Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2006/11/14 12:0 a.m.556 views

ContentNow 1.30 (upload/xss) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ ContentNow 1.30 upload/xss Multiple Remote Vulnerabilities ============================================================ ContentNow Directory Traversalupload.php...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/02/22 12:0 a.m.555 views

Linux io_uring Use-After-Free Exploit

The Linux kernel suffers from a use-after-free of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without waiting for the required grace period. Summary UAF of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without...

6.9AI score0.00219EPSS
Exploits2
0day.today
0day.today
added 2021/10/22 12:0 a.m.555 views

Online Course Registration 1.0 - Blind Boolean-Based SQL Injection Exploit

Exploit Title: Online Course Registration 1.0 - Blind Boolean-Based SQL Injection Authenticated Exploit Author: Sam Ferguson @AffineSecurity and Drew Jones @qhum7sec Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2024/03/05 12:0 a.m.554 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition Vulnerability

Exploit Title: kk Star Ratings Extensions Turbo Intruder Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header e.g. "Connection: close %s". 7- Use the code examples/race.py. 8- Click "Attack" at th...

5.9CVSS5.8AI score0.00414EPSS
Exploits5
0day.today
0day.today
added 2021/11/03 12:0 a.m.554 views

RDP Manager 4.9.9.3 - Denial of Service Vulnerability

Exploit Title: RDP Manager 4.9.9.3 - Denial-of-Service PoC Vendor Homepage: https://www.cinspiration.de/uebersicht4.html Software Link: https://www.cinspiration.de/download.html Version: 4.9.9.3 Product & Service Introduction: =============================== RDP-Manager is a program for the bette...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/11/02 12:0 a.m.554 views

Codiad 2.8.4 - Remote Code Execution Exploit (4)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 4 Author: P4p4M4n3 Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Type: WebApp ------------------------------------- Proof of Concept: 1- login on codiad 2- go to...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/04/20 12:0 a.m.554 views

QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service Exploit

!/usr/bin/python Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.qnap.com Version: 1.3.4.0317 and below are vulnerable Software Link: https://www.qnap.com/en/utilities/essentials Contact:...

7.5CVSS0.1AI score0.09796EPSS
Exploits4
0day.today
0day.today
added 2010/01/06 12:0 a.m.554 views

VP-ASP Shopping Cart 7.0 DB Download Vulnerability

Exploit for asp platform in category web applications ================================================== VP-ASP Shopping Cart 7.0 DB Download Vulnerability ================================================== ======================================================================================== |...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/09/18 12:0 a.m.553 views

Microsoft Windows TOCTOU Local Privilege Escalation Exploit

CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the...

7.8CVSS7AI score0.68202EPSS
Exploits7
0day.today
0day.today
added 2023/02/13 12:0 a.m.553 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

9.8CVSS9.8AI score0.99753EPSS
Exploits15
0day.today
0day.today
added 2023/12/10 12:0 a.m.552 views

Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution Vulnerability

Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.9AI score
Exploits0
0day.today
0day.today
added 2023/08/24 12:0 a.m.552 views

SugarCRM 12.2.0 PHP Object Injection Vulnerability

------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...

7.2CVSS7.1AI score0.01222EPSS
Exploits2
0day.today
0day.today
added 2019/07/15 12:0 a.m.552 views

Microsoft Windows Remote Desktop - (BlueKeep) Denial of Service Exploit

Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected RDP services by cve-2019-0708 Tested on: Windows XP 32-bits / Windows 7...

9.8CVSS10AI score0.99999EPSS
Exploits123
0day.today
0day.today
added 2021/12/04 12:0 a.m.551 views

DuckDuckGo 7.64.4 Address Bar Spoofing Vulnerability

Vulnerability: Address Bar Spoofing Vulnerability Product: DuckDuckGo Discovered by: Rafay Baloch and Muhammad Samak Version: 7.64.4 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Description DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"...

0.3AI score
Exploits0
0day.today
0day.today
added 2006/02/20 12:0 a.m.551 views

MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ====================================================================== MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit ====================================================================== / $Id: raptorudf2.c,v 1.1...

6.8AI score
Exploits0
0day.today
0day.today
added 2021/12/15 12:0 a.m.550 views

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection Exploit

SAP Netweaver version SAP DMIS 20111731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUCRECONRCCOUNTTABLEBIG. ======================================================================= title: Remote ABAP Code Injection in SAP IUUCRECONRCCOUNTTABLEBIG product: SAP Netweaver...

9.1CVSS0.5AI score0.02077EPSS
Exploits5
0day.today
0day.today
added 2020/08/01 12:0 a.m.550 views

CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow Exploit

This Metasploit module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot controller component when sending a specially crafted directorylist probe. Technically speaking the target host must also be vulnerable to...

10CVSS9.6AI score0.77566EPSS
Exploits9
0day.today
0day.today
added 2017/10/18 12:0 a.m.550 views

Microsoft Excel - OLE Arbitrary Code Execution Exploit

Exploit for windows platform in category dos / poc Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016...

9.3CVSS8.1AI score0.99933EPSS
Exploits29
0day.today
0day.today
added 2022/08/01 12:0 a.m.548 views

Webmin 1.996 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html Version: 1.997...

9.8CVSS0.96049EPSS
Exploits8
0day.today
0day.today
added 2021/10/13 12:0 a.m.548 views

TextPattern CMS 4.8.7 - Remote Command Execution Vulnerability

Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Exploit Author: Mert Daş email protected Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of all we should use file...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/10/13 12:0 a.m.548 views

Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution Vulnerabilities

Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if $1 == '' ; $2 ==...

9.8CVSS0.6AI score0.99964EPSS
Exploits175
0day.today
0day.today
added 2018/02/10 12:0 a.m.548 views

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

7.2CVSS0.4AI score0.09454EPSS
Exploits35
0day.today
0day.today
added 2016/05/19 12:0 a.m.549 views

SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection

Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016...

7.5CVSS9.6AI score0.7106EPSS
Exploits8
0day.today
0day.today
added 2023/01/16 12:0 a.m.547 views

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free Vulnerability

WebKit: Use-after-free of RenderMathMLToken in CSSCrossfadeValue::crossfadeChanged There is a use-after-free of a RenderMathMLToken object in CSSCrossfadeValue::crossfadeChanged. CSSCrossfadeValue extends CSSImageGeneratorValue. CSSImageGeneratorValue keeps a HashCountedSet of clients mclients of...

8.8CVSS8.6AI score0.34574EPSS
Exploits2
0day.today
0day.today
added 2021/09/05 12:0 a.m.547 views

Windows Defender Application Guard Denial Of Service Vulnerability

Windows Defender Application Guard also known as "WDAG", Microsoft Defender Application Guard, and "MDAG" can be closed by any script or website loaded in WDAG by redirecting the browser to a URL with a long hostname e.g, 10,000 characters long. This can cause a denial-of-service condition. Impac...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/22 12:0 a.m.547 views

Darktrace Enterprise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery Vulnerability

Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration. 1 ...

0.9AI score0.0162EPSS
Exploits5
0day.today
0day.today
added 2025/01/08 12:0 a.m.546 views

Banking 1.0 SQL Injection Vulnerability

Banking version 1.0 suffers from a remote SQL injection vulnerability. Titles: banking-1.0-Copyright©2025-Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html Reference:...

8.5AI score
Exploits0
0day.today
0day.today
added 2022/03/07 12:0 a.m.546 views

part-db 0.5.11 - Remote Code Execution Exploit

Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848 --------------- !/bin/bash...

10CVSS9.6AI score0.35436EPSS
Exploits5
0day.today
0day.today
added 2023/09/21 12:0 a.m.545 views

TOTOLINK Wireless Routers Remote Command Execution Exploit

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under...

9.8CVSS8.2AI score0.25889EPSS
Exploits4
0day.today
0day.today
added 2015/02/10 12:0 a.m.545 views

Wordpress Theme Divi Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Theme Divi Arbitrary File Download Vulnerability Date: 08/02/2015 Exploit Author: pool and Fran73 Vendor Homepage: http://www.elegantthemes.com/gallery/divi/ Contact : email protected YM Tested on: Linux / Window Googl...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/06/25 12:0 a.m.545 views

eHub (cart.php) SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/07/17 12:0 a.m.545 views

mail2forum phpBB Mod <= 1.2 (m2f_root_path) Remote Include Vulns

Exploit for unknown platform in category web applications ================================================================ mail2forum phpBB Mod = 1.2 m2frootpath Remote Include Vulns ================================================================ Title : mail2forum = 1.2 Multiple Remote File...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/17 12:0 a.m.543 views

SuiteCRM 7.11.18 - Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

9CVSS8.7AI score0.63267EPSS
Exploits12
0day.today
0day.today
added 2008/12/23 12:0 a.m.543 views

phpAdBoard (php uploads) Arbitrary File Upload Vulnerability

Exploit for unknown platform in category web applications ============================================================ phpAdBoard php uploads Arbitrary File Upload Vulnerability ============================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/03/07 12:0 a.m.542 views

Online Leave Management System 1.0 System SQL injection Vulnerability

Title: Online Leave Management System 1.0 System SQLi Best PHP Project Idea for Beginners 2021-2022 Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html Reference:...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/02/11 12:0 a.m.542 views

QuickDate 1.3.2 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: QuickDate 1.3.2 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11;...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/03/28 12:0 a.m.542 views

Plogger <= Beta 2.1 Administrative Credentials Disclosure Exploit

Exploit for unknown platform in category web applications ================================================================= Plogger works with magicquotesgpc = Off\r\n\r\n"; echo "dork: intext:"Powered by Plogger!" -plogger.org\r\n\r\n"; if $argc3 echo "Usage: php ".$argv0." host path...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/02/27 12:0 a.m.541 views

Wordpress Canto Plugin < 3.0.5 - Remote File Inclusion and Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os.makedirslocaldir If a local shell is p...

9.8CVSS7AI score0.0562EPSS
Exploits7
0day.today
0day.today
added 2021/11/16 12:0 a.m.540 views

Sitecore Experience Platform (XP) Remote Code Execution Exploit

This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in...

9.8CVSS9.8AI score0.97904EPSS
Exploits4
0day.today
0day.today
added 2020/07/22 12:0 a.m.540 views

WordPress NexosReal Estate 1.7 Theme - (search_order) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Softwar...

5CVSS8AI score0.05901EPSS
Exploits7
0day.today
0day.today
added 2015/11/25 12:0 a.m.540 views

BisonWare BisonFTP Server 3.5 Buffer Overflow Exploit

BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

7.5CVSS6.8AI score0.67091EPSS
Exploits7
0day.today
0day.today
added 2023/02/27 12:0 a.m.539 views

Auto Dealer Management System 1.0 SQL Injection Vulnerability

Auto Dealer Management System - SQL Injection on page viewtransaction.php and parameter is id, application url is ?page=vehicles/viewtransaction&id=? with low privilege authentication CVE Assigned: CVE-2023-0912 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Author Email:...

8.8CVSS8.6AI score0.01728EPSS
Exploits11
0day.today
0day.today
added 2024/10/15 12:0 a.m.538 views

Vivo Fibra Askey RTF8225VW Command Execution Vulnerability

The Vivo Fibra Askey RTF8225VW modem suffers from an input validation vulnerability that allows for full escalation to a functioning shell once logged in and using the restricted aspsh shell. --- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to...

7.5AI score
Exploits0
0day.today
0day.today
added 2024/01/31 12:0 a.m.538 views

Mirth Connect 4.4.0 Remote Command Execution Exploit

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

9.8CVSS7.3AI score0.96129EPSS
Exploits22
0day.today
0day.today
added 2020/01/04 12:0 a.m.538 views

Oracle solaris sshd Remote Root Exploit

amd64/sparc targets, used vs. solaris in datacenters only rare across the perimeter...

4AI score
Exploits0
0day.today
0day.today
added 2014/04/15 12:0 a.m.538 views

Xerox DocuShare - SQL Injection Vulnerability

Exploit for hardware platform in category web applications The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/09/12 12:0 a.m.537 views

MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation

Exploit for multiple platform in category local exploits ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6662 - Release date: 12.09.2016 - Severity: Critical ============================================...

10CVSS0.4AI score0.6773EPSS
Exploits22
0day.today
0day.today
added 2011/08/13 12:0 a.m.537 views

SikaBoom Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python print "" print " name:SikaBoom Remote Buffer Overflow Exploit" print " Author:Angel Injection " print " EMail:email protected " print "\r\n" import socket,os,sys,time host = "IP Address" port = 4321 buffer="\x41" 268 crash...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/11/20 12:0 a.m.536 views

Jorani Leave Management System 1.0.2 Host Header Injection Vulnerability

Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested on: Windows 10,...

5.3CVSS7.5AI score0.00757EPSS
Exploits3
0day.today
0day.today
added 2022/08/27 12:0 a.m.536 views

WordPress Robo Gallery 3.2.1 plugin - XSS Stored Vulnerability

Title: WordPress 6.0.1 Plugin-Robo Gallery 3.2.1 XSS-Stored Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/robo-gallery/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery/XSS-Stored Description: Th...

0.3AI score
Exploits0
Total number of security vulnerabilities5000