Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2006/01/09 12:0 a.m.612 views

Magic News Plus <= 1.0.3 Admin Pass Change Exploit

Exploit for unknown platform in category web applications ================================================== Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where t...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/03/13 12:0 a.m.611 views

Shopify Cross Site Scripting Vulnerability

Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/09/27 12:0 a.m.611 views

Joomla Component com_foxcontact Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/08/22 12:0 a.m.610 views

FLIR AX8 1.46.16 Remote Command Execution Exploit

-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46....

9.8CVSS7.9AI score0.99607EPSS
Exploits11
0day.today
0day.today
added 2020/08/22 12:0 a.m.609 views

vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' = %q This module exploits a PHP...

7.5CVSS6.5AI score0.80635EPSS
Exploits12
0day.today
0day.today
added 2021/09/01 12:0 a.m.608 views

Moxa Command Injection / Cross Site Scripting Vulnerabilities

======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage...

10CVSS0.5AI score0.94859EPSS
Exploits45
0day.today
0day.today
added 2020/07/30 12:0 a.m.608 views

Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ======================================================================= title: Stored Cross-Site Scripting XSS Vulnerability product: Namirial SIGNificant SignAnyWhere vulnerable version: v6.10.60.25434 SSP v4.22.60.25434 v6.10.100.25817 SSP...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/07/30 12:0 a.m.608 views

Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Exploit

Exploit for hardware platform in category web applications Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Exploit Author: 0xmmnbassel Vendor Homepage:...

7.5CVSS0.7AI score0.99992EPSS
Exploits26
0day.today
0day.today
added 2021/12/28 12:0 a.m.607 views

Microsoft Windows Explorer Preview Pane Security Bypass Vulnerability

Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt. Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Exploit Author: Eduar...

6.9AI score
Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.607 views

Simple Startup Manager 1.17 - (File) Local Buffer Overflow Exploit

Exploit Title: Simple Startup Manager 1.17 - 'File' Local Buffer Overflow PoC Exploit Author: PovlTekstTV Vulnerable Software: Simple Startup Manager Software Link Download: http://www.ashkon.com/download/startup-manager.exe Version: 1.17 Vulnerability Type: Local Buffer Overflow Tested on: Windo...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/01/29 12:0 a.m.607 views

Exim ESMTP GHOST Denial Of Service Exploit

Exim ESTMP denial of service exploit that leverages the GHOST glibc gethostbyname buffer overflow. The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash. !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128 CVE-2015-0235 GHOST...

10CVSS0.2AI score0.94859EPSS
Exploits29
0day.today
0day.today
added 2020/04/03 12:0 a.m.606 views

DotNetNuke Cookie Deserialization Remote Code Execution Exploit

This Metasploit module exploits a deserialization vulnerability in DotNetNuke DNN versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type ...

8.8CVSS8.1AI score0.94789EPSS
Exploits10
0day.today
0day.today
added 2017/04/19 12:0 a.m.606 views

Microsoft Word - .RTF Remote Code Execution Exploit

Exploit for windows platform in category remote exploits ''' Exploit Title: Exploit CVE-2017-0199 Word RTF RCE vulnerability to gain meterpreter shell Date: 17/04/2017 Exploit Author: Bhadresh Patel Version: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsof...

9.3CVSS8.4AI score0.99933EPSS
Exploits29
0day.today
0day.today
added 2022/08/04 12:0 a.m.605 views

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...

9.8CVSS9.7AI score0.9994EPSS
Exploits5
0day.today
0day.today
added 2021/10/31 12:0 a.m.605 views

Sophos UTM WebAdmin SID Command Injection Exploit

This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

9.8CVSS10AI score0.96693EPSS
Exploits9
0day.today
0day.today
added 2014/09/18 12:0 a.m.605 views

WordPress Theme Jupiter Arbitrary File Download Vulnerability

WordPress Theme Jupiter suffers from Arbitrary File Download Vulnerability Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:wp-content/themes/jupiter Demo sites:...

7AI score
Exploits0
0day.today
0day.today
added 2022/06/27 12:0 a.m.603 views

Mailhog 1.0.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on: Windows,Linux,Docker CV...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/10/26 12:0 a.m.601 views

FreeSWITCH 1.10.6 SIP Digest Leak Vulnerability

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the...

7.5CVSS6.7AI score0.00799EPSS
Exploits3
0day.today
0day.today
added 2024/11/14 12:0 a.m.600 views

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass...

8.7CVSS7AI score0.11452EPSS
Exploits3
0day.today
0day.today
added 2023/11/10 12:0 a.m.600 views

Apache ActiveMQ Unauthenticated Remote Code Execution Exploit

This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. This module requires Metasploit:...

10CVSS9.8AI score0.99654EPSS
Exploits31
0day.today
0day.today
added 2019/03/29 12:0 a.m.599 views

Magento 2.3.0 SQL Injection Exploit

Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit. !/usr/bin/env python3 Magento 2.2.0 = 2.3.0 Unauthenticated SQLi Charles Fol SOURCE & SINK The sink from-to SQL condition has been present from Magento 1.x onwards. The source...

0.9AI score
Exploits0
0day.today
0day.today
added 2023/08/17 12:0 a.m.598 views

Maltrail 0.53 Unauthenticated Command Injection Exploit

Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.checkoutput function in mailtrail/core/http.py contains a...

8AI score
Exploits0
0day.today
0day.today
added 2023/01/22 12:0 a.m.598 views

OpenText Extended ECM 22.3 cs.exe Remote Code Execution Vulnerability

======================================================================= title: Pre-authenticated Remote Code Execution in cs.exe product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45923 impact: Critical...

8.8CVSS0.4AI score0.01874EPSS
Exploits2
0day.today
0day.today
added 2021/11/03 12:0 a.m.599 views

PHP Melody 3.0 - Persistent Cross-Site Scripting Vulnerability

Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting XSS Vendor Homepage: https://www.phpsugar.com/phpmelody.html Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ====================...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/27 12:0 a.m.598 views

eGroupWare 1.14 - (spellchecker.php) Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/09 12:0 a.m.595 views

ABB Cylon Aspect 3.08.02 bbmdUpdate.php Remote Code Execution Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-one error in...

9.3CVSS9.9AI score0.02846EPSS
Exploits17
0day.today
0day.today
added 2021/10/18 12:0 a.m.594 views

Wordpress Duplicator 1.3.26 Plugin - Unauthenticated Arbitrary File Read Exploit

Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Exploit Author: nam3lum Vendor Homepage: https://wordpress.org/plugins/duplicator/ Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip Version: 1.3.26 Tested on: Ubuntu 16.04 CVE :...

7.5CVSS0.2AI score0.97822EPSS
Exploits11
0day.today
0day.today
added 2020/07/22 12:0 a.m.594 views

ZenTao Pro 8.8.2 Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...

9.6CVSS9.5AI score0.17225EPSS
Exploits4
0day.today
0day.today
added 2023/06/26 12:0 a.m.593 views

Xenforo Version 2.2.13 - Authenticated Stored XSS Vulnerability

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/10/25 12:0 a.m.592 views

GLPI 10.0.2 Command Injection Exploit

This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GL...

9.8CVSS0.5AI score0.99628EPSS
Exploits13
0day.today
0day.today
added 2022/09/15 12:0 a.m.592 views

Gitea 1.16.6 - Remote Code Execution Exploit

Exploit Title: Gitea Git Fetch Remote Code Execution Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration...

7.5CVSS0.2AI score0.87678EPSS
Exploits8
0day.today
0day.today
added 2021/11/29 12:0 a.m.592 views

orangescrum 1.8.0 - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Testeted o...

Exploits0
0day.today
0day.today
added 2024/10/22 12:0 a.m.591 views

BYOB Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation...

9.8CVSS7.8AI score0.05635EPSS
Exploits3
0day.today
0day.today
added 2023/10/19 12:0 a.m.591 views

Atlassian Confluence Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new...

9.8CVSS7.8AI score0.99156EPSS
Exploits39
0day.today
0day.today
added 2021/11/27 12:0 a.m.591 views

Gerdab.ir SQL Injection Vulnerability

This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/11 12:0 a.m.591 views

YeaLink SIP-TXXXP 53.84.0.15 - (cmd) Command Injection Vulnerability

Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the Networking Tab to...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/26 12:0 a.m.591 views

dotProject 2.1.9 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9...

6.8CVSS7.8AI score0.23129EPSS
Exploits7
0day.today
0day.today
added 2023/01/22 12:0 a.m.590 views

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation Vulnerabilities

======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45924,...

8.8CVSS8.3AI score0.16972EPSS
Exploits7
0day.today
0day.today
added 2021/11/15 12:0 a.m.591 views

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...

9.8CVSS10AI score0.35047EPSS
Exploits5
0day.today
0day.today
added 2023/08/08 12:0 a.m.589 views

Citrix ADC (NetScaler) Remote Code Execution Exploit

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root. This module requires Metasploit:...

9.8CVSS10AI score0.99445EPSS
Exploits16
0day.today
0day.today
added 2025/01/02 12:0 a.m.588 views

WordPress Wr Age Verification 2.0.0 SQL Injection Vulnerability

CVE-2024-55980 Wr Age Verification = 5.0.12 time-based blind - Parameter replace P...

9.3CVSS9.5AI score0.00729EPSS
Exploits1
0day.today
0day.today
added 2023/11/10 12:0 a.m.588 views

F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

9.8CVSS7.4AI score0.96515EPSS
Exploits17
0day.today
0day.today
added 2021/10/26 12:0 a.m.588 views

FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication Exploit

FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...

5.3CVSS0.3AI score0.0169EPSS
Exploits4
0day.today
0day.today
added 2019/08/19 12:0 a.m.588 views

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)

Exploit for hardware platform in category web applications Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...

5CVSS10AI score0.99999EPSS
Exploits22
0day.today
0day.today
added 2023/08/09 12:0 a.m.587 views

Metabase Remote Code Execution Exploit

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...

9.8CVSS9.7AI score0.97924EPSS
Exploits36
0day.today
0day.today
added 2022/09/26 12:0 a.m.587 views

Active eCommerce CMS 6.3.0 Arbitrary File Download Vulnerability

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

0.2AI score
Exploits0
0day.today
0day.today
added 2023/02/06 12:0 a.m.586 views

Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...

7.8CVSS7.7AI score0.09783EPSS
Exploits8
0day.today
0day.today
added 2023/11/19 12:0 a.m.585 views

TP-Link ER605 Unauthent LAN-side Remote Code Execution Exploit

TP-Link ER605 command injection lead to unauthent LAN-side RCE...

8AI score
Exploits0
0day.today
0day.today
added 2023/07/06 12:0 a.m.585 views

Steam Community turn up the level Exploit

You can infinitely raise your level 2 levels per second, our profile in https://steamcommunity.com/id/St4ck/ Recommended to run the exploit once a day for 3 hours in order not to get banned. After purchase, you will receive instructions and a guarantee for the material...

6.9AI score
Exploits0
0day.today
0day.today
added 2022/04/20 12:0 a.m.585 views

Multi Language-Pharmacy Management System v1.0 SQL injection Vulnerability

Title: Multi Language-Pharmacy Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/mayurik Software: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Reference:...

6.8AI score
Exploits0
Total number of security vulnerabilities5000