Ashiyane Digital Security Team

78 exploits Active since Jun 2005
CVE-2016-20054 EXPLOITDB MEDIUM html WORKING POC
Nodcms Cross Site Request Forgery via admin endpoints
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.
CVSS 4.3
CVE-2016-20055 EXPLOITDB HIGH text WRITEUP
IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
CVSS 7.8
CVE-2016-20053 EXPLOITDB MEDIUM html WORKING POC
Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.
CVSS 5.3
CVE-2016-20052 EXPLOITDB CRITICAL text WORKING POC
Snews CMS 1.7 Unrestricted File Upload via snews_files
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.
CVSS 9.8
CVE-2016-20051 EXPLOITDB MEDIUM html WORKING POC
Snews CMS 1.7 Cross-Site Request Forgery via changeup
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.
CVSS 5.3
EIP-2026-117695 EXPLOITDB text WRITEUP
NO-IP DUC 4.1.1 - Unquoted Service Path Privilege Escalation
EIP-2026-117115 EXPLOITDB text WRITEUP
EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation
EIP-2026-114630 EXPLOITDB text WRITEUP
Ziteman CMS - Login Page SQL Injection
EIP-2026-114294 EXPLOITDB text WRITEUP
WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload
EIP-2026-114305 EXPLOITDB text WORKING POC
WordPress Theme Antioch - 'download.php' Arbitrary File Download
EIP-2026-114108 EXPLOITDB text WRITEUP
WordPress Plugin Tagged Albums - 'id' SQL Injection
CVE-2013-3532 EXPLOITDB text WRITEUP
Spider Video Player 2.1 - SQL Injection via Theme Parameter
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.
CVE-2013-3530 EXPLOITDB text WRITEUP
Spiffy XSPF Player plugin 0.1 - SQL Injection via playlist_id Parameter
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
EIP-2026-114291 EXPLOITDB text WRITEUP
WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload
EIP-2026-114359 EXPLOITDB text WORKING POC
WordPress Theme Urban City - 'download.php' Arbitrary File Download
EIP-2026-114339 EXPLOITDB text WRITEUP
WordPress Theme Madebymilk - 'id' SQL Injection
EIP-2026-114325 EXPLOITDB text WRITEUP
WordPress Theme Epic - 'download.php' Arbitrary File Download
EIP-2026-114342 EXPLOITDB text WRITEUP
WordPress Theme Nest - 'codigo' SQL Injection
EIP-2026-114308 EXPLOITDB text WORKING POC
WordPress Theme Authentic - 'download.php' Arbitrary File Download
EIP-2026-114278 EXPLOITDB text WORKING POC
WordPress Plugin wpSS - 'ss_handler.php' SQL Injection
EIP-2026-114319 EXPLOITDB text WORKING POC
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
EIP-2026-114356 EXPLOITDB text WRITEUP
WordPress Theme Toolbox - 'mls' SQL Injection
CVE-2013-7187 EXPLOITDB text WRITEUP
FormCraft < 1.3.7 - SQL Injection via id Parameter
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-113760 EXPLOITDB text WORKING POC
WordPress Plugin FLV Player - 'id' SQL Injection
EIP-2026-113540 EXPLOITDB text WRITEUP
WordPress Plugin Ads Box - 'count' SQL Injection