Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/04/23 12:0 a.m.39 views

Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition

/ The Siemens R3964 line discipline code in drivers/tty/nr3964.c has a few races around its ioctl handler; for example, the handler for R3964ENABLESIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/23 12:0 a.m.60 views

Ross Video DashBoard 8.5.1 - Insecure Permissions

Ross Video DashBoard 8.5.1 Insecure Permissions Vendor: Ross Video Ltd. Product web page: https://www.rossvideo.com Affected version: 8.5.1 Summary: DashBoard is a free and open platform from Ross Video for facility control and monitoring that enables users to quickly build unique, tailored Custo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/23 12:0 a.m.222 views

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit

As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on a local console - or neither This is expressed in the policy using the elements "allowany",...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.84 views

UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting

Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...

6.1CVSS6.3AI score0.03473EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.199 views

74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)

Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE : CVE-2019-11374 74CMS v5.0.1 has a CSRF vulnerability to add...

8.8CVSS8.8AI score0.09853EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.44 views

LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)

!/usr/bin/python Exploit Title: LabF nfsAxe 3.7 Ping Client - Buffer Overflow Vanilla Date: 20-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.labf.com/nfsaxe Version: 3.7 Software Link : http://www.labf.com/download/nfsaxe.exe Contact: [email protected]...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.109 views

ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager %q This module exploits sqli and command injection vulnerability in the ManageEngine AM 14 and prior versions. I...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.78 views

Msvod 10 - Cross-Site Request Forgery (Change User Information)

Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375 Msvod v10 has a CSRF vulnerability to change user information vi...

6.5CVSS6.5AI score0.02616EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.31 views

Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)

Exploit Title: Ease Audio Converter 5.30 Audio Cutter Dos Exploit Date: 19.04.19 Vendor Homepage:http://www.audiotool.net/download.htm Software Link: http://www.audiotool.net/download/audioconverter.exe Exploit Author: Achilles Tested Version: 5.30 Tested on: Windows 7 x64 Sp1 1.- Run the python...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.204 views

QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service

!/usr/bin/python Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS Date: 19/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.qnap.com Version: 1.3.4.0317 and below are vulnerable Software Link: https://www.qnap.com/en/utilities/essentials Contact...

7.5CVSS7.6AI score0.09796EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.34 views

Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)

var arr1 = 0,1; function ObjCreatemake this.make = make; var obj1 = new ObjCreate; function main arr1.reducef3; Object.getOwnPropertyDescriptorsArray99.joinobj1.make; function f3 obj1"make" = RegExpArray60000.join"CCC";...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/22 12:0 a.m.128 views

WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion

Exploit Title: Contact Form Builder CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-builder Version: 1.0.67 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/19 12:0 a.m.64 views

Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Atlassian Confluence Widget Connector Macro Velocity Template Injection", 'Description' = %q Widget Connector Macro is part of Atlassian Confluen...

10CVSS7AI score0.99913EPSS
Exploits20
Exploit DB
Exploit DB
added 2019/04/19 12:0 a.m.38 views

SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SystemTap MODPROBEOPTIONS Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a vulnerability in...

7.2CVSS6.3AI score0.04797EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/04/19 12:0 a.m.142 views

Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection

Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link: https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html Version: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Tested...

7.2CVSS7.2AI score0.92183EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/19 12:0 a.m.61 views

Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal

Exploit Title: Directory traversal in Oracle Business Intelligence Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link: https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html Version: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 Tested on...

4.9CVSS5.5AI score0.37099EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/18 12:0 a.m.40 views

Evernote 7.9 - Code Execution via Path Traversal

Exploit Title: Code execution via path traversal Date: 17-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://evernote.com/ Software Link: https://evernote.com/download Version: 7.9 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-10038 References:...

7.8CVSS7.7AI score0.01307EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/18 12:0 a.m.32 views

ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module exploits sql and command injection vulnerability in the ManageEngine AM 14 and prior version...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/18 12:0 a.m.68 views

LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the ability to bi...

9.8CVSS9.1AI score0.67321EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/04/18 12:0 a.m.60 views

Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)

Exploit Title: Netwide Assembler NASM 2.14rc15 NULL Pointer Dereference PoC Date: 2018-09-05 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://www.nasm.us/ Software Link: https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D Version: 2.14rc15 and earlier Tested on: 2.14rc15 CVE :...

5.5CVSS5.7AI score0.05166EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/17 12:0 a.m.49 views

MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow

!/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "RETR" commandPOP3 Date: 16/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesyste...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/17 12:0 a.m.50 views

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont test.ttf Iteratio...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/17 12:0 a.m.50 views

DHCP Server 2.5.2 - Denial of Service (PoC)

Exploit Title: DHCP Server 2.5.2 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-16 Vendor Homepage: http://www.dhcpserver.de/cms/ Software Link: http://www.dhcpserver.de/cms/wp-content/plugins/download-attachments Tested Version: 2.5.2 Tested on: Windows 7 x32...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/17 12:0 a.m.101 views

ASUS HG100 - Denial of Service

Exploit Title:ASUS HG100 devices denial of serviceDOS via IPv4 packets/SlowHTTPDOS Date: 2019-04-14 Exploit Author: YinT Wang; Vendor Homepage: www.asus.com Version: Hardware version: HG100 、Firmware version: 1.05.12 Tested on: Currnet 1.05.12 CVE : CVE-2018-11492 1. Description The attack at sam...

7.8CVSS7.6AI score0.11386EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/17 12:0 a.m.53 views

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.40 views

PCHelpWare V2 1.0.0.5 - 'SC' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'SC' Denial of Service PoC Date: 15/04/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi Version: 1.0.0.5 Tested on: Windows 10 Proof of Concept...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.39 views

PCHelpWare V2 1.0.0.5 - 'Group' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'Group' Denial of Service PoC Date: 15/04/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi Version: 1.0.0.5 Tested on: Windows 10 Proof of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.53 views

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver can confuse the cache and memory manager to replace the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.61 views

Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation

Windows: LUAFV LuafvCopyShortName Arbitrary Short Name EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver bypasses security checks to copy short names during file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.58 views

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation

Windows: LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver reuses the file’s create request DesiredAccess paramete...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.61 views

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation

Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE : CVE-2018-19374 Due to weak permissions...

7CVSS6.9AI score0.0108EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.35 views

AdminExpress 1.2.5 - 'Folder Path' Denial of Service (PoC)

-- coding: utf-8 -- !/usr/bin/python Exploit Title: AdminExpress 1.2.5 - Denial of Service PoC Date: 2019-04-12 Exploit Author: Mücahit İsmail Aktaş Software Link: https://admin-express.en.softonic.com/ Version: 1.2.5.485 Tested on: Windows XP Professional SP2 Description: 1 Click the "System...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.420 views

Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting

Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG40 - weblogin.cgi, webauthrelogin.cgi CVE : 2019-9955 1. Description ==============...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.182 views

Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Exploit Title: Joomla Core 1.5.0 through 3.9.4 - Directory Traversal && Authenticated Arbitrary File Deletion Date: 2019-March-13 Exploit Author: Haboob Team Web Site: haboob.sa Email: [email protected] Software Link: https://www.joomla.org/ Versions: Joomla 1.5.0 through Joomla 3.9.4 CVE :...

9.8CVSS7.9AI score0.38018EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.87 views

Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation

Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a syste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.53 views

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation

Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver doesn’t take into account a virtualized handle bei...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.48 views

Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass

Windows: LUAFV NtSetCachedSigningLevel Device Guard Bypass Platform: Windows 10 1809 not tested earlier. Note I’ve not tested this on Windows 10 SMode. Class: Security Feature Bypass Summary: The NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/16 12:0 a.m.93 views

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation

Windows: LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver has a race condition in the LuafvPostReadWrite...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.42 views

MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow

!/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "TOP" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystem...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.75 views

Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework linux/armle/meterpreter/bindtcp - segfault linux/armle/meterpreter/reversetcp - segfault linux/armle/meterpreterreversehttp - works linux/armle/meterpreterreversehttps -...

10CVSS7AI score0.95707EPSS
Exploits15
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.61 views

UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC)

Exploit Title: UltraVNC Viewer 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html Tested Version: 1.2.2.4 Tested on: Windows 7 x64...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.45 views

UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html Tested Version: 1.2.2.4 Tested on: Windows 7 x64...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.37 views

MailCarrier 2.51 - POP3 'USER' Buffer Overflow

!/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "USER" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.37 views

MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow

!/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "LIST" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesyste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.58 views

RemoteMouse 3.008 - Arbitrary Remote Command Execution

Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it This script po...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.60 views

CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in CuteNews prior to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.47 views

MailCarrier 2.51 - 'RCPT TO' Buffer Overflow

!/usr/bin/python Exploit Title: MailCarrier 2.51 'RCPT TO' - Buffer Overflow Remote Date: 12/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems Greets to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/15 12:0 a.m.167 views

DirectAdmin 1.561 - Multiple Vulnerabilities

Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr Description: Multiple security vulnerabilities ha...

6.8CVSS8.9AI score0.02094EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/12 12:0 a.m.58 views

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass

Exploit Title: CyberArk Endpoint bypass Google Dork: - Date: 03/06/2018 Exploit Author: Alpcan Onaran, Mustafa Kemal Can Vendor Homepage: https://www.cyberark.com Software Link: - Version: 10.2.1.603 Tested on: Windows 10 CVE : CVE-2018-14894 //If user needs admin privileges, CyberArk gives the...

7.8CVSS7.7AI score0.01927EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/04/12 12:0 a.m.68 views

Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'fileutils' require 'rex/zip' class MetasploitModule 'Microsoft Windows Contact File Format Arbitary Code Execution', 'Description' = %q This vulnerability allow...

7AI score
Exploits0
Total number of security vulnerabilities47904