Lucene search
K

84 matches found

Microsoft Secure
Microsoft Secure
added 2022/12/12 5:0 p.m.48 views

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Exploits0
GithubExploit
GithubExploit
added 2022/05/05 7:40 a.m.2 views

webray.com.cn

It is an offensive tool for web exploitation. This repository ap...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.5 views

TerraMaster FS-210安全漏洞

The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...

10CVSS8.7AI score0.03865EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2022/02/04 12:0 a.m.330 views

WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/11/25 8:4 p.m.5 views

vulhub

This is an offensive tool repository for vulnerability research and testing, specifically targeting various web applications and services. The repository contains a collection of exploits, proof-of-concept PoC code, and tools for identifying and exploiting vulnerabilities in software and systems...

7.5AI score
Exploits0
Huntr
Huntr
added 2021/08/24 2:11 p.m.11 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to delete any file on the server if logged in user visits attacker website. 🕵️‍♂️ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...

1.1AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2021/02/23 12:0 a.m.0 views

Suspicious Exploitation Tools HTTP Payload

Suspicious traffic has been found in web exploitation tools. Successful exploitation can lead to execution of arbitrary code or denial of service conditions...

1.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2021/02/23 12:0 a.m.1 views

Suspicious Exploitation Tools Payload

Suspicious traffic has been found in web exploitation tools. Successful exploitation can lead to execution of arbitrary code or denial of service conditions...

3.6AI score
Exploits0
Gitee
Gitee
added 2020/12/01 4:32 p.m.4 views

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it appears to be a collection of pre-built vulnerable environments based on Docker-Compose. The repository contains various Docker-Compose files for...

8AI score
Exploits0
Gitee
Gitee
added 2020/09/11 3:0 p.m.3 views

My-CTF-Web-Challenges

It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/23 1:22 p.m.4 views

hitconDockerfile

This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/02/12 4:22 p.m.4 views

picoCTF-2019-writeups

The repository is a collection of write-ups for the picoCTF 2019 challenge. The write-ups cover various challenges, including general skills, web exploitation, and reverse engineering. The challenges involve solving problems such as decoding messages, exploiting vulnerabilities, and reversing...

6.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.26 views

Microsoft Browser Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

7.6CVSS3.9AI score0.07074EPSS
Exploits0
Hacker One
Hacker One
added 2018/11/27 10:43 p.m.27 views

Starbucks: Able to bypass information requirements before launching a Chat.

Summary: Bypass of mandatory fields before a Chat session can begin. Description: URL allows for bypass straight into chat, and Chat personnel won't know my name, just that they are chatting with someone. Platforms Affected: website/mobile app - please include browsers and app versions used for...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2018/07/24 12:0 a.m.43 views

Davolink DVW 3200 Router Password Disclosure

Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Author: Ankit Anubhav Vendor Homepage: www.davolink.co.kr Softwa...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2018/03/08 12:0 a.m.350 views

Selenium Server 未授权访问漏洞

1.开篇 不知道大家在平日工作中有没有遇到过一些端口,使用浏览器打开是下面这样子的: 上图中我找了几个在不同端口下的例子。 2.Selenium-开源的自动化测试利器 本篇主要的主角-Selenium究竟是什么呢?有过QA经验或安全自动化测试经验的朋友应该知道,以下文字来自百度百科:Selenium1 是一个用于Web应用程序测试的工具。Selenium测试直接运行在浏览器中,就像真正的用户在操作一样。支持的浏览器包括IE(7, 8, 9, 10, 11),Mozilla Firefox,Safari,Google Chrome,Opera等。支持自动录制动作和自动生成...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/10/13 12:0 a.m.75 views

Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability(CVE-2016-3319)

Description An exploitable out of bounds write vulnerability exists in the PDF parsing API in the latest versions of Microsoft Windows. A specially crafted PDF file can cause an out of bounds write resulting in arbitrary code execution. Vulnerability can be triggered via malicious web page or a...

9.3CVSS8.2AI score0.18537EPSS
Exploits1
0day.today
0day.today
added 2017/01/14 12:0 a.m.30 views

Inout CareerLamp 1.0 Script - Improper Access Restrictions Vulnerability

Exploit for php platform in category web applications Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout CareerLamp Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-careerlamp/demo/ Author: İhsan Şenca...

0.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/12/02 12:0 a.m.2 views

Malicious iFrame Conditional Cookie Injection

Several web exploitation tools inject payloads that are displayed only when specific conditions are met. This may allow an attacker to reduce the odds of detection and to evade inspection...

3.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

MyBB Member.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14684/info MyBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation could result in a compromise of the...

7.1AI score
Exploits0
Rows per page
Query Builder