740 matches found
Deltek Maconomy 2.2.5 Local File Inclusion Vulnerability
Exploit for cgi platform in category web applications Exploit Title: Maconomy Erp local file include Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.deltek.com Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy CVE: CVE-2019-12314 POC: POC:...
Microsoft Windows - Win32k Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...
Microsoft Internet Explorer 11 - Sandbox Escape Exploit
Exploit for windows platform in category local exploits Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...
microASP (Portal+) CMS - (pagina.phtml?explode_tree) SQL Injection Vulnerability
Exploit for asp platform in category web applications + Sql Injection on microASP Portal+ CMS + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: email protected + Tested on: Windows 7 and Gnu/Linux + Dork:...
The Company Business Website CMS - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: The Company Business Website CMS - 'username' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms Demo Site: http://thecompany.morkocbilisim.com...
NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow Vendor Homepage: http://netsharewatcher.nsauditor.com Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Exploit Author: Peyman Forouzan Tested...
runC < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Exploit
Exploit for linux platform in category local exploits runc /bin/sh is issued on the host. More complete explanation here. Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46359.zip 0day.today 2019-02-25...
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Easy Video to iPod Converter - Local Buffer Overflow SEH Exploit Author: Nawaf Alkeraithe Twitter: @Alkeraithe1 Vulnerable Software: Easy Video to iPod Converter 1.6.20 Vendor Homepage: http://www.divxtodvd.net/ Version: 1.6.2...
Teameyo Project Management System 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.teameyo.com/ Software Link: https://codecanyon.net/item/teameyo-project-management-system/23142804 Version: 1.0...
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications NBG-418N v2 Modem CSRF Exploit & PoC 0day.today 2019-02-06...
ThinkPHP 5.X - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: thinkphp 5.X RCE Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None...
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion Exploit
Exploit for windows platform in category local exploits Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m...
autotrends.today XSS vulnerability
Open Bug Bounty ID: OBB-719655 Description| Value ---|--- Affected Website:| autotrends.today Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in reco...
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Exploit Author: Kumar Saurav Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-CN Firmware: W2001EN-00 Tested on: Multiple CVE : CVE-2018-20326 Description: PLC Wireles...
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit
Exploit for windows platform in category local exploits Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46051.zip Password: infected 0day.today 2018-12-27...
Yeswiki Cercopitheque - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SQL Injection in Yeswiki Cercopitheque Exploit Author: Mickael BROUTY @ark1nar - FIDENS Vendor Homepage: https://yeswiki.net Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip...
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Exploit
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the ForInContext Object / This is simillar to issue 1263 . When hoisting a function onto the outer scope, if it overwrites the iteration variable for a for-in loop it should invalidate the corresponding...
curetoday.com XSS vulnerability
Open Bug Bounty ID: OBB-701812 Description| Value ---|--- Affected Website:| curetoday.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...