Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2021/10/22 12:0 a.m.664 views

Clinic Management System 1.0 - SQL injection to Remote Code Execution Exploit

Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

Exploits0
0day.today
0day.today
added 2009/11/13 12:0 a.m.662 views

Samba 3.0.10 - 3.3.5 Format String And Security Bypass Vulnerabilities

Exploit for unknown platform in category remote exploits ====================================================================== Samba 3.0.10 - 3.3.5 Format String And Security Bypass Vulnerabilities ====================================================================== Title: Samba 3.0.10 - 3.3.5...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/02/17 12:0 a.m.661 views

Google Play Protect 22.4.25 Detection Bypass Vulnerability

Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Exploit Author: Aryan Chehreghani Contact: email protected Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play Protect is Google's built-in...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.661 views

VMware ESXi Use-After-Free / Out-Of-Bounds Access Vulnerability

Several security issues have been identified in the VMware ESIx virtual machine monitor VMM. A use-after-free UAF vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads. Overview ======= We...

8.4CVSS0.1AI score0.00587EPSS
Exploits4
0day.today
0day.today
added 2024/10/22 12:0 a.m.660 views

Magento / Adobe Commerce Remote Code Execution Exploit

This Metasploit module uses a combination of an arbitrary file read CVE-2024-34102 and a buffer overflow in glibc CVE-2024-2961. It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce and earlier versions if the PHP and glibc versions are also...

9.8CVSS9AI score0.99994EPSS
Exploits38
0day.today
0day.today
added 2017/05/14 12:0 a.m.658 views

miniupnpc 2.0.20170421 Denial Of Service Exploit

miniupnpc suffers from an integer signedness error when parsing a chunked encoded http response. Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 0.6 Date: May 1st, 2017 Tag: miniupnp miniupnpc getHTTPResponse chunked encoding integer signedness error Overview...

7.5CVSS0.4AI score0.24027EPSS
Exploits6
0day.today
0day.today
added 2019/01/23 12:0 a.m.657 views

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation Exploit

Exploit for linux platform in category web applications Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...

7.5CVSS0.2AI score0.89362EPSS
Exploits10
0day.today
0day.today
added 2022/10/04 12:0 a.m.656 views

Windows Kerberos RC4 MD4 Encryption Downgrade Privilege Escalation Vulnerability

Windows: Kerberos RC4 MD4 Encryption Downgrade EoP Platform: Windows 10+ Class: Elevation of Privilege Security Boundary: User Summary: The KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in EoP. NOTE: I tried to look if...

8.1CVSS9AI score0.08077EPSS
Exploits6
0day.today
0day.today
added 2018/08/28 12:0 a.m.654 views

Dojo Toolkit 1.13 Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications Product: Dojo Toolkit Manufacturer: JS Foundation Affected Versions: 1.13 Tested Versions: 1.13, 1.10.7 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2018-07-02 Solution...

8AI score0.02611EPSS
Exploits2
0day.today
0day.today
added 2025/02/20 12:0 a.m.652 views

BeyondTrust Remote Code Execution Exploit

This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. This module requires...

9.8CVSS8.8AI score0.89914EPSS
Exploits14
0day.today
0day.today
added 2019/06/07 12:0 a.m.652 views

Exim 4.87 < 4.91 - (Local / Remote) Command Execution Exploit

Qualys Security Advisory The Return of the WIZard: RCE in Exim CVE-2019-10149 ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default...

10CVSS9.8AI score0.99961EPSS
Exploits27
0day.today
0day.today
added 2017/06/06 12:0 a.m.651 views

Cisco Catalyst 2960 IOS 12.2(55)SE1 - ROCEM Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/python Author: Artem Kondratenko @artkond import socket import sys from time import sleep setcredless = True if lensys.argv 3: print sys.argv0 + ' host --set/--unset' sys.exit elif sys.argv2 == '--unset': setcredless = False elif...

10CVSS0.2AI score0.98975EPSS
Exploits12
0day.today
0day.today
added 2008/06/14 12:0 a.m.650 views

AlstraSoft AskMe Pro <= 2.1 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ================================================================== AlstraSoft AskMe Pro = 2.1 Multiple SQL Injection Vulnerabilities ================================================================== Discovered By: t0pP8uZz Discovered On: ...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/09/29 12:0 a.m.649 views

Linux OverlayFS Local Privilege Escalation Exploit

This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mou...

7.8CVSS7AI score0.0788EPSS
Exploits14
0day.today
0day.today
added 2017/06/30 12:0 a.m.647 views

Apache ActiveMQ < 5.14.0 - Web Shell Upload Exploit

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: http://metasploit.com/download Current source:...

7.5CVSS0.5AI score0.98518EPSS
Exploits19
0day.today
0day.today
added 2023/03/10 12:0 a.m.645 views

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. This module requires Metasploit:...

8.8CVSS9AI score0.80274EPSS
Exploits4
0day.today
0day.today
added 2025/01/08 12:0 a.m.642 views

Netwave IP Camera Secret Disclosure Exploit

!/bin/bash Exploit Title: Netwave Google Dork: "Netwave security camera" "Live feed" Exploit Author: Jeremie Amsellem Version: No version specified by the vendor Tested on: Kali Linux Written by lp1 Run this exploit on a vulnerable Netwave Camera in order To dump the camera's network configuratio...

7.5CVSS7.1AI score0.03446EPSS
Exploits2
0day.today
0day.today
added 2019/07/02 12:0 a.m.641 views

Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)

/ Title: Linux/ARM64 - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 128 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/09 12:0 a.m.639 views

ABB Cylon Aspect 3.08.02 uploadDb.php Remote Code Execution Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the contents of an uploaded .db file, which is passed to the copyFile.sh script. Although the filename is sanitized, the...

9.3CVSS9.9AI score0.02846EPSS
Exploits10
0day.today
0day.today
added 2019/06/18 12:0 a.m.639 views

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)

Title: Linux/x8664 - execve/bin/sh 22 bytes ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 22 bytes ;github = https://github.com/STARRBOY ============ASM=========================== global start section .text start: ;int execveconst char filename, char const argv,char const...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/27 12:0 a.m.638 views

pfSense 2.4.4-p3 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freeb...

6.8CVSS0.54541EPSS
Exploits4
0day.today
0day.today
added 2019/11/17 12:0 a.m.638 views

Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal / Remote Code Execution

!/usr/bin/python """ Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability Steven Seeley mrme of Source Incite - 2019 SRC: SRC-2019-0034 CVE: CVE-2019-1821 Example: ======== saturn: mrme$ ./poc.py + usage: ./poc.py + eg: ./poc.py...

10CVSS0.5AI score0.98092EPSS
Exploits12
0day.today
0day.today
added 2020/05/06 12:0 a.m.636 views

TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection Vulnerability

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method handler for /setEncryptKey.fcgi of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a...

9CVSS0.2AI score0.07951EPSS
Exploits4
0day.today
0day.today
added 2022/02/28 12:0 a.m.635 views

Win32k ConsoleControl Offset Confusion / Privilege Escalation Exploit

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This...

7.8CVSS8.3AI score0.80968EPSS
Exploits41
0day.today
0day.today
added 2021/11/04 12:0 a.m.635 views

GitLab Unauthenticated Remote ExifTool Command Injection Exploit

This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition CE and Enterprise Edition EE. The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user. This module requires...

10CVSS9.4AI score0.99981EPSS
Exploits57
0day.today
0day.today
added 2018/12/12 12:0 a.m.635 views

PrestaShop 1.6.x/1.7.x - Remote Code Execution Exploit

Exploit for php platform in category web applications ?php / PrestaShop 1.6.x = 1.6.1.23 & 1.7.x = 1.7.4.4 - Back Office Remote Code Execution See https://github.com/farisv/PrestaShop-CVE-2018-19126 for explanation. Chaining multiple vulnerabilities to trigger deserialization via phar. Date:...

0.2AI score0.22535EPSS
Exploits6
0day.today
0day.today
added 2016/06/06 12:0 a.m.635 views

Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)

Exploit for php platform in category web applications 0day.today 2018-04-14...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/09/05 12:0 a.m.634 views

WordPress All-in-One WP Migration 7.64 plugin - Unauthenticated Backup Download Exploit

Title: All-in-One-WP-Migration-7.64 low-protection-file-disclosure - Unauthenticated Backup Download Author: nu11secur1ty Date: 09.01.2022 Vendor: https://servmask.com/ Software: https://wordpress.org/plugins/all-in-one-wp-migration/ Reference:...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.634 views

Plex Unpickle Dict Windows Remote Code Execution Exploit

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will b...

7.2CVSS7.8AI score0.7275EPSS
Exploits4
0day.today
0day.today
added 2018/07/20 12:0 a.m.633 views

CMS Made Simple 2.2.5 Authenticated Remote Command Execution Exploit

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module requires Metasploit: https://metasploit.com/download Current source:...

4.3CVSS6.4AI score0.40548EPSS
Exploits15
0day.today
0day.today
added 2018/03/20 12:0 a.m.633 views

Linux Kernel < 3.16.39 (Debian 8 x64) - inotfiy Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits / CVE-2017-7533 inotfiy linux kernel vulnerability. $ gcc -o exploit exploit.c -lpthread $./exploit Listening for events. Listening for events. alloclen : 50 longname="testdir/bbbb32103210321032100��1����" handleevents event-name : b, event-le...

6.9CVSS7.6AI score0.01223EPSS
Exploits3
0day.today
0day.today
added 2024/10/03 12:0 a.m.632 views

Linux kernel versions 6.8. Local Privilege Escalation 0day Exploit

...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/11/09 12:0 a.m.632 views

Moodle Cross Site Scripting / Server-Side Request Forgery Vulnerabilities

Moodle versions 3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, and 3.5 to 3.5.16 suffer from cross site scripting and server-side request forgery vulnerabilities. Moodle is an opensource learning management system, popular in universities and workplaces largely used to manage courses, activities and...

5.4CVSS5.8AI score0.01277EPSS
Exploits2
0day.today
0day.today
added 2022/08/10 12:0 a.m.631 views

Zimbra zmslapd Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...

7.8CVSS0.4AI score0.01683EPSS
Exploits4
0day.today
0day.today
added 2015/11/20 12:0 a.m.626 views

Chkrootkit Local Privilege Escalation Exploit

Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default. This module requires Metasploit: http://metasploit.com/download Current source:...

3.7CVSS0.6AI score0.03828EPSS
Exploits6
0day.today
0day.today
added 2023/03/07 12:0 a.m.625 views

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root. ¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯...

8.8CVSS9AI score0.02501EPSS
Exploits4
0day.today
0day.today
added 2024/02/05 12:0 a.m.624 views

runc 1.1.11 File Descriptor Leak Privilege Escalation Exploit

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc typically root...

8.6CVSS7.4AI score0.18087EPSS
Exploits18
0day.today
0day.today
added 2022/11/02 12:0 a.m.624 views

Webmin 1.984 File Manager Remote Code Execution Exploit

In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote code execution via a crafted...

8.8CVSS8.7AI score0.96977EPSS
Exploits13
0day.today
0day.today
added 2018/03/19 12:0 a.m.622 views

Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset Local Privilege Escalation Exploi

Exploit for linux platform in category local exploits / EDB Note: Download https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44300.zip Video https://www.youtube.com/watch?v=qchiJn94kTo / / decr.c / / Ubuntu 16.04 local root exploit - netfilter targetoffset...

6.8AI score
Exploits0
0day.today
0day.today
added 2025/01/02 12:0 a.m.621 views

WordPress Code Generator Pro 1.2 SQL Injection Vulnerability

CVE-2024-55978 Code Generator Pro = 1.2 - Unauthenticated SQL Injection Description The Code Generator Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

9.3CVSS7.1AI score0.00747EPSS
Exploits1
0day.today
0day.today
added 2023/10/30 12:0 a.m.621 views

Splunk edit_user Capability Privilege Escalation Exploit

Splunk suffers from an issue where a low-privileged user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edituser capability does not honor the grantableRoles...

8.8CVSS7.8AI score0.73537EPSS
Exploits7
0day.today
0day.today
added 2024/05/22 12:0 a.m.620 views

Joomla 4.2.8 Information Disclosure Exploit

!/bin/bash Exploit Title: Joomla! \n" exit 1 else echo -e "\n Joomla! out.tmp echo -e "\ni Database info:\n" echo -e "+ DB Type: $sed -E 's/."dbtype":"^"+"./\1/' out.tmp" echo -e "+ DB Host: $sed -E 's/."host":"^"+"./\1/' out.tmp" echo -e "\e92m+ DB User: $sed -E 's/."user":"^"+"./\1/' out.tmp\e0...

5.3CVSS7.2AI score0.99827EPSS
Exploits43
0day.today
0day.today
added 2021/07/16 12:0 a.m.620 views

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

9.8CVSS0.7AI score0.99999EPSS
Exploits13
0day.today
0day.today
added 2019/06/30 12:0 a.m.620 views

Windows Escalate UAC Protection Bypass Via SilentCleanup Exploit

There's a task in Windows Task Scheduler called "SilentCleanup" which, while it's executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%\system32\cleanmgr.exe. Since it runs as Users, and we can control user's environment variables, %windir%...

0.7AI score
Exploits0
0day.today
0day.today
added 2021/10/07 12:0 a.m.619 views

Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation Exploit

A heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a denial of service via heap memory corruption through user name space. Kernels up to and including 5.11 are vulnerable. This module...

8.3CVSS8.2AI score0.78684EPSS
Exploits21
0day.today
0day.today
added 2023/09/26 12:0 a.m.618 views

Elasticsearch 8.5.3 Stack Overflow Exploit

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

7.5CVSS7.1AI score0.60679EPSS
Exploits4
0day.today
0day.today
added 2022/04/21 12:0 a.m.617 views

Linux Kernel watch_queue Out-Of-Bounds Write Exploit

This Metasploit module exploits a vulnerability in the Linux Kernel's watchqueue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the first attempt so multiple attempts may be needed. Note that the exploit can potentially cause a denial ...

7.8CVSS0.1AI score0.06197EPSS
Exploits10
0day.today
0day.today
added 2007/01/27 12:0 a.m.615 views

nsGalPHP (includes/config.inc.php racineTBS) Remote Inclusion Vuln

Exploit for unknown platform in category web applications ================================================================== nsGalPHP includes/config.inc.php racineTBS Remote Inclusion Vuln ================================================================== | | \ | S.W.A.T. | / \ | | / / || \ / ...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/11/22 12:0 a.m.614 views

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Privilege Escalation Vulnerability

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities. Vulnerability Details & Technic...

9.8CVSS8.2AI score0.06801EPSS
Exploits4
0day.today
0day.today
added 2006/01/09 12:0 a.m.613 views

Magic News Plus <= 1.0.3 Admin Pass Change Exploit

Exploit for unknown platform in category web applications ================================================== Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where t...

7.1AI score
Exploits0
Total number of security vulnerabilities5000