smash

18 exploits Active since Dec 2014
CVE-2014-6045 EXPLOITDB HIGH WORKING POC
Phpmyfaq < 2.8.13 - SQL Injection
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
CVSS 7.2
CVE-2014-6046 EXPLOITDB HIGH WORKING POC
Phpmyfaq < 2.8.13 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
CVSS 8.8
CVE-2014-6047 EXPLOITDB MEDIUM WORKING POC
phpMyFAQ <2.8.13 - Info Disclosure
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
CVSS 5.3
CVE-2014-6048 EXPLOITDB MEDIUM WORKING POC
Phpmyfaq < 2.8.13 - Information Disclosure
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
CVSS 5.3
CVE-2014-6049 EXPLOITDB LOW WORKING POC
Phpmyfaq < 2.8.13 - Improper Authorization
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
CVSS 2.7
EIP-2026-114598 EXPLOITDB text WORKING POC
Zen Cart 1.5.3 - Multiple Vulnerabilities
EIP-2026-113008 EXPLOITDB text WORKING POC
vBulletin 5.1.x - Persistent Cross-Site Scripting
EIP-2026-111252 EXPLOITDB text WORKING POC
PhpWiki 1.5.4 - Multiple Vulnerabilities
EIP-2026-111358 EXPLOITDB text WORKING POC
Pluck CMS 4.7.3 - Multiple Vulnerabilities
CVE-2014-6050 EXPLOITDB MEDIUM text WORKING POC
Phpmyfaq < 2.8.13 - Security Feature Bypass
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
CVSS 5.3
EIP-2026-110373 EXPLOITDB text WORKING POC
osCommerce 2.3.4 - Multiple Vulnerabilities
CVE-2014-9241 EXPLOITDB text WORKING POC
MyBB 1.8.x <1.8.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
EIP-2026-105277 EXPLOITDB text WORKING POC
Atmail Webmail 7.2 - Multiple Vulnerabilities
EIP-2026-102384 EXPLOITDB text WORKING POC
Jenkins 1.626 - Cross-Site Request Forgery / Code Execution
EIP-2026-101688 EXPLOITDB text WORKING POC
Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities
EIP-2026-102075 EXPLOITDB text WRITEUP
TP-Link TL-WR841N / TL-WR841ND - Multiple Vulnerabilities
EIP-2026-102067 EXPLOITDB text WORKING POC
TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities
EIP-2026-101693 EXPLOITDB text WORKING POC
Edimax PS-1206MF - Web Admin Authentication Bypass