Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

WordPress ReviewX 1.6.13 Privilege Escalation

Authored by Lana Codes | Site wordfence.com WordPress ReviewX plugin versions 1.6.13 and below suffer from a privilege escalation vulnerability. advisories | CVE-2023-2833 Change Mirror Download Description: ReviewX <= 1.6.13 – Arbitrary Usermeta...

Pydio Cells 4.1.2 Privilege Escalation

Site redteam-pentesting.de Pydio Cells versions 4.1.2 and below suffer from a privilege escalation vulnerability. It allows users, by default, to create so-called external users in order to share files with...

Pydio Cells 4.1.2 Cross Site Scripting

Site redteam-pentesting.de Pydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to...

WBCE CMS 1.6.1 Cross Site Scripting

Authored by Mirabbas Agalarov WBCE CMS version 1.6.1 suffers from a cross site scripting vulnerability. Change Mirror Download Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)Version: 1.6.1Bugs: XSSTechnology:...

Zenphoto 1.6 Cross Site Scripting

Authored by Mirabbas Agalarov Zenphoto version 1.6 suffers from multiple persistent cross site scripting vulnerabilities. Change Mirror Download Exploit Title: Zenphoto 1.6 - Multiple stored XSSApplication: Zenphoto-1.6 xss pocVersion: 1.6 Bugs: ...

Ulicms 2023.1 Create Administrator

Authored by Mirabbas Agalarov Ulicms version 2023.1 create administrator user via mass assignment exploit. Change Mirror Download #Exploit Title: Ulicms 2023.1 - create admin user via mass assignment#Application: Ulicms#Version: 2023.1-sniffing-vicuna#Bugs: ...

SCM Manager 1.60 Cross Site Scripting

Authored by neg0x | Site github.com SCM Manager versions 1.2 through 1.60 suffer from a persistent cross site scripting vulnerability. advisories | CVE-2023-33829 Change Mirror Download #!/usr/bin/python3# Exploit Title: SCM Manager 1.60 -...

Seagate Central Storage 2015.0916 User Creation / Command Execution

Authored by Ege Balci | Site metasploit.com This Metasploit module exploits the broken access control vulnerability in Seagate Central External NAS Storage device. Subject product suffers several critical vulnerabilities such...

Camaleon CMS 2.7.0 Server-Side Template Injection

Authored by Parag Bagul Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability. advisories | CVE-2023-30145 Change Mirror Download Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)Exploit Author: PARAG...

Jobs Portal 3.6 Insecure Settings

Authored by indoushka Jobs Portal version 3.6 appears to leave default credentials installed after installation. Change Mirror Download ====================================================================================================================================| # Title : Jobs Portal V 3.6 Insecure Settings...