Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2023/02/27 12:0 a.m.472 views

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability

ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...

9.8CVSS9.9AI score0.17399EPSS
Exploits6
0day.today
0day.today
added 2023/02/27 12:0 a.m.472 views

Music Gallery Site 1.0 SQL Injection Vulnerability

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari...

9.8CVSS9.2AI score0.01883EPSS
Exploits11
0day.today
0day.today
added 2022/11/29 12:0 a.m.472 views

Sanitization Management System 1.0 SQL Injection Vulnerability

Title: SMS - PHP by: oretnom23 v1.0 SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23, https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/download-code?nid=15770&title=Sanitization+Management+System+Project+in+PHP+and+MySQL+Free+Source+Code Reference...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/06/18 12:0 a.m.472 views

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Product HC10 HC.Server Service 10.14 HC10 is a unified hosting...

7.5CVSS7.6AI score0.08793EPSS
Exploits5
0day.today
0day.today
added 2021/12/06 12:0 a.m.471 views

Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability

Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability MSMS Vendor Description The password parameter on MSMS 1.0 appears to be vulnerable to SQL injection attacks. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was...

0.3AI score
Exploits0
0day.today
0day.today
added 2024/03/27 12:0 a.m.470 views

Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers t...

9.8CVSS8.1AI score0.99649EPSS
Exploits11
0day.today
0day.today
added 2024/01/03 12:0 a.m.470 views

CMSMS 2.2.19 Arbitrary File Upload Vulnerability

The parameter "fileupload" in type ID is vulnerable to File Upload and RCE attacks, it is not sanitized correctly. The attacker can upload a virus directly on the server by using this web vulnerability, and then he can execute it, this can be the end of this server depending on the scenario! In...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/12 12:0 a.m.470 views

Wondershare Dr.Fone 12.9.6 Weak Permissions / Privilege Escalation Vulnerability

Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...

7.8CVSS7.7AI score0.01016EPSS
Exploits4
0day.today
0day.today
added 2022/07/22 12:0 a.m.470 views

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script...

8.8CVSS0.5AI score0.71084EPSS
Exploits6
0day.today
0day.today
added 2022/04/21 12:0 a.m.470 views

ManageEngine ADSelfService Plus Custom Script Execution Exploit

This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided...

6.8CVSS0.70501EPSS
Exploits4
0day.today
0day.today
added 2022/02/01 12:0 a.m.470 views

Cisco Small Business RV Series Authentication Bypass / Command Injection Exploit

This Metasploit module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Th...

9.8CVSS0.9AI score0.72472EPSS
Exploits8
0day.today
0day.today
added 2021/12/21 12:0 a.m.470 views

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets Vulnerability

Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass. Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/10/07 12:0 a.m.470 views

Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)

; Name: Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode 415 bytes ; Author: h4pp1n3ss ; Tested on: Microsoft Windows Version 10.0.19042.1237 ; Description: ; This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this...

Exploits0
0day.today
0day.today
added 2019/11/07 12:0 a.m.470 views

Adaware Web Companion version 4.8.2078.3950 - (WCAssistantService) Unquoted Service Path

Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/ Software Link: https://webcompanion.com/en/ Version: Adaware Web Companion version 4.8.2078.3950 Tested on:...

0.7AI score
Exploits0
0day.today
0day.today
added 2023/05/26 12:0 a.m.469 views

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

10CVSS9.6AI score0.90387EPSS
Exploits15
0day.today
0day.today
added 2021/11/29 12:0 a.m.469 views

opencart 3.0.3.8 - Sessjion Injection Vulnerability

Exploit Title: opencart 3.0.3.8 - Sessjion Injection Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10 using XAMPP,...

Exploits0
0day.today
0day.today
added 2020/08/01 12:0 a.m.469 views

WebRTC usrsctp Incorrect Call Vulnerability

WebRTC: usrsctp is called with pointer as network address When usrsctp is used with a custom transport, an address must be provided to usrsctpconninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value...

6.5CVSS8.1AI score0.0779EPSS
Exploits6
0day.today
0day.today
added 2020/07/20 12:0 a.m.469 views

Employee Record Management System 1.1 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Employee Record Management SystemERMS 1.1 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/02/26 12:0 a.m.469 views

Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit

Exploit for windows platform in category remote exploits EDB-Note: Source https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS08067.py import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from...

10CVSS9.2AI score0.98751EPSS
Exploits12
0day.today
0day.today
added 2020/07/23 12:0 a.m.468 views

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability

Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/03/09 12:0 a.m.468 views

Microsoft Windows - (WizardOpium) Local Privilege Escalation Exploit

include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx, sizeofwcx; wcx.hInstance = hInstance; wcx.cbSize = sizeofwcx;...

7.8CVSS0.5AI score0.73856EPSS
Exploits10
0day.today
0day.today
added 2014/11/26 12:0 a.m.468 views

Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit

Exploit for linux platform in category local exploits / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen email protected Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include include include...

7.2CVSS0.37233EPSS
Exploits15
0day.today
0day.today
added 2024/06/05 12:0 a.m.468 views

WordPress Hash Form Plugin Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Hash Form Plugin RCE', 'Description' = %q The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical...

9.8CVSS7AI score0.50934EPSS
Exploits8
0day.today
0day.today
added 2023/12/21 12:0 a.m.467 views

Glibc Tunables Privilege Escalation Exploit

A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBCTUNABLES when launching binaries with SUID permission to execute co...

7.8CVSS8.3AI score0.81422EPSS
Exploits28
0day.today
0day.today
added 2023/05/19 12:0 a.m.467 views

Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload Vulnerabilities

======================================================================= title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: =3.8.49 fixed version: 3.8.50 or higher CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079 impact: High...

6.4CVSS7.1AI score0.00513EPSS
Exploits3
0day.today
0day.today
added 2023/03/07 12:0 a.m.467 views

Oracle Database 19c Access Bypass Vulnerability

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022. Title: Oracle Database Vault Protected Table With Realm Data Extraction...

6.8AI score
Exploits0
0day.today
0day.today
added 2019/05/03 12:0 a.m.467 views

Instagram Auto Follow - Authentication #Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/01/10 12:0 a.m.467 views

Adobe Coldfusion 11 CKEditor Arbitrary File Upload Exploit

A file upload vulnerability exists in the CKEditor of Adobe ColdFusion 11 Update 14 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion CKEditor unrestricted file...

10CVSS0.5AI score0.9995EPSS
Exploits11
0day.today
0day.today
added 2018/01/07 12:0 a.m.467 views

Cisco IOS - Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...

9CVSS0.70559EPSS
Exploits8
0day.today
0day.today
added 2025/01/09 12:0 a.m.466 views

ABB Cylon Aspect 3.08.02 webServerUpdate.php Configuration Poisoning Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from improper input validation on the port POST parameter in the webServerUpdate.php script. This input is not validated on the server side and relies on bypassable client-side checks using the inString.js script to verify that the port parameter contains...

7.6AI score
Exploits0
0day.today
0day.today
added 2024/03/20 12:0 a.m.466 views

Hitachi NAS SMU 14.8.7825 Information Disclosure Vulnerability

Exploit Title: Hitachi NAS HNAS System Management Unit SMU 14.8.7825 - Information Disclosure CVE: CVE-2023-6538 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host", required=True, type=str,...

7.6CVSS7.1AI score0.01583EPSS
Exploits5
0day.today
0day.today
added 2024/03/14 12:0 a.m.466 views

KiTTY 0.76.1.13 - Command Injection Exploit

Exploit Title: KiTTY 0.76.1.13 - Command Injection Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤ 0.76.1.13 Tested on: Microsoft Windows...

7.8CVSS7.7AI score0.04692EPSS
Exploits5
0day.today
0day.today
added 2024/03/06 12:0 a.m.466 views

GL.iNet - Router Authentication Bypass Exploit

DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...

7.2AI score0.00764EPSS
Exploits3
0day.today
0day.today
added 2022/12/27 12:0 a.m.466 views

Textpattern 4.8.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/22 12:0 a.m.466 views

WordPress Delightful Downloads Jquery File Tree 1.6.6 Plugin - Path Traversal Exploit

Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal Exploit Author: Nicholas Ferreira Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads Version: =1.6.6 Tested on: Debian 11 CVE : CVE-2017-1000170 PHP version exploit: 7.3.27 POC: curl --da...

7.6CVSS7.6AI score0.59063EPSS
Exploits14
0day.today
0day.today
added 2020/08/22 12:0 a.m.466 views

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Exploit

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoin...

7.7AI score
Exploits0
0day.today
0day.today
added 2020/03/15 12:0 a.m.466 views

Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability

Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. ======================================================================= title: Authenticated Command...

8.8AI score0.08894EPSS
Exploits15
0day.today
0day.today
added 2016/11/29 12:0 a.m.466 views

WinPower 4.9.0.4 - Privilege Escalation Exploit

Exploit for windows platform in category local exploits Exploit Title: WinPower V4.9.0.4 Privilege Escalation Date: 29-11-2016 Software Link: http://www.ups-software-download.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category:...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/05/09 12:0 a.m.465 views

ManageEngine ADAudit Plus Remote Code Execution Exploit

This Metasploit module exploits security issues in ManageEngine ADAudit Plus versions prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided...

9.8CVSS9.8AI score0.70325EPSS
Exploits3
0day.today
0day.today
added 2005/03/21 12:0 a.m.465 views

phpBB <= 2.0.12 Change User Rights Authentication Bypass

Exploit for unknown platform in category web applications ======================================================== phpBB new ; my $cookiejar = HTTP::Cookies-new ; $browser-cookiejar $cookiejar ; $cookiejar-setcookie "0","phpbb2mysqldata", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3B...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/30 12:0 a.m.464 views

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:. inurl:web/teacherapp .:. Date:Jan 20, 2025 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://myschool-system.com/ .:. Vendor...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/05/22 12:0 a.m.464 views

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit

CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The...

8.8CVSS6.2AI score0.80454EPSS
Exploits7
0day.today
0day.today
added 2023/05/26 12:0 a.m.464 views

Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability

Exploit Title: Filmora 12 version Build 1.0.0.7 - Unquoted Service Paths Privilege Escalation Exploit Author: Thurein Soe Vendor Homepage: https://filmora.wondershare.com Software Link: https://mega.nz/file/tQNGGZTQE1u20rdbT4R3pgSoUBG93IPAXqesJ5yyn6T8RlMFxaE Version: Filmora 12 Build 1.0.0.7 Test...

7.8CVSS7.1AI score0.01079EPSS
Exploits6
0day.today
0day.today
added 2023/02/28 12:0 a.m.464 views

Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/08/01 12:0 a.m.464 views

WordPress Duplicator 1.4.6 Plugin - Unauthenticated Backup Download Vulnerability

Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2551 Reference:...

7.5CVSS0.5AI score0.12485EPSS
Exploits5
0day.today
0day.today
added 2021/11/18 12:0 a.m.464 views

Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free Exploit

Linux suffered from a use-after-free read vulnerability related to an SOPEERCRED and SOPEERGROUPS race with listen and connect. This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286. Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with...

7.2AI score
Exploits0
0day.today
0day.today
added 2019/12/03 12:0 a.m.464 views

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities

SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities. ======================================================================= title:...

0.4AI score0.03508EPSS
Exploits6
0day.today
0day.today
added 2023/11/14 12:0 a.m.463 views

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...

9.8CVSS10AI score0.99999EPSS
Exploits60
0day.today
0day.today
added 2023/08/08 12:0 a.m.463 views

Intelliants Subrion CMS 4.2.1 Remote Code Execution Exploit

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess...

7.2CVSS7.8AI score0.64261EPSS
Exploits10
0day.today
0day.today
added 2023/03/06 12:0 a.m.463 views

Lucee Authenticated Scheduled Job Code Execution Exploit

This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is...

7.8AI score
Exploits0
Total number of security vulnerabilities5000