Lucene search
K

20 matches found

The Hacker News
The Hacker News
added 2026/01/30 11:30 a.m.10 views

Badges, Bytes and Blackmail

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/01 12:0 a.m.91 views

📄 Craft CMS Image Transform Pre-Authenticaton Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 3.x, 4.x, and 5.x prior to 5.6.17 via the image transform endpoint. It injects a PHP Meterpreter payload into the Craft session, then triggers its execution by abusing the Yii behavior...

10CVSS9.4AI score0.99803EPSS
Exploits14
The Hacker News
The Hacker News
added 2024/08/01 6:32 a.m.21 views

Facebook Ads Lead to Fake Websites Stealing Credit Card Information

Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future's Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.723 views

Jorani Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. This modul...

9.8CVSS8.2AI score0.81918EPSS
Exploits5
0day.today
0day.today
added 2020/05/12 12:0 a.m.70 views

Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...

0.1AI score0.0312EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/12 12:0 a.m.216 views

Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting

Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Date: 2020-04-16 Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...

5.4CVSS5.2AI score0.0312EPSS
Exploits4
exploitpack
exploitpack
added 2020/03/27 12:0 a.m.176 views

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

9CVSS0.6AI score0.99683EPSS
Exploits20
0day.today
0day.today
added 2020/03/03 12:0 a.m.127 views

Alfresco 5.2.4 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting Exploit Author: Romain LOISEL & Alexandre ZANNI https://pwn.by/noraj - Pentesters from Orange Cyberdefense France Vendor Homepage: https://www.alfresco.com/ Software Link:...

3.5CVSS5.8AI score0.0317EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/03/03 12:0 a.m.607 views

Alfresco 5.2.4 - Persistent Cross-Site Scripting

Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting Date: 2020-03-02 Exploit Author: Romain LOISEL & Alexandre ZANNI https://pwn.by/noraj - Pentesters from Orange Cyberdefense France Vendor Homepage: https://www.alfresco.com/ Software Link: https://www.alfresco.com/ecm-software Versio...

5.4CVSS5.5AI score0.0317EPSS
Exploits7
Kitploit
Kitploit
added 2020/02/19 8:30 p.m.79 views

Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies

RA pid B ig I P D ecoder What it is A CLI tool and library allowing to simply decode all kind of BigIP cookies. Features Support all 4 cookie formats CLI tool & library Hackable References Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/ Author Made by Alexandre ZANNI @noraj...

7.3AI score
Exploits0References3
0day.today
0day.today
added 2018/03/23 12:0 a.m.226 views

Wordpress Site Editor 1.1.1 Plugin - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for...

0.63102EPSS
Exploits7
exploitpack
exploitpack
added 2018/03/23 12:0 a.m.87 views

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1...

5CVSS7.7AI score0.63102EPSS
Exploits7
0day.today
0day.today
added 2018/03/20 12:0 a.m.73 views

WordPress Site Editor 1.1.1 Local File Inclusion Vulnerability

Exploit for php platform in category web applications Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for...

7.5AI score0.63102EPSS
Exploits7
Packet Storm
Packet Storm
added 2018/01/26 12:0 a.m.50 views

WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection

Product: WordPress Splashing Images Plugin - https://wordpress.org/plugins/wp-splashing-images/ Vendor: Studio Espresso Tested version: 2.1 CVE ID: CVE-2018-6194 :: CVE description :: A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the...

5.9AI score0.03741EPSS
Exploits3
0day.today
0day.today
added 2017/12/20 12:0 a.m.55 views

WordPress Custom Map 1.1 Cross Site Scripting Vulnerability

WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability. Product: Custom Map WordPress Plugin - https://wordpress.org/plugins/custom-map/ Vendor: webdesi9 Tested version: 1.1 CVE ID: CVE-2017-17744 CVE description A cross-site scripting XSS vulnerability in the...

4.3CVSS6.2AI score0.00938EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/12/20 12:0 a.m.70 views

WordPress Concours 1.1 Cross Site Scripting

Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/ Vendor: Olyos Tested version: 1.1 CVE ID: CVE-2017-17719 CVE description A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web...

6.4AI score0.00938EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/12/20 12:0 a.m.92 views

WordPress CSV Import-Export 1.1 Cross Site Scripting

Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/ Vendor: eSparkBiz Tested version: 1.1 CVE ID: CVE-2017-17753 CVE description Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote...

6.4AI score0.00845EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/12/20 12:0 a.m.86 views

WordPress Custom Map 1.1 Cross Site Scripting

Product: Custom Map WordPress Plugin - https://wordpress.org/plugins/custom-map/ Vendor: webdesi9 Tested version: 1.1 CVE ID: CVE-2017-17744 CVE description A cross-site scripting XSS vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web...

0.00938EPSS
Exploits3
0day.today
0day.today
added 2017/11/01 12:0 a.m.57 views

WordPress User Login History 1.5.2 Cross Site Scripting Vulnerability

WordPress User Login History plugin version 1.5.2 suffers from a cross site scripting vulnerability. Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/ Vendor: Er Faiyaz Alam Tested version: 1.5.2 CVE ID: CVE-2017-15867 CVE description Multiple...

4.3CVSS6.2AI score0.01041EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/10/31 12:0 a.m.90 views

WordPress User Login History 1.5.2 Cross Site Scripting

Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/ Vendor: Er Faiyaz Alam Tested version: 1.5.2 CVE ID: CVE-2017-15867 CVE description Multiple cross-site scripting XSS vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow...

6.5AI score0.01041EPSS
Exploits2
Rows per page
Query Builder