Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Ecommerce 1.0 Cross Site Scripting / Open Redirect

0
Authored by nu11secur1ty Ecommerce version 1.0 suffers from cross site scripting and open redirection vulnerabilities. Change Mirror Download ## Title: Ecommerse-1.0 XSS-Reflected Hijack-credentials - JavaScript Injection## Author: nu11secur1ty## Date: 11.23.2022## Vendor: https://github.com/winston-dsouza##...

ZTE ZXHN-H108NS Authentication Bypass

0
Authored by George Tsimpidas ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged. Change Mirror Download # Exploit Title: Router ZTE-H108NS -...

Microsoft Outlook 2019 16.0.12624.20424 Out-Of-Bounds Read

0
Authored by Hangjun Go This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue...

Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution

0
Authored by Hangjun Go This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version...

Boa Web Server 0.94.13 / 0.94.14 Authentication Bypass

0
Authored by George Tsimpidas Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization...

Roxy Fileman 1.4.6 Remote Shell Upload

0
Authored by Hadi Mene Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit. advisories | CVE-2022-40797 Change Mirror Download # Exploit Title: Roxy Fileman <= 1.4.6 Arbitrary File Upload...

F5 BIG-IP iControl Cross Site Request Forgery

0
Authored by Ron Bowes | Site metasploit.com This Metasploit module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem....

ChurchInfo 1.2.13-1.3.0 Remote Code Execution

0
Authored by m4lwhere | Site metasploit.com This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a...

Backdoor.Win32.Serman.a MVID-2022-0659 Unauthenticated Open Proxy

0
Authored by malvuln | Site malvuln.com Backdoor.Win32.Serman.a malware suffers from an unauthenticated open proxy vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/f312e3a436995b86b205a1a37b1bf10f.txtContact: [email protected]: twitter.com/malvulnBackup...

Backdoor.Win32.Oblivion.01.a MVID-2022-0658 Insecure Transit

0
Authored by malvuln | Site malvuln.com Backdoor.Win32.Oblivion.01.a malware suffers from an insecure transit vulnerability due to sending passwords in the clear over the wire. Change Mirror Download Discovery / credits: Malvuln (John...