smash - Security Researcher - Exploit Intelligence Platform

CVE-2014-6045 EXPLOITDB HIGH WORKING POC

phpmyfaq < 2.8.13 - Authenticated SQL Injection via Restore Function

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

CVSS 7.2

View Code

CVE-2014-6046 EXPLOITDB HIGH WORKING POC

phpmyfaq < 2.8.13 - Cross-Site Request Forgery

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.

CVSS 8.8

View Code

CVE-2014-6047 EXPLOITDB MEDIUM WORKING POC

phpmyfaq < 2.8.13 - Authenticated Arbitrary File Read via Attachment Download

phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.

CVSS 5.3

View Code

CVE-2014-6048 EXPLOITDB MEDIUM WORKING POC

phpmyfaq < 2.8.13 - Unauthenticated Arbitrary Attachment Read

phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.

CVSS 5.3

View Code

CVE-2014-6049 EXPLOITDB LOW WORKING POC

phpmyfaq < 2.8.13 - Authenticated Authorization Bypass via Instance ID Parameter

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.

CVSS 2.7

View Code

EIP-2026-114598 EXPLOITDB text WORKING POC

Zen Cart 1.5.3 - Multiple Vulnerabilities

View Code

EIP-2026-113008 EXPLOITDB text WORKING POC

vBulletin 5.1.x - Persistent Cross-Site Scripting

View Code

EIP-2026-111252 EXPLOITDB text WORKING POC

PhpWiki 1.5.4 - Multiple Vulnerabilities

View Code

EIP-2026-111358 EXPLOITDB text WORKING POC

Pluck CMS 4.7.3 - Multiple Vulnerabilities

View Code

CVE-2014-6050 EXPLOITDB MEDIUM text WORKING POC

phpmyfaq < 2.8.13 - CAPTCHA Bypass via Request Replay

phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.

CVSS 5.3

View Code

EIP-2026-110373 EXPLOITDB text WORKING POC

osCommerce 2.3.4 - Multiple Vulnerabilities

View Code

CVE-2014-9241 EXPLOITDB text WORKING POC

MyBB 1.8.x < 1.8.2 - Cross-Site Scripting via Report Type Parameter

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.

View Code

EIP-2026-105277 EXPLOITDB text WORKING POC

Atmail Webmail 7.2 - Multiple Vulnerabilities

View Code

EIP-2026-102384 EXPLOITDB text WORKING POC

Jenkins 1.626 - Cross-Site Request Forgery / Code Execution

View Code

EIP-2026-101688 EXPLOITDB text WORKING POC

Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities

View Code

EIP-2026-102075 EXPLOITDB text WRITEUP

TP-Link TL-WR841N / TL-WR841ND - Multiple Vulnerabilities

View Code

EIP-2026-102067 EXPLOITDB text WORKING POC

TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities

View Code

EIP-2026-101693 EXPLOITDB text WORKING POC

Edimax PS-1206MF - Web Admin Authentication Bypass

View Code