L0RD

57 exploits Active since May 2018
CVE-2018-25368 EXPLOITDB HIGH python WORKING POC
Nord VPN 6.14.31 Denial of Service via Password Field
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.
CVSS 7.5
CVE-2018-25367 EXPLOITDB MEDIUM python WORKING POC
NASA openVSP 3.16.1 Denial of Service via Buffer Overflow
NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface.
CVSS 6.2
CVE-2018-25364 EXPLOITDB HIGH text WORKING POC
Twitter-Clone 1 SQL Injection via search.php
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.
CVSS 8.2
CVE-2018-25363 EXPLOITDB MEDIUM text WORKING POC
Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php
Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions.
CVSS 4.3
CVE-2018-25362 EXPLOITDB HIGH text WORKING POC
Twitter-Clone 1 SQL Injection via follow.php
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.
CVSS 8.2
CVE-2018-25354 EXPLOITDB MEDIUM html WORKING POC
Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.
CVSS 4.3
CVE-2018-25351 EXPLOITDB HIGH text WORKING POC
Joomla! Component EkRishta 2.10 SQL Injection via username
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
CVSS 8.2
CVE-2018-25343 EXPLOITDB MEDIUM html WORKING POC
Smartshop 1 Cross-Site Request Forgery via editprofile.php
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user.
CVSS 4.3
CVE-2018-25342 EXPLOITDB HIGH text WRITEUP
Smartshop 1 SQL Injection via search.php
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data.
CVSS 8.2
CVE-2018-25341 EXPLOITDB HIGH text WRITEUP
Smartshop 1 SQL Injection via product.php id Parameter
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names.
CVSS 8.2
CVE-2018-25340 EXPLOITDB HIGH text WRITEUP
Smartshop 1 SQL Injection via category.php
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.
CVSS 8.2
CVE-2018-25339 EXPLOITDB HIGH text WORKING POC
Zechat 1.5 SQL Injection via v parameter (time-based blind)
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data.
CVSS 8.2
CVE-2018-25338 EXPLOITDB HIGH text WORKING POC
Zechat 1.5 SQL Injection via hashtag parameter
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names.
CVSS 8.2
CVE-2018-25337 EXPLOITDB MEDIUM html WORKING POC
Joomla JoomOCShop 1.0 Cross-Site Request Forgery
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent.
CVSS 4.3
CVE-2018-25336 EXPLOITDB MEDIUM html WORKING POC
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.
CVSS 5.3
CVE-2018-25334 EXPLOITDB MEDIUM text WORKING POC
Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF protection, allowing for unauthorized changes to user data. This can be exploited by tricking a user into submitting a crafted form or by using a script to obtain and set the CSRF token.
CVSS 5.4
CVE-2018-11096 EXPLOITDB MEDIUM text WORKING POC
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
CVSS 6.5
EIP-2026-119590 EXPLOITDB text WORKING POC
Firefox 55.0.3 - Denial of Service (PoC)
EIP-2026-119594 EXPLOITDB text WORKING POC
Microsoft People 10.1807.2131.0 - Denial of service (PoC)
EIP-2026-113178 EXPLOITDB text WORKING POC
WampServer 3.0.6 - Cross-Site Request Forgery
EIP-2026-113195 EXPLOITDB text WORKING POC
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
EIP-2026-112817 EXPLOITDB text WORKING POC
TV - Video Subscription - Authentication Bypass SQL Injection
EIP-2026-112686 EXPLOITDB html WORKING POC
Timber 1.1 - Cross-Site Request Forgery
EIP-2026-112452 EXPLOITDB text WORKING POC
Student Profile Management System Script 2.0.6 - Authentication Bypass
EIP-2026-112483 EXPLOITDB text WORKING POC
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass