Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2018/11/06 12:0 a.m.175 views

FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit

Exploit for macOS platform in category dos / poc FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root...

0.2AI score0.06498EPSS
Exploits1
0day.today
0day.today
added 2018/09/22 12:0 a.m.175 views

Microsoft Windows ALPC Task Scheduler Local Privilege Elevation Exploit

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can creat...

6.9AI score0.18386EPSS
Exploits7
0day.today
0day.today
added 2016/10/10 12:0 a.m.175 views

HP Client - Automation Command Injection / Remote Code Execution

Exploit for multiple platform in category local exploits Exploit Title: HP Client - Automation Command Injection Date: 10/10/2016 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: Tested on version 7.9 but should work on...

10CVSS0.2AI score0.75116EPSS
Exploits16
0day.today
0day.today
added 2016/08/22 12:0 a.m.175 views

Ocomon 2.0 - SQL Injection

Exploit for php platform in category web applications Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 Date: 2016.08.18 Exploit Author: Jonatas Fil a.k.a pwx Vendor Homepage: ninj4c0d3r.github.io Version:...

5CVSS6.7AI score0.01096EPSS
Exploits3
0day.today
0day.today
added 2015/11/13 12:0 a.m.175 views

Microsoft .NET Framework XSS / Privilege Escalation Vulnerability

Exploit for windows platform in category remote exploits Product: =========================== Microsoft .NET Framework Vulnerability Type: ============================ XSS / Elevation of Privilege CVE Reference: ============== CVE-2015-6099 Vulnerability Details: ====================== Microsoft...

4.3CVSS5.4AI score0.47738EPSS
Exploits1
0day.today
0day.today
added 2013/02/05 12:0 a.m.175 views

FreeBSD 9.1 ftpd Remote Denial of Service

Exploit for freebsd platform in category dos / poc FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 --- 1. Description --- I have decided check BSD ftpd servers once...

7AI score0.51298EPSS
Exploits21
0day.today
0day.today
added 2010/01/17 12:0 a.m.175 views

Uploader by CeleronDude 5.3.0 - Upload Vulnerability

Exploit for unknown platform in category web applications ==================================================== Uploader by CeleronDude 5.3.0 - Upload Vulnerability ==================================================== Uploader by CeleronDude 5.3.0 - Upload Vulnerability Discovered by : Stink' Date...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/01/14 12:0 a.m.175 views

RichStrong CMS (showproduct.asp cat) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= RichStrong CMS showproduct.asp cat Remote SQL Injection Exploit ================================================================= --==+=================== Spanish Hackers Te...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/11/04 12:0 a.m.175 views

YNP Portal System 2.2.0 (showpage.cgi p) Remote File Disclosure

Exploit for cgi platform in category web applications =============================================================== YNP Portal System 2.2.0 showpage.cgi p Remote File Disclosure =============================================================== YNP Portal System 2.2.0 showpage.cgi p Remote File...

7.1AI score
Exploits0
0day.today
0day.today
added 2005/08/05 12:0 a.m.175 views

PHP-Fusion <= 6.0 106 BBCode IMG Tag Script Injection Exploit

Exploit for unknown platform in category web applications ============================================================= PHP-Fusion deluser ./fusionimg banuser ./fusionimg delshout ./fusionimg deladmin is the PHP-Fusion version. enter 6.x or 5.x depending on the version number. is the start point ...

7.1AI score
Exploits0
0day.today
0day.today
added 2004/12/25 12:0 a.m.175 views

Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)

Exploit for unknown platform in category web applications ========================================================= Sanity.b - phpBB newPeerAddr="$site",PeerPort="80",Proto="tcp" or next; print $sock "GET /aolcom/search?q=$procura&Stage=0&page=$n HTTP/1.0\n\n"; @resu = ; close$sock; $ae = "@resu"...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/02/05 12:0 a.m.174 views

Checkmk 2.3.0p2 / NagVis 1.9.40 Cross Site Scripting Vulnerability

Title: Checkmk NagVis Reflected Cross-site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt 1. Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE...

5.4CVSS7AI score0.00557EPSS
Exploits2
0day.today
0day.today
added 2024/05/13 12:0 a.m.174 views

Prison Management System - SQL Injection Authentication Bypass Vulnerability

Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html Tested on: Windows ,XAMPP CVE : CVE-2024-33288 Proof ...

7.2AI score0.0081EPSS
Exploits3
0day.today
0day.today
added 2021/09/22 12:0 a.m.174 views

Simple Attendance System 1.0 - Unauthenticated Blind SQL Injection Vulnerability

Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The application suffers from a...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/07/21 12:0 a.m.174 views

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. Please find a text-only version below sent to security mailing lists. The complete version on...

0.7AI score
Exploits0
0day.today
0day.today
added 2021/04/13 12:0 a.m.174 views

ExpressVPN VPN Router 1.0 - Router Login Panels Integer Overflow Vulnerability

Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow Exploit Author: Jai Kumar Sharma Vendor Homepage: https://www.expressvpn.com/ Software Link: https://www.expressvpn.com/vpn-software/vpn-router Version: version 1 Tested on: Windows/Ubuntu/MacOS CVE : CVE-2020-29238...

7.5CVSS0.8AI score0.16354EPSS
Exploits3
0day.today
0day.today
added 2020/07/08 12:0 a.m.174 views

BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password) Vulnerability

Exploit for hardware platform in category web applications Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-1494...

7.5CVSS0.4AI score0.06338EPSS
Exploits6
0day.today
0day.today
added 2020/07/02 12:0 a.m.174 views

ZenTao Pro 8.8.2 - Command Injection Exploit

Exploit for php platform in category web applications Exploit Title: ZenTao Pro 8.8.2 - Command Injection Exploit Author: Daniel Monzón & Melvin Boers Vendor Homepage: https://www.zentao.pm/ Version: 8.8.2 Tested on: Windows 10 / WampServer Other versions like pro or enterprise edition could be...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/06/16 12:0 a.m.174 views

10-Strike Bandwidth Monitor 3.9 Unquoted Service Path Vulnerability

10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities. Exploit Title: Bandwidth Monitor 3.9 - Unquoted Services Paths Exploit Author: Bobby Cooke Vendor Site: https://www.10-strike.com/...

Exploits0
0day.today
0day.today
added 2020/05/22 12:0 a.m.174 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

7.8CVSS0.4AI score0.08607EPSS
Exploits12
0day.today
0day.today
added 2019/12/03 12:0 a.m.174 views

Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Vulnerability

Exploit Title: Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Discovery by: hyp3rlinx Date: 2019-12-03 Vendor Homepage: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/10/21 12:0 a.m.174 views

VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass Vulnerability

Exploit for linux platform in category web applications Product: VeloCloud Vendor: VMware CVE ID: CVE-2019-5533 CSNC ID: CSNC-2019-007 Subject: Authorization Bypass Risk: Moderate Effect: Remotely exploitable CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Author: Silas Bärtsch Date:...

4CVSS5.3AI score0.17883EPSS
Exploits2
0day.today
0day.today
added 2019/07/05 12:0 a.m.174 views

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/11 12:0 a.m.174 views

WordPress Insert or Embed Articulate Content Plugin - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Exploit Author:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/05/15 12:0 a.m.175 views

Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability

Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in trackimportexport.php. 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injectio...

0.4AI score0.72486EPSS
Exploits6
0day.today
0day.today
added 2018/11/13 12:0 a.m.174 views

Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc / + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CISCO-IMMUNET-AND-CISCO-AMP-FOR-ENDPOINTS-SYSTEM-SCAN-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Greetz: indoushka |...

5.8AI score0.00966EPSS
Exploits6
0day.today
0day.today
added 2018/11/02 12:0 a.m.174 views

qdPM 9.1 - filter_by SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/06/22 12:0 a.m.174 views

phpLDAPadmin 1.2.2 LDAP Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Version: 1.2.2 Tested on: Pardus / Debi...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/02/10 12:0 a.m.174 views

Trend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass Exploit

Trend Micro IMSVA Management Portal version 9.1.0.1600 suffers from an authentication bypass vulnerability. Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL:...

0.5AI score
Exploits0
0day.today
0day.today
added 2016/02/10 12:0 a.m.174 views

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure

Exploit for multiple platform in category web applications Document Title: =============== Apache Sling Framework v2.3.6 Adobe AEM CVE-2016-0956 - Information Disclosure Vulnerability Adobe Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html...

7.8CVSS7.5AI score0.46187EPSS
Exploits6
0day.today
0day.today
added 2015/08/28 12:0 a.m.174 views

WordPress Responsive Thumbnail Slider Plugin 1.0 - XSS / Arbitrary File Upload Vulnerabilities

Exploit for php platform in category web applications " name="thumbnails" " style="width:50px" height="50px"/ input type="checkbox" val...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/07/27 12:0 a.m.174 views

SuperLinks SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SuperLinks SQLi Google Dork: inurl:/superlinks/browse.php?id= Date: 27/01/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Tested on: Linux, Windows Comment...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/12/14 12:0 a.m.174 views

Mediatheka 4.2 (index.php lang) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== Mediatheka 4.2 index.php lang Local File Inclusion Vulnerability ================================================================== START 0x01 Informations: Script :...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/10/12 12:0 a.m.174 views

GuildFTPd 0.999.8.11/0.999.14 Heap Corruption PoC/DoS Exploit

Exploit for unknown platform in category dos / poc ============================================================= GuildFTPd 0.999.8.11/0.999.14 Heap Corruption PoC/DoS Exploit ============================================================= GuildFTPd v0.999.8.11/v0.999.14 heap corruption PoC/DoS...

7AI score
Exploits0
0day.today
0day.today
added 2006/08/01 12:0 a.m.174 views

XMB <= 1.9.6 (u2uid) Remote SQL Injection Exploit (mq=off)

Exploit for unknown platform in category web applications ========================================================== XMB = 4.1 allowing subs / if $argc5 echo "Usage: php ".$argv0." host path username password OPTIONS\n"; echo "host: target server ip/hostname\n"; echo "path: path to XMB \n"; echo...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/05/13 12:0 a.m.173 views

PyroCMS v3.0.1 - Stored XSS Vulnerability

Exploit Title: PyroCMS v3.0.1 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS ----------------------------------------------------------------------------------------------------...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/07/04 12:0 a.m.173 views

D-Link DAP-1325 - Broken Access Control Vulnerability

Exploit Title: D-Link DAP-1325 - Broken Access Control Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticated access to...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/03/31 12:0 a.m.173 views

CoolerMaster MasterPlus 1.8.5 - (MPService) Unquoted Service Path Vulnerability

Exploit Title: CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path Exploit Author: Damian Semon Jr Blue Team Alpha Version: 1.8.5 Vendor Homepage: https://masterplus.coolermaster.com/ Software Link: https://masterplus.coolermaster.com/ Tested on: Windows 10 64x Step to discover the...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.173 views

WebTareas 2.4 - Remote Command Execution (Authorized) Vulnerability

Exploit Title: WebTareas 2.4 - RCE Authorized Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.4...

6.8AI score
Exploits0
0day.today
0day.today
added 2021/07/10 12:0 a.m.173 views

Polkit D-Bus Authentication Bypass Exploit

A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operati...

7.8CVSS0.8AI score0.22193EPSS
Exploits37
0day.today
0day.today
added 2020/07/12 12:0 a.m.173 views

Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution Vulnerabilitie

Exploit for php platform in category web applications Exploit Title: Online DJ Booking Management System Project Report - RCE Through SQLi Authenticated User - admin Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/06/30 12:0 a.m.173 views

ATutor 2.2.4 Directory Traversal / Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS9AI score0.73317EPSS
Exploits11
0day.today
0day.today
added 2020/06/18 12:0 a.m.173 views

Beauty Parlour Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Exploit Author: Prof. Kailas PATIL krp Vendor Homepage: https://phpgurukul.com/ Software Link:...

Exploits0
0day.today
0day.today
added 2020/03/28 12:0 a.m.173 views

ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author: Mustafa Emre Gül...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/01/21 12:0 a.m.173 views

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...

5.5CVSS0.3AI score0.00967EPSS
Exploits8
0day.today
0day.today
added 2019/03/10 12:0 a.m.173 views

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting

Exploit for multiple platform in category web applications Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 ...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/30 12:0 a.m.173 views

FTPShell Client 6.70 Enterprise Edition Stack Buffer Overflow Exploit

This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 Enterprise edition allowing remote code execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTPShell client...

10CVSS0.5AI score0.69692EPSS
Exploits9
0day.today
0day.today
added 2018/05/25 12:0 a.m.173 views

PHP Login And User Management 4.1.0 Shell Upload Vulnerability

Exploit for php platform in category web applications Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary...

8.9AI score0.04582EPSS
Exploits2
0day.today
0day.today
added 2015/12/11 12:0 a.m.173 views

bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability

bitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability. Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details...

9CVSS0.7AI score0.06631EPSS
Exploits5
0day.today
0day.today
added 2015/03/21 12:0 a.m.173 views

ZTE ZXV10-H201L Multiple Vulnerabilities

Exploit for hardware platform in category web applications /-------------------------------------------------/ /Exploits found by TheWalk1ngShad0w / /My email: email protected / /-------------------------------------------------/ Exploit tested & working on modem with this build info:...

7.1AI score
Exploits0
Total number of security vulnerabilities5000