash PandeyCVE: CVE-2023-3018Source:https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html*Steps...