CVE-2016-10542

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/wsdos.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Pivotal Spring Java Framework 5.0.x Remote Code Execution

Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector"...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

Martem TELEM-GW6/GWM Cross-Site Scripting Vulnerability

Martem specializes in providing remote control systems for monitoring and controlling distribution networks, and its customers include distribution companies as well as industrial and transportation companies that own their own power grids. A cross-site scripting vulnerability exists in Martem...

WebSocket Live Chat - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WebSocket Live Chat - Cross-Site Scripting Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click setting...

WebSocket Live Chat Cross Site Scripting

Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click setting icon and go to profile 2 Put this...

WebSocket Live Chat - Cross-Site Scripting

WebSocket Live Chat - Cross-Site Scripting Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click...

WebSocket Live Chat - Cross-Site Scripting

Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click setting icon and go to profile 2 Put this...

DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)

DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more...

Trello: Session can be continuously reused by editting "token" cookie.

Description: ==================== When loged in user edit "token" cookie , that session will be cut off and user will be loged out. It's nomal. But If you make websocket connection with proper token before editing the "token" cookie and then edit "token" cookie , websocket will still in connectin...

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution

''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

Inteno IOPSYS 2.0 &lt; 4.2.0 - &#039;p910nd&#039; Remote Command Execution

''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

Code injection

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

UBUNTU-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

DEBIAN-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...