Rafael Pedrero - Security Researcher - Exploit Intelligence Platform

CVE-2018-18775 EXPLOITDB MEDIUM text WORKING POC

Microstrategy Web 7 - Cross-Site Scripting via Login.asp Msg Parameter

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.

CVSS 6.1

View Code

CVE-2018-19861 EXPLOITDB CRITICAL text WORKING POC

minishare < 1.4.1 - Remote Code Execution via Long HTTP HEAD Request

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.

CVSS 9.8

View Code

CVE-2018-19862 EXPLOITDB CRITICAL text WORKING POC

minishare < 1.4.1 - Remote Code Execution via Long HTTP POST Request

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.

CVSS 9.8

View Code

EIP-2026-117853 EXPLOITDB text WORKING POC

Resource Hacker v3.6.0.92 - Buffer overflow

View Code

EIP-2026-117205 EXPLOITDB text WORKING POC

Frhed (Free hex editor) v1.6.0 - Buffer overflow

View Code

EIP-2026-116329 EXPLOITDB python WORKING POC

SQLScan 1.0 - Denial of Service (PoC)

View Code

EIP-2026-116348 EXPLOITDB text WORKING POC

SuperMailer v11.20 - Buffer overflow DoS

View Code

EIP-2026-116330 EXPLOITDB python WORKING POC

SQLScan 1.0 - Denial of Service (PoC)

View Code

EIP-2026-116223 EXPLOITDB text WORKING POC

Scdbg 1.0 - Buffer overflow DoS

View Code

EIP-2026-115910 EXPLOITDB python WORKING POC

Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)

View Code

EIP-2026-115911 EXPLOITDB python WORKING POC

Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)

View Code

EIP-2026-115389 EXPLOITDB text WORKING POC

Hex Workshop v6.7 - Buffer overflow DoS

View Code

EIP-2026-115259 EXPLOITDB python WORKING POC

FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)

View Code

EIP-2026-115260 EXPLOITDB python WORKING POC

FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)

View Code

EIP-2026-114871 EXPLOITDB python WORKING POC

Advanced File Manager 3.4.1 - Denial of Service (PoC)

View Code

EIP-2026-114384 EXPLOITDB text WORKING POC

WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities

View Code

CVE-2019-8924 EXPLOITDB MEDIUM html WORKING POC

XAMPP <= 5.6.8 - Cross-Site Scripting via cds-fpdf.php interpret or titel Parameter

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.

CVSS 6.1

View Code

CVE-2019-9083 EXPLOITDB CRITICAL text WORKING POC

SQLiteManager 1.20 and 1.24 - SQL Injection via dbsel Parameter

SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.

CVSS 9.8

View Code

EIP-2026-110182 EXPLOITDB text WORKING POC

Online shopping system advanced 1.0 - Multiple Vulnerabilities

View Code

EIP-2026-108099 EXPLOITDB text WORKING POC

Job Portal 1.0 - File Upload Restriction Bypass

View Code

CVE-2018-18619 EXPLOITDB CRITICAL text WORKING POC

Advanced Comment System 1.0 - SQL Injection via Page Parameter

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.

CVSS 9.8

View Code

CVE-2019-8929 EXPLOITDB MEDIUM html WRITEUP

ManageEngine Netflow Analyzer 7.0.0.2 - Cross-Site Scripting via Device Selection

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.

CVSS 6.1

View Code

CVE-2018-18777 EXPLOITDB MEDIUM text WORKING POC

Microstrategy Web 7 - Authenticated Path Traversal via subpage Parameter

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.

CVSS 4.3

View Code

EIP-2026-102477 EXPLOITDB text WORKING POC

Desktop Central 9.1.0 - Multiple Vulnerabilities

View Code