Lucene search
K

1234 matches found

0day.today
0day.today
added 2020/07/01 12:0 a.m.327 views

PHP-Fusion 9.03.60 - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.60 - PHP Object Injection Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 Description: PHP...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/06/27 11:23 p.m.7 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit targets the SMBGhost vulnerability in Windows operating systems, specifically Windows 10 and Windows Server 2016 and 2019. The...

10CVSS8AI score0.9981EPSS
Exploits125
OSV
OSV
added 2020/06/19 7:15 p.m.7 views

UBUNTU-CVE-2020-14929

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...

7.5CVSS7.1AI score0.01823EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.423 views

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Date: 2020-05-28 Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station 6.0.3 CVE: CVE-2019-7192, CVE-2019-7193...

10CVSS9.6AI score0.89681EPSS
Exploits12
GithubExploit
GithubExploit
added 2020/05/04 8:1 a.m.6 views

Exploit for CVE-2020-11651

CVE-2020-11651 This is a POC for CVE-2020-11651, which obtain...

9.8CVSS9.4AI score0.96405EPSS
Exploits24
Positive Technologies
Positive Technologies
added 2020/04/12 12:0 a.m.3 views

PT-2020-6291 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20 D-Link DIR-825/GF D-Link DIR-825/A/D1 D-Link DIR-825/AC/E1A Description: An issue was discovered in the web interface of D-Link DIR-825 devices, allowing attackers to achieve...

10CVSS8.8AI score0.5432EPSS
Exploits1References7
OSV
OSV
added 2020/04/01 5:15 p.m.3 views

CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...

9.8CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2020/04/01 5:15 p.m.15 views

Command injection

NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...

10CVSS9.7AI score0.02601EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2020/04/01 4:31 p.m.23 views

CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in requesthandler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to...

9.8AI score0.02601EPSS
Exploits0References1
CVE
CVE
added 2020/04/01 4:31 p.m.47 views

CVE-2018-11106

NETGEAR devices affected: WC7500, WC7520, WC7600v1, WC7600v2, and WC9500. Issue: pre-authentication command injection in request_handler.php. Root cause: improper handling in the PHP request handler allows arbitrary commands to be executed before authentication. Impact (as stated): high confident...

10CVSS9.6AI score0.02601EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2020/03/30 12:0 a.m.483 views

Multiple DrayTek Products - Pre-authentication Remote Root Code Execution

package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as soon as possible to 1.5.1 firmware or later This issue has been fixed in...

10CVSS9.6AI score0.99993EPSS
Exploits7
The Hacker News
The Hacker News
added 2020/03/21 7:51 a.m.75 views

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...

10CVSS10AI score0.99988EPSS
Exploits2
The Hacker News
The Hacker News
added 2020/03/21 7:51 a.m.10 views

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...

10CVSS8.2AI score0.99988EPSS
Exploits2
ThreatPost
ThreatPost
added 2020/03/20 1:27 p.m.70 views

New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...

10CVSS10AI score0.99988EPSS
Exploits2References22
ThreatPost
ThreatPost
added 2020/03/20 1:27 p.m.42 views

New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...

10CVSS10AI score0.99988EPSS
Exploits2References22
GithubExploit
GithubExploit
added 2020/03/15 10:22 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Pre-Auth POC c 2020 ZecOps, Inc. - https://ww...

10CVSS7AI score0.9981EPSS
Exploits125
Exploit DB
Exploit DB
added 2020/03/11 12:0 a.m.222 views

PlaySMS 1.4.3 - Template Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS 1.4.3 Pre Auth Template Injection Remote Code Execution', 'Description' = %q This module exploits a Preauth Server-Side Template Injectio...

9.8CVSS9.8AI score0.86689EPSS
Exploits6
OSV
OSV
added 2020/03/04 8:15 p.m.4 views

CVE-2020-9054

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

9.8CVSS8.3AI score0.99988EPSS
Exploits2References6
Cvelist
Cvelist
added 2020/03/04 7:30 p.m.36 views

CVE-2020-9054 ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

10AI score0.99988EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2020/02/26 12:0 a.m.62 views

VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi

” Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to...

10CVSS10.4AI score0.99988EPSS
Exploits2References5
Rows per page
Query Builder