Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Fastly Secret Disclosure

0
Authored by Andrey Stoykov Fastly suffers from the poor practice of sending a temporary password in plaintext. Change Mirror Download Correspondence from Fastly declined to comment regarding new discoveredvulnerabilities within their website.Poor...

Linux USB Use-After-Free

0
Authored by Jann Horn, Google Security Research Linux USB usbnet tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.

Apache Tomcat Privilege Escalation

0
Authored by h00die, Dawid Golunski | Site metasploit.com This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions...

Oracle DB Broken PDB Isolation / Metadata Exposure

0
Authored by Emad Al-Mousa Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different...

WordPress Profile Builder 3.9.0 Missing Authorization

0
Authored by Lana Codes | Site wordfence.com WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppb_toolbox_usermeta_handler(). advisories | CVE-2023-0814 Change Mirror Download Description: Profile Builder –...

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write

0
Authored by jheysel-r7, Zach Hanley, Gwendal Guegniaud | Site metasploit.com This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes...

Webpower UPS 5.53 Denial Of Service

0
Authored by Yehia Elghaly Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability. Change Mirror Download # Exploit Title: Webpower UPS v5.53 HTTP Denial of Service# Date: 2023-03-09# Exploit...

Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

0
Authored by Yehia Elghaly Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability. Change Mirror Download Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS)Date: 2023-03-09Exploit...

SugarCRM 12.x Remote Code Execution / Shell Upload

0
Authored by sw33t.0day | Site metasploit.com This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and...

Shopify Cross Site Scripting

0
Authored by Andrey Stoykov Shopify suffers from a cross site scripting vulnerability. Change Mirror Download Correspondence from Shopify declined to comment regarding new discoveredvulnerabilities within their website.Although 'frontend' vulnerabilities are considered out...