hyp3rlinx

260 exploits Active since Jun 2015
CVE-2015-6973 EXPLOITDB text WORKING POC
Ignite Realtime Openfire 3.10.2 - Cross-Site Request Forgery via Multiple Administrative Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.
EIP-2026-102514 EXPLOITDB text WORKING POC
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-102513 EXPLOITDB text WORKING POC
NXFilter 3.0.3 - Cross-Site Request Forgery
CVE-2017-10273 EXPLOITDB MEDIUM text WRITEUP
Oracle JDeveloper 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0 - Authenticated Path Traversal
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).
CVSS 4.7
EIP-2026-102490 EXPLOITDB text WORKING POC
JSPMyAdmin 1.1 - Multiple Vulnerabilities
CVE-2018-11742 EXPLOITDB CRITICAL python WORKING POC
NEC Univerge SV9100 WebPro 6.00.00 - Insufficiently Protected Credentials
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
CVSS 9.8
EIP-2026-102080 EXPLOITDB text WORKING POC
Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery
EIP-2026-101616 EXPLOITDB text WORKING POC
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
CVE-2017-15646 EXPLOITDB MEDIUM text WORKING POC
Webmin < 1.860 - Stored Cross-Site Scripting and Remote Code Execution via File Manager Download from Remote URL
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
CVSS 6.1
CVE-2015-8038 EXPLOITDB text WORKING POC
FortiManager < 5.2.3 - Cross-Site Scripting via sharedjobmanager or SOMServiceObjDialog
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.