Lucene search
K

23 matches found

0day.today
0day.today
added 2022/03/07 12:0 a.m.221 views

Hasura GraphQL 2.2.0 - Information Disclosure Exploit

Exploit Title: Hasura GraphQL 2.2.0 - Information Disclosure Software: Hasura GraphQL Community Software Link: https://github.com/hasura/graphql-engine Version: 2.2.0 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests SERVERADDR = 'x.x.x.x' url = 'http:///v1/metadata'.formatSERVERADDR...

Exploits0
0day.today
0day.today
added 2021/06/30 12:0 a.m.56 views

Apache Superset 1.1.0 - Time-Based Account Enumeration Exploit

Exploit Title: Apache Superset 1.1.0 - Time-Based Account Enumeration Author: Dolev Farhi Vendor Homepage: https://superset.apache.org/ Version: 1.1.0 Tested on: Ubuntu import sys import requests import time scheme = 'http' host = '192.168.1.1' port = 8080 change with your wordlist usernames =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/27 12:0 a.m.267 views

WordPress Plugin WPGraphQL 1.3.5 - Denial of Service

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/26 12:0 a.m.30 views

Hasura GraphQL 1.3.3 - Remote Code Execution Exploit

Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/26 12:0 a.m.465 views

Hasura GraphQL 1.3.3 Remote Code Execution

Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/26 12:0 a.m.725 views

Hasura GraphQL 1.3.3 - Remote Code Execution

Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.425 views

Hasura GraphQL 1.3.3 Arbitrary File Read

Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.778 views

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2021/04/12 12:0 a.m.19 views

WordPress WPGraphQL plugin <= 1.3.5 - Denial of Service vulnerability

Denial of Service vulnerability discovered by Dolev Farhi in WordPress WPGraphQL plugin versions = 1.3.5. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 1.3.6...

3AI score
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2020/11/19 12:0 a.m.843 views

M/Monit 3.7.4 Privilege Escalation

Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...

0.8AI score
Exploits0
0day.today
0day.today
added 2020/05/01 12:0 a.m.19 views

VirtualTablet Server 3.0.2 - Denial of Service Exploit

Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol import TBinaryProtoco...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/06/18 12:0 a.m.80 views

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit 0day.today 2018-06-18...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2018/06/18 12:0 a.m.20 views

RabbitMQ Web Management 3.7.6 - Cross-Site Request Forgery (Add Admin)

RabbitMQ Web Management 3.7.6 - Cross-Site Request Forgery Add Admin Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/06/11 12:0 a.m.11 views

userSpice 4.3.24 - Username Enumeration

userSpice 4.3.24 - Username Enumeration Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration"...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.25 views

userSpice 4.3.24 - Username Enumeration Exploit

Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - Username Enumeration Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if...

Exploits0
Packet Storm
Packet Storm
added 2018/06/11 12:0 a.m.21 views

userSpice 4.3.24 Username Enumeration

Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if lensys.argv != 3: print 'Usage:',...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/11 12:0 a.m.26 views

userSpice 4.3.24 - Username Enumeration

Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if lensys.argv != 3: print 'Usage:',...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/03/16 12:0 a.m.40 views

Cobbler 2.8.0 - (Authenticated) Remote Code Execution

!/usr/bin/python """ Exploit title: Cobbler 2.8.x Authenticated RCE. Author: Dolev Farhi Contact: dolevf at protonmail.com @hack6tence Date: 03-16-2017 Vendor homepage: cobbler.github.io Software version: v.2.5.160805 Software Description ===================== Cobbler is a Linux installation serv...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/19 12:0 a.m.49 views

ntop-ng 2.5.160805 Username Enumeration

Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib server = 'ip.add.re.ss' username = 'ntopng-use...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/09/20 12:0 a.m.29 views

M/Monit 3.2.2 Cross Site Request Forgery Vulnerability

M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities. Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the...

7.5CVSS6.6AI score0.06647EPSS
Exploits4
Rows per page
Query Builder