Andrey Stoykov

17 exploits Active since Jun 2024
CVE-2023-53978 EXPLOITDB MEDIUM text WORKING POC
MyBB Forums 1.8.26 - Authenticated Stored Cross-Site Scripting via Forum Announcement Title
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.
CVSS 5.4
CVE-2023-53977 EXPLOITDB MEDIUM text WORKING POC
MyBB Forums 1.8.26 - Authenticated Stored Cross-Site Scripting via Forum Title Field
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when adding new forums through the 'Forums and Posts' > 'Forum Management' interface, causing arbitrary JavaScript to execute when the forum listing is viewed.
CVSS 5.4
CVE-2023-53976 EXPLOITDB MEDIUM text WORKING POC
myBB 1.8.26 - Authenticated Stored Cross-Site Scripting in Template Title Field
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.
CVSS 5.4
CVE-2022-50806 EXPLOITDB HIGH text WORKING POC
4images 1.9 - Authenticated Remote Code Execution via Template Editing and Categories Endpoint
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.
CVSS 7.2
CVE-2020-37147 EXPLOITDB HIGH text WRITEUP
ATutor 2.2.4 - Authenticated SQL Injection via Admin User Deletion ID Parameter
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admin_delete.php script to potentially extract or modify database information.
CVSS 7.1
CVE-2020-37095 EXPLOITDB CRITICAL python WORKING POC
Cyberoam Authentication Client <2.1.2.7 - RCE
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.
CVSS 9.8
EIP-2026-117967 EXPLOITDB python WORKING POC
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
EIP-2026-117968 EXPLOITDB python WORKING POC
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
EIP-2026-118174 EXPLOITDB text WORKING POC
XAMPP 8.2.4 - Unquoted Path
CVE-2024-6039 EXPLOITDB MEDIUM WRITEUP
Feng Office 3.11.1.2 - SQL Injection via Workspaces Component
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.
CVSS 6.3
EIP-2026-107034 EXPLOITDB text WRITEUP
Faculty Evaluation System v1.0 - SQL Injection
EIP-2026-105988 EXPLOITDB text WORKING POC
CMS Made Simple 2.2.15 - RCE (Authenticated)
EIP-2026-105581 EXPLOITDB text WORKING POC
BoltWire 6.03 - Local File Inclusion
EIP-2026-105328 EXPLOITDB text WORKING POC
Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)
EIP-2026-104848 EXPLOITDB text WORKING POC
4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
EIP-2026-104431 EXPLOITDB text WORKING POC
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
EIP-2026-100641 EXPLOITDB text WORKING POC
BlogEngine 3.3.8 - 'Content' Stored XSS