Mr Winst0n - Security Researcher - Exploit Intelligence Platform

CVE-2018-25262 EXPLOITDB MEDIUM python WORKING POC

Angry IP Scanner for Linux 3.5.3 Denial of Service

Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash.

CVSS 6.2

View Code

CVE-2019-25683 EXPLOITDB MEDIUM text WORKING POC

FileZilla 3.40.0 Denial of Service via Local Search

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.

CVSS 6.2

View Code

CVE-2019-25682 EXPLOITDB MEDIUM text WORKING POC

CMSsite 1.0 Cross-Site Request Forgery via users.php

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.

CVSS 4.3

View Code

CVE-2019-25680 EXPLOITDB HIGH text WORKING POC

Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.

CVSS 8.2

View Code

CVE-2019-25676 EXPLOITDB HIGH text WORKING POC

Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information.

CVSS 8.2

View Code

CVE-2019-25674 EXPLOITDB HIGH text WORKING POC

CMSsite 1.0 SQL Injection via post Parameter

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perform time-based blind SQL injection attacks.

CVSS 8.2

View Code

CVE-2019-25668 EXPLOITDB HIGH text WORKING POC

News Website Script 2.0.5 SQL Injection via index.php

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.

CVSS 8.2

View Code

CVE-2019-25445 EXPLOITDB MEDIUM text WORKING POC

Fiverr Clone Script 1.2.2 - XSS

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript in users' browsers.

CVSS 6.1

View Code

CVE-2019-25444 EXPLOITDB CRITICAL text WORKING POC

Fiverr Clone Script 1.2.2 - SQL Injection

Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents.

CVSS 9.1

View Code

EIP-2026-114028 EXPLOITDB text WORKING POC

WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting

View Code

EIP-2026-112124 EXPLOITDB text WORKING POC

Simple Online Hotel Reservation System - SQL Injection

View Code

EIP-2026-112123 EXPLOITDB html WORKING POC

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

View Code

EIP-2026-112122 EXPLOITDB html WORKING POC

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)

View Code

EIP-2026-110691 EXPLOITDB text WORKING POC

PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection

View Code

EIP-2026-110213 EXPLOITDB text WORKING POC

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

View Code

EIP-2026-110214 EXPLOITDB text WRITEUP

OOP CMS BLOG 1.0 - Multiple SQL Injection

View Code

EIP-2026-108211 EXPLOITDB text WORKING POC

Joomla! Component ARI Quiz 3.7.4 - SQL Injection

View Code

EIP-2026-108725 EXPLOITDB text WORKING POC

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

View Code

EIP-2026-106340 EXPLOITDB text WORKING POC

Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)

View Code