Touhid M.Shaikh - Security Researcher - Exploit Intelligence Platform

EIP-2026-113048 EXPLOITDB text WORKING POC

VehicleWorkshop - Authentication Bypass

View Code

EIP-2026-111297 EXPLOITDB text WORKING POC

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting

View Code

EIP-2026-111327 EXPLOITDB text WORKING POC

PlaySMS 1.4.3 - Template Injection / Remote Code Execution

View Code

EIP-2026-111326 EXPLOITDB text WORKING POC

PlaySMS 1.4 - Remote Code Execution

View Code

CVE-2017-9101 EXPLOITDB CRITICAL text WORKING POC

PlaySMS 1.4 - RCE

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.

CVSS 9.8

View Code

CVE-2019-6965 EXPLOITDB MEDIUM text WORKING POC

i-doit Open <1.12 - XSS

An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.

CVSS 6.1

View Code

EIP-2026-105929 EXPLOITDB ruby WORKING POC

ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)

View Code

EIP-2026-105928 EXPLOITDB ruby WORKING POC

ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)

View Code

CVE-2017-9101 EXPLOITDB CRITICAL ruby WORKING POC

PlaySMS 1.4 - RCE

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.

CVSS 9.8

View Code

CVE-2017-9080 EXPLOITDB HIGH ruby WORKING POC

PlaySMS 1.4 - RCE

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.

CVSS 8.8

View Code

CVE-2020-8644 EXPLOITDB CRITICAL ruby WORKING POC

PlaySMS <1.4.3 - XSS

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

CVSS 9.8

View Code

CVE-2017-1000119 EXPLOITDB HIGH ruby WORKING POC

October CMS <build 412 - Code Injection

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

CVSS 7.2

View Code

EIP-2026-103232 EXPLOITDB text WORKING POC

Tiny HTTPd 0.1.0 - Directory Traversal

View Code

EIP-2026-101857 EXPLOITDB text WRITEUP

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)

View Code