Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

0
Authored by Hosein Vita PHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities. Change Mirror Download # Exploit Title: PHP Laravel 8.70.1 - Cross Site...

WordPress WPSchoolPress 2.1.16 Cross Site Scripting

0
Authored by Davide Taraschi WordPress WPSchoolPress plugin version 2.1.16 suffers from cross site scripting vulnerabilities. advisories | CVE-2021-24664 Change Mirror Download # Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting...

WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting

0
Authored by Murat Demirci WordPress AccessPress Social Icons plugin version 1.8.2 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 -...

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution

0
Authored by Erik Wynter, Erik de Jong | Site metasploit.com This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older...

Fuel CMS 1.4.13 SQL Injection

0
Authored by Rahad Chowdhury Fuel CMS version 1.4.13 suffers from a remote blind SQL injection vulnerability. Change Mirror Download # Exploit Title: Fuel CMS 1.4.13 - 'col' Parameter Blind SQL Injection(Authenticated)# Date:...

Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection

0
Authored by Jerry Toh, Edmund Ong Talariax sendQuick Alertplus Server Admin version 4.3 suffers from a vulnerability that allows an authenticated user to perform error-based SQL injection via unsanitized form...

YeaLink SIP-TXXXP 53.84.0.15 Command Injection

0
Authored by tahaafarooq YeaLink SIP-TXXXP version 53.84.0.15 suffers from a remote command injection vulnerability. Change Mirror Download # Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)# Date: 11-10-2021# Exploit Author:...

AbsoluteTelnet 11.24 Denial Of Service

0
Authored by Yehia Elghaly AbsoluteTelnet version 11.24 suffers from multiple denial of service vulnerabilities. Change Mirror Download # Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)# Discovered by: Yehia Elghaly#...

Apache HTTP Server 2.4.50 Remote Code Execution

0
Authored by Valentin Lobstein, Lucas Schnell This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit. advisories | CVE-2021-41773, CVE-2021-42013 Change Mirror Download # Exploit Title: Apache HTTP...

Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation

0
Authored by James Forshaw, Google Security Research The WSAQuerySocketSecurity API returns full anonymous impersonation tokens for connected peers in an AppContainer leading to a sandbox escape. advisories | CVE-2021-40476