Lucene search
+L

489 matches found

packetstorm
packetstorm
added 2020/06/15 12:0 a.m.833 views

PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection

Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 import sys import requests impo...

Exploits0
osv
osv
added 2020/06/09 12:0 a.m.4 views

UBUNTU-CVE-2020-12398

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...

7.5CVSS7.1AI score0.00976EPSS
Exploits0References4
packetstorm
packetstorm
added 2020/06/04 12:0 a.m.310 views

Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection

!/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: 2.5.18103 2.0 1.0 Summary: CAYIN xPost is the web-based application software, which offers a combinatio...

0.6AI score
Exploits0
exploitdb
exploitdb
added 2020/06/04 12:0 a.m.421 views

Cayin Digital Signage System xPost 2.5 - Remote Command Injection

Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...

7AI score
Exploits0
gitee
gitee
added 2020/05/25 3:21 p.m.4 views

Exploit for CVE-2020-11651

CVE-2020-11651 is a proof-of-concept PoC exploit for a vulnerability in the SaltStack master. The exploit is designed to obtain pre-auth RCE Remote Code Execution on a SaltStack master and all associated minions. The vulnerability is not explicitly stated in the provided code, but it is likely...

9.8CVSS8.1AI score0.96405EPSS
Exploits24
githubexploit
githubexploit
added 2020/05/24 3:44 p.m.297 views

Exploit for Incorrect Authorization in Qnap Photo_Station

QNAP Pre-Auth Root RCE CVE-2019-7192 CVE-2019-7195 Exploit...

9.8CVSS9.6AI score0.89681EPSS
Exploits10
githubexploit
githubexploit
added 2020/05/21 9:14 a.m.149 views

Exploit for Incorrect Authorization in Qnap Photo_Station

QNAP Pre-Auth Root RCE CVE-2019-7192 CVE-2019-7195 Checker...

10CVSS9.6AI score0.89681EPSS
Exploits12
attackerkb
attackerkb
added 2020/04/27 12:0 a.m.1016 views

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...

10CVSS9.5AI score0.99999EPSS
In wildExploits49References6
nvd
nvd
added 2020/04/01 5:15 p.m.24 views

CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...

10CVSS9.8AI score0.02601EPSS
Exploits0References1
packetstorm
packetstorm
added 2020/03/15 12:0 a.m.155 views

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution

Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Multiple vulnerabilities found in Zyxel CNM SecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html === text-version of the advisory ===...

0.1AI score
Exploits0
canvas
canvas
added 2020/03/12 4:15 p.m.1072 views

Immunity Canvas: SMBGHOST

Name| SMBGHOST ---|--- CVE| CVE-2020-0796-1 Exploit Pack| CANVAS Description| SMBGHOST Notes| CVE Name: CVE-2020-0796 VENDOR: Microsoft NOTES: some notes here VersionsAffected: VERSIONS Repeatability: None References:...

7.5CVSS9.2AI score0.9981EPSS
Exploits125
attackerkb
attackerkb
added 2020/03/02 12:0 a.m.35 views

Liferay CE 6.0.2 Java Deserialization

Liferay CE 6.0.2 remote code execution via unsafe deserialization Recent assessments: theguly at March 02, 2020 5:11pm UTC reported: on 29th of january 2020 this github1 repo came up, with some newsfeed, speakin about a RCE via deserialization on Liferay 6.0.2 i’m aware that liferay is widely use...

9.8CVSS1.1AI score0.45653EPSS
Exploits1References2
prion
prion
added 2020/02/11 12:15 p.m.20 views

Sql injection

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command...

7.5CVSS9.5AI score0.01386EPSS
Exploits0References3Affected Software2
cvelist
cvelist
added 2020/02/11 8:0 a.m.21 views

CVE-2020-3934 TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command...

9.8CVSS9.7AI score0.01386EPSS
Exploits0References3
vulnerlab
vulnerlab
added 2019/12/14 12:0 a.m.481 views

Apple iOS v13.x (AirDrop) - (AirDoS) Denial of Service PoC

Document Title: =============== Apple iOS v13.x AirDrop - AirDoS Denial of Service PoC References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2192 Video: https://www.youtube.com/watch?v=pLpJIo-GcbQ Apple Acknowledgements: https://support.apple.com/en-us/HT210785...

7.4AI score
Exploits0
vulnerlab
vulnerlab
added 2019/12/14 12:0 a.m.42 views

Apple iOS v13.x (AirDrop) - (AirDoS) Denial of Service PoC

Document Title: =============== Apple iOS v13.x AirDrop - AirDoS Denial of Service PoC References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2192 Video: https://www.youtube.com/watch?v=pLpJIo-GcbQ Apple Acknowledgements: https://support.apple.com/en-us/HT210785...

7.4AI score
Exploits0
zdt
zdt
added 2019/11/30 12:0 a.m.194 views

Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection Vulnerability

NAPC Xinet interface Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginFormusername field when double quotes are used. + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

10AI score0.07941EPSS
Exploits3
cvelist
cvelist
added 2019/11/20 4:16 a.m.22 views

CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities...

6.2AI score0.01126EPSS
Exploits0References6
cve
cve
added 2019/10/09 12:0 a.m.5024 views

CVE-2019-16905

CVE-2019-16905 affects OpenSSH 7.7–7.9 and 8.x prior to 8.1 when built with the experimental XMSS key type. It describes a pre-authentication integer overflow in XMSS key parsing that can cause memory corruption and local code execution. The XMSS implementation is treated as experimental in all r...

7.8CVSS7.9AI score0.0217EPSS
Exploits2References9Affected Software1
exploitpack
exploitpack
added 2019/09/30 12:0 a.m.59 views

vBulletin 5.x - Remote Command Execution (Metasploit)

vBulletin 5.x - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE...

7.5CVSS0.3AI score0.99728EPSS
Exploits27
Rows per page
Query Builder