Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

WordPress Smart Product Review 1.0.4 Shell Upload

0
Authored by Keyvan Hardani WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability. Change Mirror Download # Exploit Title: Wordpress Plugin Smart Product Review 1.0.4...

SuiteCRM 7.11.18 Remote Code Execution

0
Authored by M. Cory Billington | Site metasploit.com This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly...

Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free

0
Authored by Jann Horn, Google Security Research Linux suffered from a use-after-free read vulnerability related to an SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()). This has been addressed in...

Apache Storm Nimbus 2.2.0 Command Execution

0
Authored by Spencer McIntyre, Alvaro Munoz | Site metasploit.com This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method...

Online Reviewer System 2.4.0 SQL Injection

0
Authored by nu11secur1ty Online Reviewer System version 2.4.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## (https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html)## (https://www.sourcecodester.com/users/janobe)## Description:The password parameter appears of the Online Reviewer System 1.0 to...

CMDBuild 3.3.2 Cross Site Scripting

0
Authored by Hosein Vita CMDBuild version 3.3.2 suffers from cross site scripting vulnerabilities. Change Mirror Download # Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)# Date: 15/11/2021# Exploit Author: Hosein...

KONGA 0.14.9 Privilege Escalation

0
Authored by Paulo Trindade, Fabricio Salomao KONGA version 0.14.9 suffers from a privilege escalation vulnerability. Change Mirror Download # Exploit Title: KONGA 0.14.9 - Privilege Escalation# Date: 10/11/2021# Exploit Author: Fabricio Salomao...

WordPress Contact Form To Email 1.3.24 Cross Site Scripting

0
Authored by Mohammed Aadhil Ashfaq WordPress Contact Form to Email plugin version 1.3.24 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: WordPress Plugin Contact Form to...

Simple Subscription Website 1.0 SQL Injection

0
Authored by Daniel Haro Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. advisories | CVE-2021-43140 Change Mirror Download # Exploit Title: Simple Subscription Website...

Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download

0
Authored by Rizal Muhammed Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit. advisories | CVE-2021-38146 Change Mirror Download # Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File...