TaurusOmar

25 exploits Active since Sep 2011
CVE-2021-47963 EXPLOITDB HIGH javascript WORKING POC
Anote 1.0 Persistent Cross-Site Scripting Remote Code Execution
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands when opened, enabling remote code execution on the victim's computer.
CVSS 7.2
EIP-2026-120685 EXPLOITDB WORKING POC
LuaJIT 2.1.1774638290 - Arbitrary Code Execution
CVE-2014-1004 EXPLOITDB python WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9456. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9456 instead of this candidate
CVE-2014-1137 EXPLOITDB WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9445, CVE-2014-9581, or CVE-2014-9582 instead of this candidate
CVE-2014-1137 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9445, CVE-2014-9581, or CVE-2014-9582 instead of this candidate
CVE-2021-47844 EXPLOITDB MEDIUM javascript WORKING POC
Xmind 2020 - Stored Cross-Site Scripting via Malicious Mind Mapping File
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
CVSS 6.1
CVE-2021-47843 EXPLOITDB MEDIUM javascript WORKING POC
Tagstoo 2.0.1 - Stored Cross-Site Scripting via File or Custom Tag Injection
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer.
CVSS 5.4
CVE-2021-47842 EXPLOITDB HIGH javascript WORKING POC
StudyMD 0.3.2 - Stored Cross-Site Scripting via Markdown File Upload
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
CVSS 7.2
CVE-2021-47841 EXPLOITDB MEDIUM javascript WORKING POC
SnipCommand 0.1.0 - Stored Cross-Site Scripting via File or Title Input
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.
CVSS 6.1
CVE-2021-47840 EXPLOITDB HIGH javascript WORKING POC
Moeditor 0.2.0 - Stored Cross-Site Scripting via Markdown File Upload
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
CVSS 7.2
CVE-2021-47839 EXPLOITDB HIGH javascript WORKING POC
Marky 0.0.1 - Stored Cross-Site Scripting via Crafted Markdown File Upload
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
CVSS 7.2
CVE-2021-47838 EXPLOITDB HIGH javascript WORKING POC
Markright 1.0 - Stored Cross-Site Scripting via Crafted Markdown Files
Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.
CVSS 7.2
CVE-2021-47837 EXPLOITDB HIGH javascript WORKING POC
Markdownify 1.2.0 - Stored Cross-Site Scripting via Crafted Markdown File Upload
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.
CVSS 7.2
CVE-2021-47836 EXPLOITDB MEDIUM javascript WORKING POC
Markdown Explorer 0.1.1 - Stored Cross-Site Scripting via File Upload
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host.
CVSS 6.1
CVE-2021-47835 EXPLOITDB HIGH javascript WORKING POC
Freeter 1.2.1 - Stored Cross-Site Scripting via Custom Widget Titles and Files
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
CVSS 7.2
CVE-2014-9581 EXPLOITDB text WORKING POC
Codiad 2.4.3 - Path Traversal via File Manager Download Path Parameter
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2014-9580 EXPLOITDB text WRITEUP
ProjectSend r561 - Stored Cross-Site Scripting via File Upload Description Field
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.
CVE-2011-3713 EXPLOITDB text WRITEUP
cFTP r80 - Exposure of Sensitive Information via Direct PHP File Request
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files.
CVE-2014-9456 EXPLOITDB python WORKING POC
Notepad++ 6.6.9 - Buffer Overflow via Long Time Attribute in XML Event Element
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.
CVE-2014-1155 EXPLOITDB text WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9580. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9580 instead of this candidate
CVE-2014-1470 EXPLOITDB text WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2388. Reason: This candidate is a reservation duplicate of CVE-2014-2388. Notes: All CVE users should reference CVE-2014-2388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2014-2239 EXPLOITDB text WRITEUP
Lazarus Guestbook 1.22 - Multiple Vulnerabilities
CVE-2014-9445 EXPLOITDB text WRITEUP
Installatron GQ File Manager 0.2.5 - SQL Injection
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2014-9582 EXPLOITDB text WORKING POC
Codiad 2.4.3 - Cross-Site Scripting via Filemanager Rename Short Name Parameter
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
EIP-2026-102287 EXPLOITDB text WRITEUP
Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting