Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.172 views

Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation

Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The kernel’s CmpAddRemoveContainerToCLFSLog function doesn’t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.209 views

SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting

Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 17-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...

6.1CVSS6.5AI score0.01918EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.197 views

SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting

Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 20-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...

5.4CVSS5.8AI score0.02569EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.228 views

SeedDMS versions < 5.1.11 - Remote Command Execution

Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now go to...

7.5CVSS7.8AI score0.11696EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.201 views

GrandNode 4.40 - Path Traversal / Arbitrary File Download

Exploit Title: GrandNode Path Traversal & Arbitrary File Download Unauthenticated Date: 06/23/3019 Exploit Author: Corey Robinson https://twitter.com/CRobSec Vendor Homepage: https://grandnode.com/ Software Link:...

7.5CVSS7.8AI score0.53705EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/21 12:0 a.m.527 views

EA Origin < 10.5.38 - Remote Code Execution

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

8.8CVSS8.2AI score0.13274EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/20 12:0 a.m.168 views

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception

/ When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking up the correct segment descriptor and adding the segment offset to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/20 12:0 a.m.101 views

Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Runrshell Privilege Escalation', 'Description' = %q This modules exploits a vulnerability in Cisco Prime...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/20 12:0 a.m.258 views

BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection

Exploit Title: Out-of-band XML External Entity Injection on BlogEngine.NET Date: 19 June 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10718 1. Description ============== BlogEngine.NET is vulnerable to an Out-of-Band...

7.5CVSS7.8AI score0.02657EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/20 12:0 a.m.109 views

Tuneclone 2.20 - Local SEH Buffer Overflow

Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python code : TuneClone.py 2.- Open EVIL.txt and cop...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/20 12:0 a.m.202 views

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability', 'Description' = %q This module exploits a vulnerability...

10CVSS7.4AI score0.98092EPSS
Exploits12
Exploit DB
Exploit DB
added 2019/06/20 12:0 a.m.224 views

WebERP 4.15 - SQL injection

Exploit Title: Blind SQL injection in WebERP. Date: June 10, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unserialize function. It can be deserialize...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/19 12:0 a.m.494 views

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution

Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description ============== BlogEngine.NET is vulnerable to an Directory Traversal on...

8.8CVSS8.7AI score0.07595EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/06/19 12:0 a.m.627 views

BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution

Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ============== BlogEngine.NET is vulnerable to a Directory Traversal through th...

8.8CVSS8.9AI score0.07595EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/06/18 12:0 a.m.183 views

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)

/ CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation vulnerability found by: Guy Levin @vastart - twitter.com/vastart https://blog.vastart.dev to compile and run: gcc servu-pe-cve-2019-12181.c -o pe && ./pe / include include include int main char vulnargs = "" ; id; echo 'opening root shell' ;...

8.8CVSS8.7AI score0.65981EPSS
Exploits13
Exploit DB
Exploit DB
added 2019/06/18 12:0 a.m.187 views

Sahi pro 7.x/8.x - Directory Traversal

Exploit Title: Sahi pro :/s/dyn/Loghighlight?href=../../../../windows/win.ini&n=1selected...

7.5CVSS7.6AI score0.45055EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/06/18 12:0 a.m.206 views

Sahi pro 8.x - Cross-Site Scripting

Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed script. XSS is triggered...

5.4CVSS5.9AI score0.02082EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/18 12:0 a.m.183 views

Sahi pro 8.x - SQL Injection

Exploit Title: Sahi pro :/s/dyn/pro/DBReports?sql=SELECT DISTINCT memoryused AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS. FROM SUITEREPORTS,SCRIPTREPORTS...

9.8CVSS9.8AI score0.18539EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.232 views

Spring Security OAuth - Open Redirector

Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

6.5CVSS5.6AI score0.15621EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.190 views

Netperf 2.6.0 - Stack-Based Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional troughput...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.133 views

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in AROX...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.350 views

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path "HKCU:\Software\Classes\exefile\shell\open\command" -Na...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.338 views

RedwoodHQ 2.5.5 - Authentication Bypass

-- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link: https://redwoodhq.com/redwood-download/ Tested on: Ubuntu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.217 views

CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities

Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple Vulnerabilities Date: 14/06/2019 Author: Alex Akinbi Twitter: @alexakinbi 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.356 views

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Product HC10 HC.Server Service 10.14 HC10 is a unified hosting...

7.5CVSS7.6AI score0.08793EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.327 views

Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow

X41 D-Sec GmbH Security Advisory: X41-2019-003 Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL:...

9.8CVSS9.7AI score0.09903EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.163 views

Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow

X41 D-Sec GmbH Security Advisory: X41-2019-002 Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL:...

9.8CVSS9.1AI score0.10527EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.179 views

Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow

X41 D-Sec GmbH Security Advisory: X41-2019-001 Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL:...

9.8CVSS9.7AI score0.10527EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.232 views

Thunderbird ESR < 60.7.XXX - Type Confusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-Sec GmbH Security Advisory: X41-2019-004 Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor:...

7.5CVSS8.8AI score0.09731EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/06/17 12:0 a.m.605 views

Exim 4.87 - 4.91 - Local Privilege Escalation

!/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 This...

10CVSS9.8AI score0.99961EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/06/14 12:0 a.m.368 views

Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow

!/usr/bin/python Exploit : Aida64 6.00.5100 'Log to CSV File' Local SEH Buffer Overflow Exploit Author : Nipun Jaswal Tested On : Windows 7 Home Basicx86 Version : 6.00.5100 Release Date : 31/May/2019 Build : 21/May/2019 Vendor Homepage: https://www.aida64.com/downloads Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/14 12:0 a.m.470 views

CentOS 7.6 - 'ptrace_scope' Privilege Escalation

!/usr/bin/env bash 'ptracescope' misconfiguration Local Privilege Escalation Affected operating systems TESTED: Parrot Home/Workstation 4.6 Latest Version Parrot Security 4.6 Latest Version CentOS / RedHat 7.6 Latest Version Kali Linux 2018.4 Latest Version Authors: Marcelo Vazquez s4vitar Victor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/13 12:0 a.m.832 views

Sitecore 8.x - Deserialization Remote Code Execution

Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...

9CVSS8.8AI score0.14196EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/06/13 12:0 a.m.458 views

Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/12 12:0 a.m.493 views

FusionPBX 4.4.3 - Remote Command Execution

Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...

8.8CVSS6.6AI score0.8748EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/06/11 12:0 a.m.217 views

ProShow 9.0.3797 - Local Privilege Escalation

!/usr/bin/python coding:utf-8 Exploit Title: ProShow v9.0.3797 Local Exploit Exploit Author: @YonatanCorrea website with details: https://risataim.blogspot.com/2019/06/exploit-local-para-proshow.html Vendor Homepage: http://www.photodex.com/ProShow Software Link:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/11 12:0 a.m.208 views

phpMyAdmin 4.8 - Cross-Site Request Forgery

Exploit Title: Cross Site Request Forgery CSRF Date: 11 June 2019 Exploit Author: Riemann Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: 4.8 Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:4.8 CVE ...

6.5CVSS8.1AI score0.19184EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/11 12:0 a.m.1082 views

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in Webmin...

9CVSS7.4AI score0.77835EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/06/11 12:0 a.m.199 views

WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution

Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Date: june 2019 Exploit Author: xulchibalraa Vendor Homepage:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/11 12:0 a.m.194 views

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” / JSP taglib, appending a payload like the following to...

4.7CVSS4.8AI score0.02283EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/06/10 12:0 a.m.426 views

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting Google Dork: intext:"by UliCMS" Date: 2019-05-12 Exploit Author: Unk9vvN Vendor Homepage: https://en.ulicms.de Software Link: https://www.ulicms.de/aktuelles.html?single=ulicms-20191-spitting-lama-ist-fertig Version: 2019....

6.1CVSS6.3AI score0.03473EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/06/10 12:0 a.m.318 views

Ubuntu 18.04 - 'lxd' Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/07 12:0 a.m.402 views

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within "c:\users%username%\appdata\local\packages\Microsoft.MicrosoftEdge8wekyb3d8bbwe" atleast the ones we can delete as user Try to launch edge. It will crash...

7.8CVSS6.9AI score0.414EPSS
Exploits19
Exploit DB
Exploit DB
added 2019/06/06 12:0 a.m.57 views

VMware WorkStation 12.5.3 - Virtual Machine Escape

VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/06 12:0 a.m.359 views

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion

Exploit Title: Remote file inclusion Date: 03-06-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References: https://nvd.nist.gov/vuln/detail/CVE-2019-12477...

5.5CVSS5.5AI score0.13318EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.503 views

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

Qualys Security Advisory The Return of the WIZard: RCE in Exim CVE-2019-10149 ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default...

10CVSS9.8AI score0.99961EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.451 views

LibreNMS - addhost Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...

10CVSS9.5AI score0.71487EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.840 views

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution', 'Description' = % This module exploits...

9.8CVSS7.4AI score0.06283EPSS
Exploits3
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.429 views

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery

coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.184 views

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free

memoryobject, uint32t pages ... Handle newbuffer; if oldbuffer-isshared // Adjust protections for the buffer. if !AdjustBufferPermissionsisolate, oldbuffer, newsize return -1; void backingstore = oldbuffer-backingstore; if memorytracker-IsWasmSharedMemorybackingstore // This memory is shared...

7AI score
Exploits0
Total number of security vulnerabilities47904