DaOne

23 exploits Active since Aug 2014
CVE-2012-10038 EXPLOITDB CRITICAL ruby WORKING POC
Auxilium RateMyPet - RCE
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
CVE-2012-10038 EXPLOITDB CRITICAL text WORKING POC
Auxilium RateMyPet - RCE
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
CVE-2012-10038 METASPLOIT CRITICAL ruby WORKING POC
Auxilium RateMyPet - RCE
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
EIP-2026-119382 EXPLOITDB perl WORKING POC
Ipswitch IMail 11.01 - Cross-Site Scripting
EIP-2026-114545 EXPLOITDB text WORKING POC
YourArcadeScript 2.4 - 'index.php?id' SQL Injection
EIP-2026-112951 EXPLOITDB html WORKING POC
VamCart 0.9 - Cross-Site Request Forgery
EIP-2026-112444 EXPLOITDB text WORKING POC
Stradus CMS 1.0beta4 - Multiple Vulnerabilities
EIP-2026-112211 EXPLOITDB text WORKING POC
Slash CMS - Multiple Vulnerabilities
EIP-2026-111849 EXPLOITDB html WORKING POC
RV Article Publisher - Cross-Site Request Forgery
EIP-2026-111850 EXPLOITDB html WORKING POC
RV Shopping Cart - Cross-Site Request Forgery
EIP-2026-111337 EXPLOITDB text WORKING POC
Pligg CMS 2.0.0rc2 - Cross-Site Request Forgery (File Creation)
EIP-2026-111280 EXPLOITDB text WRITEUP
Pinterest Clone Script - Multiple Vulnerabilities
EIP-2026-111281 EXPLOITDB text WRITEUP
Pinterestclones - Security Bypass / HTML Injection
EIP-2026-111553 EXPLOITDB text WORKING POC
ProQuiz 2.0.2 - Cross-Site Request Forgery
EIP-2026-110002 EXPLOITDB html WORKING POC
Nwahy Articles 2.2 - Cross-Site Request Forgery (Add Admin)
CVE-2014-1222 EXPLOITDB text WORKING POC
Vtiger Crm < 6.0.0 - Path Traversal
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
EIP-2026-108041 EXPLOITDB html WORKING POC
Jaow CMS 2.3 - Cross-Site Request Forgery
EIP-2026-107137 EXPLOITDB text WORKING POC
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion
EIP-2026-105947 EXPLOITDB text WORKING POC
Clipster Video - Persistent Cross-Site Scripting
EIP-2026-105934 EXPLOITDB html WORKING POC
Clipbucket 2.5 - Cross-Site Request Forgery
EIP-2026-105589 EXPLOITDB html WORKING POC
Booking System Pro - Cross-Site Request Forgery
EIP-2026-105326 EXPLOITDB text WRITEUP
AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection
EIP-2026-104919 EXPLOITDB text WORKING POC
AContent 1.3 - Local File Inclusion