Lucene search
K

3592 matches found

ATTACKERKB
ATTACKERKB
added 2021/07/27 12:0 a.m.73 views

CVE-2014-4114

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a...

9.3CVSS2.3AI score0.81628EPSS
In wildExploits22References11
Packet Storm
Packet Storm
added 2021/07/16 12:0 a.m.279 views

VMware ThinApp DLL Hijacking

A few months ago I disclosed IBMR Db2R Windows client DLL Hijacking Vulnerability0day I found: https://seclists.org/fulldisclosure/2021/Feb/73 In that post I mentioned the vulnerability did not get fully patched. After I told IBM on hackerone that I disclosed it, hackerone asked me to delete the...

0.2AI score0.00563EPSS
Exploits2
0day.today
0day.today
added 2021/05/04 12:0 a.m.33 views

Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution Vulnerabilities

Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 SQL Injection...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/04/29 12:0 a.m.37 views

NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME, 'password': PASSWOR...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/04/29 12:0 a.m.23 views

FOGProject 1.5.9 - File Upload Remote Code Execution (Authenticated) Vulnerability

Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Exploit Author: email protected Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file. dd...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/04/08 12:0 a.m.33 views

CMSimple 5.2 - (External) Stored XSS Vulnerability

Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/04/02 12:0 a.m.46 views

ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation Vulnerability

Exploit Title: ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: http://www.zblchina.com http://www.wd-thailand.com Vendor: Zhejiang BC&TV Technology Co., Ltd. ZBL | W&D Corporation WAD TECHNOLOGY THAILAND Product web page:...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/03/29 12:0 a.m.30 views

Project Expense Monitoring System 1.0 SQL Injection Vulnerability

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/03/24 12:0 a.m.37 views

Ovidentia 6 - (id) SQL injection (Authenticated) Vulnerability

Exploit Title: Ovidentia 6 - 'id' SQL injection Authenticated Exploit Author: Felipe Prates Donato m4ud Vendor Homepage: http://www.ovidentia.org Version: 6 DORK : "Powered by Ovidentia" http://Site/ovidentia/index.php?tg=delegat&idx=mem&id=1 UNION Select select...

0.7AI score
Exploits0
0day.today
0day.today
added 2021/03/23 12:0 a.m.20 views

Online Reviewer Management System 1.0 Shell Upload Vulnerability

Exploit Title: Online Reviewer Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/reviewer0.zip Version: 1.0 Tested on Windows 10 @attack request POST...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/03/23 12:0 a.m.23 views

WordPress Mapplic 6.1 SSRF / Cross Site Scripting Vulnerability

Title : Mapplic Wordpress Plugins Stored XSS Injection via SSRF Author : Eagle Eye Vendor Homepage : https://mapplic.com/ Version Affected : 6.1 and below Tested on : Google Chrome XSS Vuln from add/edit Map and bypass with host raw.githubusercontent.com 1.Login as user 2.Add Add/Edit Map - From...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/19 12:0 a.m.27 views

Online News Portal 1.0 - (name) SQL Injection Vulnerability

Exploit Title: Online News Portal 1.0 - 'name' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/03/19 12:0 a.m.24 views

Plone CMS 5.2.3 - (Title) Stored XSS Vulnerability

Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS Exploit Author: Piyush Patil Vendor Homepage: https://plone.com/ Software Link: https://github.com/plone/Products.CMFPlone/tags Version: 5.2.3 Tested on: Windows 10 Reference - https://github.com/plone/Products.CMFPlone/issues/3255 Steps to...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/19 12:0 a.m.91 views

LiveZilla Server 8.0.1.0 - (Accept-Language) Reflected XSS Vulnerability

Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version: LiveZilla Server 8.0.1...

6.1CVSS0.5AI score0.09052EPSS
Exploits4
0day.today
0day.today
added 2021/03/12 12:0 a.m.25 views

Monitoring System (Dashboard) 1.0 - uname SQL Injection Vulnerability

Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/03/03 12:0 a.m.19 views

Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - Blind & Error based SQL injection Authenticated Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/02 12:0 a.m.53 views

Concrete5 8.5.4 Cross Site Scripting Vulnerability

Exploit Title: Cross site scriptingXSS Author: nu11secur1ty Vendor: https://www.concrete5.org/download Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 Exploit Place - Navigate to entries directory...

4.8CVSS0.03008EPSS
Exploits5
0day.today
0day.today
added 2021/02/26 12:0 a.m.32 views

LightCMS 1.3.4 - (exclusive) Stored XSS Vulnerability

Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux CVE: CVE-2021-335...

5.4CVSS0.1AI score0.0725EPSS
Exploits4
0day.today
0day.today
added 2021/02/26 12:0 a.m.230 views

Zenphoto CMS 1.5.7 Shell Upload Vulnerability

Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...

7.2CVSS0.1AI score0.04722EPSS
Exploits3
0day.today
0day.today
added 2021/02/18 12:0 a.m.70 views

Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...

7.2CVSS7AI score0.06772EPSS
Exploits4
Rows per page
Query Builder