CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kitploit•added 2020/03/19 8:30 p.m.•77 views

InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram

InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access. Features Download Instagram Photos Download Instagram Videos Download Instagram Profile Pictures Git Installation clone the repo $ git clone...

7.2AI score

Exploits0References1

0day.today•added 2020/03/19 12:0 a.m.•101 views

Easy File Sharing Web Server 7.2 Local Buffer Overflow Exploit

Exploit Title: Easy File Sharing Web Server 7.2 - SMTP 'Password' Local Buffer Overflow SEH Author: Felipe Winsnes Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/download.php Version: 7.2 Tested on: Windows 7 Proof of Concept: 1.- Run the python script...

0.3AI score

GithubExploit•added 2020/03/12 6:34 p.m.•4 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Usage ./CV...

10CVSS10AI score0.9981EPSS

Exploits124

0day.today•added 2020/03/12 12:0 a.m.•125 views

Horde Groupware Webmail Edition 5.2.22 - PHAR Loading Exploit

Exploit for php platform in category web applications exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password =...

0.1AI score0.09579EPSS

Exploits4

exploitpack•added 2020/03/11 12:0 a.m.•100 views

Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion

Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode =...

7.5AI score

Exploit DB•added 2020/03/11 12:0 a.m.•180 views

Horde Groupware Webmail Edition 5.2.22 - PHAR Loading

exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode = sys.argv5 source =...

Hacker One•added 2020/03/07 8:10 p.m.•29 views

Urban Dictionary: Bypass voting restriction due to HTTP Header Injection

It is possible to bypass the voting restriction by adding a specially crafted HTTP-Header. The underlying algorithm uses the ip address to restirct the voting of a user. However, by manipulating the IP-Adress via adding the HTTP-Header "X-Forwarded-For" it is possible to vote a entry up or down...

0.9AI score

Packet Storm•added 2020/03/02 12:0 a.m.•134 views

Wing FTP Server 6.2.3 Privilege Escalation

Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.3 Tested...

0.6AI score0.00807EPSS

Exploits7

Hacker One•added 2020/02/29 5:19 p.m.•24 views

Valve: OOB reads in network message handlers leads to RCE

Vulnerability In Source engine games there are many network messages sent from the server to the client that take an entity index. There is a common pattern among many of these messages for the lower bounds of the entity index to be checked but not the upper bounds. In many cases these out of bou...

7.9AI score

0day.today•added 2020/02/27 12:0 a.m.•184 views

Apache Tomcat - AJP Ghostcat File Read/Inclusion Exploit

Exploit for multiple platform in category web applications !/usr/bin/env python CNVD-2020-10487 Tomcat-Ajp lfi by ydhcui import struct Some references: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html def packstrings: if s is None: return struct.pack"h", -1 l = lens return...

5.4AI score0.00535EPSS

Exploits3

0day.today•added 2020/02/26 12:0 a.m.•101 views

Core FTP LE 2.2 - Denial of Service Exploit

Exploit Title: Core FTP LE 2.2 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download.html Version: 2.2 build 1947 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program Core FTP LE In File select the...

Exploit DB•added 2020/02/25 12:0 a.m.•137 views

aSc TimeTables 2020.11.4 - Denial of Service (PoC)

Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open th...

GithubExploit•added 2020/02/22 1:32 a.m.•8 views

Exploit for SQL Injection in Djangoproject Django

CVE-2020-7471 This repository provides environments and P...

9.8CVSS6.8AI score0.65336EPSS

Exploits9

Packet Storm•added 2020/02/17 12:0 a.m.•84 views

Cuckoo Clock 5.0 Buffer Overflow

Exploit Title: Cuckoo Clock 5.0 - Buffer Overflow Exploit Author: boku Date: 2020-02-14 Vendor Homepage: https://en.softonic.com/author/pxcompany Software Link: https://en.softonic.com/download/parallaxis-cuckoo-clock/windows/post-download Version: 5.0 Tested On: Windows 10 32-bit Recreate: 1...

exploitpack•added 2020/02/17 12:0 a.m.•23 views

Avaya Aura Communication Manager 5.2 - Remote Code Execution

Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory:...

Exploit DB•added 2020/02/17 12:0 a.m.•153 views

Cuckoo Clock v5.0 - Buffer Overflow

0day.today•added 2020/02/12 12:0 a.m.•76 views

MyVideoConverter Pro 3.14 - (TVSeries) Buffer Overflow Exploit

Exploit Title: MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name "Shell.txt"...

Packet Storm•added 2020/02/11 12:0 a.m.•107 views

Torrent iPod Video Converter 1.51 Stack Overflow

Exploit Title: Torrent iPod Video Converter 1.51 - Stack Overflow Exploit Author: boku Date: 2020-02-10 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tripodconverter.exe Version: Torrent iPod Video Converter...

0.4AI score

Packet Storm•added 2020/02/11 12:0 a.m.•125 views

DVD Photo Slideshow Professional 8.07 Buffer Overflow

Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create ...