3592 matches found
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel.c - Solaris/Intel 0day? LPE...
WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
The AIT CSV Import/Export plugin use exploit/multi/http/wpaitcsvrce msf exploitwpaitcsvrce show targets ...targets... msf exploitwpaitcsvrce set TARGET msf exploitwpaitcsvrce show options ...show and set options... msf exploitwpaitcsvrce exploit This module requires Metasploit:...
CVE-2020-16013
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as exploited in the wild as part of Google’s 2020...
CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as...
Adobe Acrobat Reader Silent PDF Exploit 0day
0day PDF Exploit. All Chrome, Edge, Opera, Firefox, Microsoft Internet Explorer, Yandex, tested. Running smoothly Latest version. Adobe Acrobat Reader Works Seamlessly with All Versions of DC Latest version. Windows 7, Windows 8, Windows 8.1, Windows 10 Tested Works in the latest versions. All Ma...
CVE-2020-10148 SolarWinds Orion API authentication bypass and RCE
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...
Google reveals unpatched 0day vulnerability in Microsoft’s API
By Sudais Asif Apparently, Microsoft released a patch to fix the vulnerability in June but it did not work the way it was supposed to and reminds unpatched to date. This is a post from HackRead.com Read the original post: Google reveals unpatched 0day vulnerability in Microsofts API...
Microsoft Office Word (2003/2007/2010/2013 +2016) Universal Silent 0day Exploit
Office 2016+2013+2010+2007+2003 versions are running smoothly. Combines your exe file with your word file. When word file is opened, your exe file opens quietly. This module exploits a stack buffer overflow in SCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted...
Google reveals details on active vulnerability affecting Windows 10, 7
By Waqas Google Project Zero has disclosed a Windows 0day vulnerability that lets attackers to escape Chrome sandboxes and run malware on Windows. This is a post from HackRead.com Read the original post: Google reveals details on active vulnerability affecting Windows 10, 7...
Facebook steal Group 0day Exploit
Exploit can steal facebook Group and delete the old administrator and create a new administrator...
(0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PNPSCADA 2.200816204020 - (interf) SQL Injection (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ----------------------...
(0Day) Horde Groupware Webmail Edition Collection portal_layout Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the portallayout parameter, the process does no...
CVE-2020-1571
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Setup Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at September 01,...
QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability
QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for...
Wordpress Maintenance Mode by SeedProd 5.1.1 Plugin - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson...
Online Shopping Alphaware 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Webtareas 2.1p - Arbitrary File Upload (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Webtareas 2.1p - Arbitrary File Upload Authenticated Author: AppleBois Exploit author : AppleBois Vendor Hompage:https://sourceforge.net/projects/webtareas/ Version: 2.1 && 2.1p Tested on: Window 10 64 bit environment || XAMPP...
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability
Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...
Infor Storefront B2B 1.0 - (usr_name) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Version...