Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Purchase Order Management 1.0 Cross Site Scripting

Authored by nu11secur1ty Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Change Mirror Download ## Title: Purchase...

Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code

Authored by Jann Horn, Google Security Research Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions. advisories | CVE-2023-20937 Change Mirror Download Android: GKI...

Barracuda CloudGen WAN OS Command Injection

Authored by Stefan Viehbock | Site sec-consult.com Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual...

Packet Storm New Exploits For February, 2023

Authored by Todd J. | Site packetstormsecurity.com This archive contains all of the 82 exploits added to Packet Storm in February, 2023.

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

Authored by sf, HMs, l1k3beef | Site metasploit.com This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions...

Real Estate CRM Pro 5.7 SQL Injection

Authored by indoushka Real Estate CRM Pro from IT Ways version 5.7 appears to suffer from a remote SQL injection vulnerability that can allow for authentication bypass. Change Mirror Download ====================================================================================================================================| #...

Lucee Authenticated Scheduled Job Code Execution

Authored by Alexander Philiotis | Site metasploit.com This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for...

NetBSD hfslib_reada_node_offset Overflow

Authored by Erg Noor | Site github.com NetBSD hfslib_reada_node_offset local overflow proof of concept exploit.

WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting

Authored by fearzzzz WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from a cross site scripting vulnerability. Change Mirror Download ==== ============================================= ==Report Title: ...

Osprey Pump Controller 1.0.1 Cross Site Request Forgery

Authored by LiquidWorm | Site zeroscience.mk Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability. Change Mirror Download <!--Osprey Pump Controller 1.0.1 Cross-Site Request ForgeryVendor: ProPump and Controls,...