Lucene search
K

7082 matches found

0day.today
0day.today
added 2020/06/26 12:0 a.m.133 views

Windscribe 1.83 - (WindscribeService) Unquoted Service Path Vulnerability

Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config WindscribeService...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/26 12:0 a.m.395 views

Windscribe 1.83 - 'WindscribeService' Unquoted Service Path

Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Date: 2020-06-26 Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2020/06/25 7:35 a.m.116 views

Exploit for Link Following in Docker Desktop

CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...

7.2CVSS7AI score0.01435EPSS
Exploits2
0day.today
0day.today
added 2020/06/18 12:0 a.m.359 views

Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...

10CVSS10AI score0.14014EPSS
Exploits5
CNVD
CNVD
added 2020/06/16 12:0 a.m.6 views

Apsis Pound Environmental Issues Vulnerabilities

Apsis Pound is a reverse proxy program for Web servers from the German company Apsis. The program supports reverse proxy, load balancing and HTTPS front-end and other features. A security vulnerability exists in versions of Apsis Pound prior to 2.8. An attacker can exploit the vulnerability to...

9.1CVSS6.6AI score0.01127EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/06/16 12:0 a.m.50 views

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1666)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.7179EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/06/15 9:30 p.m.131 views

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...

7.4AI score
Exploits0References1
The Hacker News
The Hacker News
added 2020/06/11 9:35 p.m.129 views

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/11 9:35 p.m.4 views

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2020/06/10 4:44 p.m.304 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

SMBGhost CVE-2020-0796 Automate Exploitation and Detection...

10CVSS9.1AI score0.9981EPSS
Exploits125
Hacker One
Hacker One
added 2020/06/09 5:23 p.m.121 views

h1-ctf: @shakedko H1-2006 CTF writeup

TL;DR Flag is: ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$. Thank you for this awesome challenge! Introduction I have participated in this CTF as I wanted to see how far I'd be able to get considering the fact that I'm doing bug bounty for a relatively short time. Coming from the software...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2020/06/06 9:30 p.m.1536 views

JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...

6.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/05 12:0 a.m.4 views

The vulnerability of the Squid proxy server arises from insufficient validation of input data, allowing attackers to access features that can only be used by reverse proxies.

The vulnerability of the Squid proxy server exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to gain access to features that can only be used by reverse proxies...

7.5CVSS6.7AI score0.03935EPSS
Exploits0References12Affected Software6
RedHat Linux
RedHat Linux
added 2020/06/04 1:11 p.m.4 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.09386EPSS
Exploits0References7
0daydb
0daydb
added 2020/06/03 3:51 p.m.123 views

QuickBox Pro 2.1.8 CVE-2020-13448 - Remote Code Execution

CVE-2020-13448 QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability. Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details:...

9CVSS1AI score0.90384EPSS
Exploits36
0day.today
0day.today
added 2020/06/01 12:0 a.m.109 views

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...

9CVSS8.6AI score0.17772EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.252 views

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

9CVSS8.7AI score0.17772EPSS
Exploits7
NVD
NVD
added 2020/05/29 1:15 p.m.16 views

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

6.1CVSS5.5AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2020/05/29 1:15 p.m.4 views

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

6.1CVSS6.2AI score0.0086EPSS
Exploits0References2
Prion
Prion
added 2020/05/29 1:15 p.m.13 views

Security feature bypass

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

5.8CVSS6.1AI score0.0086EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder