Smash_

8 exploits Active since Dec 2014
CVE-2014-9240 EXPLOITDB WORKING POC
MyBB 1.8.x < 1.8.2 - SQL Injection via member.php question_id Parameter
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
EIP-2026-111252 EXPLOITDB text WORKING POC
PhpWiki 1.5.4 - Multiple Vulnerabilities
EIP-2026-111358 EXPLOITDB text WORKING POC
Pluck CMS 4.7.3 - Multiple Vulnerabilities
CVE-2014-9241 EXPLOITDB text WORKING POC
MyBB 1.8.x < 1.8.2 - Cross-Site Scripting via Report Type Parameter
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
EIP-2026-105277 EXPLOITDB text WORKING POC
Atmail Webmail 7.2 - Multiple Vulnerabilities
EIP-2026-102384 EXPLOITDB text WORKING POC
Jenkins 1.626 - Cross-Site Request Forgery / Code Execution
EIP-2026-101688 EXPLOITDB text WORKING POC
Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities
EIP-2026-101693 EXPLOITDB text WORKING POC
Edimax PS-1206MF - Web Admin Authentication Bypass