Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2023/01/18 12:0 a.m.441 views

LISTSERV 17 Cross Site Scripting Vulnerability

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...

6.1CVSS0.06314EPSS
Exploits4
0day.today
0day.today
added 2011/02/24 12:0 a.m.441 views

ClanSphere 2010.3 Xss Vulnerability

Exploit for php platform in category web applications author: lemlajt software : Clansphere @ sourceforge.net version: 20103 tested on: linux cve : xss-01 PoC : POST http://localhost/www/cmsadmins/clansphere20103/clansphere20103/index.php?mod=messages&action=create $messagessubject= xss-02 Stored...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/08/01 12:0 a.m.441 views

Arab Portal v2.x (forum.php qc) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ Arab Portal v2.x forum.php qc Remote SQL Injection Exploit ============================================================ getqc &&!isset$apt-getqp $qc = $apt-getqc; $result =...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/02 12:0 a.m.440 views

WordPress Sogrid 1.5.6 Local File Inclusion Vulnerability

CVE-2024-54374 Sogrid = 1.5.6 - Unauthenticated Local File Inclusion Description The Sogrid plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...

7.5CVSS7.8AI score0.01215EPSS
Exploits1
0day.today
0day.today
added 2019/12/11 12:0 a.m.440 views

Apache Olingo OData 4.0 - XML External Entity Injection Exploit

Exploit for java platform in category web applications Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock email protected Date:...

5.5AI score0.12245EPSS
Exploits5
0day.today
0day.today
added 2017/04/25 12:0 a.m.440 views

Microsoft Office Word Malicious Hta Execution Exploit

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...

9.3CVSS8.2AI score0.99933EPSS
Exploits29
0day.today
0day.today
added 2024/01/16 12:0 a.m.439 views

Korenix JetNet Series Unauthenticated Access Exploit

------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Korenix JetNet Series vulnerable version| See "Vulnerable versions" fixed version| - CVE number| CVE-2023-5376, CVE-2023-5347 impact| High homepage| https://www.korenix.com/...

9.8CVSS7.1AI score0.01414EPSS
Exploits4
0day.today
0day.today
added 2023/05/02 12:0 a.m.439 views

ESET Forwarder 16.0.26.0 Unquoted Service Path Vulnerability

Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/04/08 12:0 a.m.439 views

PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability

Zoo Management System SQL Injection Author: D4rkP0w4r Description = sql injection at /animals?classid=1 Injection Point http://192.168.1.101:8080/ZooManagementSystem/publichtml/animals?classid=1 Exploit Exploit with Sqlmap python3 sqlmap.py -u...

8.8CVSS0.4AI score0.01518EPSS
Exploits3
0day.today
0day.today
added 2021/09/25 12:0 a.m.439 views

OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service Vulnerabilities

OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE I...

7.5CVSS0.3AI score0.02448EPSS
Exploits6
0day.today
0day.today
added 2020/03/02 12:0 a.m.439 views

Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit

Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...

9CVSS0.99965EPSS
Exploits30
0day.today
0day.today
added 2024/03/29 12:0 a.m.438 views

Dell Security Management Server <1.9.0 - Local Privilege Escalation Exploit

Exploit Title: title Dell Security Management Server versions prior to 11.9.0 Exploit Author: author Amirhossein Bahramizadeh CVE : if applicable CVE-2023-32479 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege...

7.8CVSS7.1AI score0.00087EPSS
Exploits3
0day.today
0day.today
added 2023/02/28 12:0 a.m.438 views

ChurchCRM 4.5.3 SQL Injection Vulnerability

Title: ChurchCRM-4.5.3-121fcc1-SQLi Author: nu11secur1ty Vendor: http://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be vulnerable to SQL injection...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/02/14 12:0 a.m.438 views

WordPress International SMS For Contact Form 7 Integration 1.2 CSRF Vulnerability

WordPress International SMS for Contact Form 7 Integration plugin version 1.2 suffers from a cross site request forgery vulnerability. Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross-Site Request Forgery CSRF Author: Milad Karimi Software Link:...

6.5CVSS0.2AI score0.00889EPSS
Exploits2
0day.today
0day.today
added 2021/10/26 12:0 a.m.438 views

FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication Exploit

FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-07-freeswitch-SIP-MESSAGE-without-auth - Vendor Security Advisory:...

7.5CVSS0.4AI score0.0352EPSS
Exploits5
0day.today
0day.today
added 2017/09/30 12:0 a.m.438 views

Qmail SMTP Bash Environment Variable Injection (Shellshock) Exploit

This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH Shellshock. This flaw works on the latest...

10CVSS10AI score0.99999EPSS
Exploits131
0day.today
0day.today
added 2023/08/17 12:0 a.m.437 views

Greenshot 1.3.274 Deserialization / Command Execution Exploit

There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user. This...

7.8CVSS8AI score0.07685EPSS
Exploits7
0day.today
0day.today
added 2023/05/31 12:0 a.m.437 views

Qualcomm Adreno/KGSL Data Leakage Exploit

On Qualcomm Adreno/KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL versions without CONFIGQCOMKGSLUSESHMEM, KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VMPFNMAP set, which means...

8.4CVSS7.9AI score0.0018EPSS
Exploits2
0day.today
0day.today
added 2022/10/24 12:0 a.m.437 views

Pega Platform 8.7.3 Remote Code Execution Vulnerability

Pega Platform versions 8.1.0 through 8.7.3 suffer from a remote code execution vulnerability. If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to uplo...

9.8CVSS0.4AI score0.09477EPSS
Exploits5
0day.today
0day.today
added 2022/08/01 12:0 a.m.437 views

NanoCMS v0.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS does not sanitis...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/07/01 12:0 a.m.437 views

BigBlueButton 2.3 / 2.4.7 Cross Site Scripting Vulnerability

CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting XSS in BigBlueButton Product: BigBlueButton Vendor: BigBlueButton Vulnerable Versions: 2.3, IV. References ------------------------- Security advisory...

6.5CVSS0.01179EPSS
Exploits3
0day.today
0day.today
added 2022/03/02 12:0 a.m.437 views

Printix Client 1.3.1106.0 - Remote Code Execution Exploit

Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windows 10,...

9.8CVSS9.7AI score0.18235EPSS
Exploits4
0day.today
0day.today
added 2020/07/23 12:0 a.m.437 views

Snes9K 0.09z - (Port Number) Buffer Overflow (SEH) Exploit

Exploit Title: Snes9K 0.09z - 'Port Number' Buffer Overflow SEH Exploit Author: MasterVlad Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://www.exploit-db.com/apps/ef5249b64ce34575c12970b334a08c17-snes9k009z.zip Version: 0.09z Vulnerability Type: Local Buffer...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/03/06 12:0 a.m.436 views

Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload Exploit

This Metasploit module exploits a directory traversal vulnerability CVE-2015-1830 in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default...

5CVSS9.2AI score0.84408EPSS
Exploits7
0day.today
0day.today
added 2010/04/15 12:0 a.m.436 views

Joomla Components com_extcalendar File Include Vulnerability

Exploit for php platform in category web applications ============================================================ Joomla Components comextcalendar File Include Vulnerability ============================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/09/11 12:0 a.m.435 views

OpenTSDB 2.4.1 Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4...

9.8CVSS8.5AI score0.35604EPSS
Exploits4
0day.today
0day.today
added 2023/04/12 12:0 a.m.435 views

WordPress WP Data Access 5.3.7 Privilege Escalation Vulnerability

The Wordfence team responsibly disclosed an authenticated Privilege Escalation vulnerability in the WP Data Access plugin. On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin...

8.8CVSS8.7AI score0.02726EPSS
Exploits3
0day.today
0day.today
added 2021/11/16 12:0 a.m.435 views

Online Learning System 2.0 - Remote Code Execution Exploit

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux / Windows 10 CVE...

9.8CVSS9.2AI score0.09985EPSS
Exploits4
0day.today
0day.today
added 2016/07/11 12:0 a.m.435 views

Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172

include include // Exploit Title: Continuously-Probing Reverse Shell via Socket + port-range + password 172 bytes // Date: 07/10/2016 // Exploit Author: CripSlick // Tested on: Kali 2.0 // Version: No program being used or exploited; I only relied on syscalls...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/02/13 12:0 a.m.434 views

Nagios XI 5.7.5 Remote Code Execution Exploit

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...

8.8CVSS9.3AI score0.75196EPSS
Exploits9
0day.today
0day.today
added 2022/04/08 12:0 a.m.434 views

Movie Seat Reservation System 1.0 File Disclosure / SQL Injection Vulnerabilities

Movie Seat Reservation System Sql Injection Author: D4rkP0w4r Note = exploit don't need login account Exploit Use Burp Suite capture request with payload GET...

9.8CVSS0.4AI score0.01802EPSS
Exploits4
0day.today
0day.today
added 2021/10/19 12:0 a.m.434 views

WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must include pages show...

6.1CVSS6.3AI score0.02959EPSS
Exploits5
0day.today
0day.today
added 2020/09/19 12:0 a.m.434 views

TP-Link Cloud Cameras NCXXX Bonjour Command Injection Exploit

TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250, NC260, NC450 are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent...

9CVSS9.3AI score0.74338EPSS
Exploits10
0day.today
0day.today
added 2019/02/12 12:0 a.m.434 views

Jenkins 2.150.2 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins...

7.4AI score
Exploits0
0day.today
0day.today
added 2025/02/25 12:0 a.m.433 views

Invoice Ninja 5.10.10 Insecure Deserialization / Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Invoice Ninja unauthenticated PHP Deserialization Vulnerability', 'Description' = %q Invoice Ninja is a free invoicing software for small...

8.8CVSS7AI score0.06611EPSS
Exploits5
0day.today
0day.today
added 2023/11/28 12:0 a.m.434 views

Loytec LINX Automation Servers Information Disclosure / Cleartext Secrets Vulnerability

Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear. + CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple...

7.5CVSS7.7AI score0.01973EPSS
Exploits2
0day.today
0day.today
added 2023/10/15 12:0 a.m.433 views

PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

10CVSS9.8AI score0.99615EPSS
Exploits10
0day.today
0day.today
added 2019/05/22 12:0 a.m.433 views

Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...

6.5CVSS0.5AI score0.27074EPSS
Exploits6
0day.today
0day.today
added 2014/07/01 12:0 a.m.433 views

Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure Vulnerability

Exploit for aix platform in category dos / poc Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with support for many...

7AI score
Exploits0
0day.today
0day.today
added 2024/05/28 12:0 a.m.432 views

Debezium UI 2.5 Credential Disclosure Vulnerability

Exploit Title: Debezium UI - Credential Leakage Exploit Author: Ihsan Cetin, Hamza Kaya Toprak Vendor Homepage: https://debezium.io/ Software Link: N/A Version: 2.5 REQUIRED Tested on: N/A CVE : CVE-2024-28736 Proof of concept: Details Debezium-ui version 2.5 is vulnerable to a password exposure...

7.1CVSS7.4AI score0.02531EPSS
Exploits2
0day.today
0day.today
added 2023/12/22 12:0 a.m.432 views

Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...

9.8CVSS8.1AI score0.01181EPSS
Exploits6
0day.today
0day.today
added 2023/10/03 12:0 a.m.432 views

WordPress KiviCare 3.2.0 Cross Site Scripting Vulnerability

Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624 Product Description...

6.1CVSS6.5AI score0.01156EPSS
Exploits4
0day.today
0day.today
added 2023/05/26 12:0 a.m.432 views

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Exploit

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

5.4CVSS7.1AI score0.07258EPSS
Exploits7
0day.today
0day.today
added 2020/07/07 12:0 a.m.432 views

Grafana 7.0.1 - Denial of Service Exploit

Exploit Title: Grafana 7.0.1 - Denial of Service PoC Exploit Author: mostwanted002 Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 3.0.1 - 7.0.1 Tested on: Linux CVE : CVE-2020-13379 !/bin/bash if $1 != "" ; then curl -I...

8.2CVSS8.3AI score0.99856EPSS
Exploits5
0day.today
0day.today
added 2019/12/08 12:0 a.m.432 views

SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability #ByPass

SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are...

0.9AI score0.06039EPSS
Exploits6
0day.today
0day.today
added 2025/01/30 12:0 a.m.431 views

NEXT-EMP 1.0 Shell Upload Vulnerability

Titles: NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/29/2025 Vendor: https://www.mayurik.com/ Software:...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/03/18 12:0 a.m.431 views

LaborOfficeFree 19.10 - MySQL Root Password Calculator Exploit

Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on: Windows 10 CVE : CVE-2024-1346...

6.8CVSS6.7AI score0.00392EPSS
Exploits5
0day.today
0day.today
added 2023/06/28 12:0 a.m.431 views

SPIP 4.2.3 SQL Injection Vulnerability

Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server Side Sensitive information Disclosure! Author: nu11secur1ty Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip Reference:...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/05/02 12:0 a.m.431 views

Covid 19 Travel Pass Management System v1.0 SQL injection Vulnerability

Title: Covid 19 Travel Pass Management System v1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html Reference:...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/12/15 12:0 a.m.431 views

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...

6.8CVSS0.4AI score0.13653EPSS
Exploits3
Total number of security vulnerabilities5000