Lucene search
+L
ZdtMost viewed

39001 matches found

zdt
zdt
added 2024/02/05 12:0 a.m.408 views

SISQUAL WFM 7.1.319.103 Host Header Injection Vulnerability

Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.103 Fixed Version: sisqualWFM - 7.1.319.111 CVE :...

6.1CVSS7.4AI score0.00507EPSS
Exploits5
zdt
zdt
added 2024/01/22 12:0 a.m.408 views

Traceroute 2.1.2 Privilege Escalation Vulnerability

In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...

5.5CVSS7.1AI score0.00367EPSS
Exploits2
zdt
zdt
added 2023/10/30 12:0 a.m.408 views

phpFox 4.8.13 PHP Object Injection Exploit

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject...

9.8CVSS7.4AI score0.01806EPSS
Exploits3
zdt
zdt
added 2023/04/28 12:0 a.m.408 views

Piwigo 13.5.0 SQL Injection Vulnerability

Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...

8.8CVSS8.7AI score0.09725EPSS
Exploits5
zdt
zdt
added 2022/06/07 12:0 a.m.408 views

Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection Vulnerability

======================================================================= title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0 fixed version: 3.7.0 or higher CVE number: CVE-2022-26481 impact: critical...

8.8CVSS0.3AI score0.0149EPSS
Exploits3
zdt
zdt
added 2022/04/08 12:0 a.m.408 views

E-Commerce Website 1.0 Shell Upload Exploit

Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...

9.8CVSS9.7AI score0.03333EPSS
Exploits3
zdt
zdt
added 2024/02/12 12:0 a.m.407 views

SCHLIX 2.2.8-1 Denial Of Service Exploit

Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service Exploit Author: Diyar Saadi Vendor Homepage: https://www.schlix.com Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: v2.2.8-1 Tested on: Windows 11 + XAMPP Description SCHLIX v2.2.8-1 is vulnerable to...

7.4AI score
Exploits0
zdt
zdt
added 2023/12/12 12:0 a.m.407 views

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery Vulnerability

Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...

5.4CVSS7.1AI score0.00457EPSS
Exploits2
zdt
zdt
added 2023/09/18 12:0 a.m.407 views

Ivanti Avalanche MDM Buffer Overflow Exploit

This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This...

9.8CVSS9.6AI score0.98919EPSS
Exploits7
zdt
zdt
added 2022/07/21 12:0 a.m.407 views

OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...

9.8CVSS0.15466EPSS
Exploits4
zdt
zdt
added 2021/11/12 12:0 a.m.408 views

WordPress AccessPress Social Icons 1.8.2 Plugin - (icon title) XSS Vulnerability

Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/ Version: 1.8.2 Tested...

7.1AI score
Exploits0
zdt
zdt
added 2021/11/09 12:0 a.m.407 views

Google Assistant Authentication Bypass Vulnerability

Google Assistant suffered from an authentication bypass vulnerability allowing a webpage to execute commands without permission. Auth Bypass in Google Assistant Summary: Webpage can execute Google Assistant commands without any permissions Steps to reproduce: Generate the TTS audio files using th...

7.7AI score
Exploits0
zdt
zdt
added 2019/11/12 12:0 a.m.407 views

Joomla 3.9.13 - (Host) Header Injection Exploit

Exploit for php platform in category web applications 0day.today 2019-12-04...

0.9AI score
Exploits0
zdt
zdt
added 2017/08/22 12:0 a.m.407 views

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution Exploit

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'newhomepage' parameter of the 'saveHomePage'...

10CVSS0.7AI score0.75767EPSS
Exploits12
zdt
zdt
added 2007/05/17 12:0 a.m.407 views

GeekLog 2.x ImageImageMagick.php Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== GeekLog 2.x ImageImageMagick.php Remote File Inclusion Vulnerability ==================================================================== --------------------------------...

7.1AI score
Exploits0
zdt
zdt
added 2025/01/01 12:0 a.m.406 views

ABB Cylon Aspect 3.08.02 CookieDB SQL Injection Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...

7.6CVSS8.3AI score0.00274EPSS
Exploits2
zdt
zdt
added 2024/03/20 12:0 a.m.406 views

Employee Management System 1.0 - (admin_id) SQL injection Vulnerability

Exploit Title: Employee Management System 1.0 - 'adminid' SQLi Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1.0 Tested on: Windows, Linux...

9.8CVSS7.4AI score0.01229EPSS
Exploits4
zdt
zdt
added 2022/10/17 12:0 a.m.406 views

Spring Cloud Gateway 3.1.0 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL...

10CVSS10AI score0.98253EPSS
Exploits54
zdt
zdt
added 2022/03/10 12:0 a.m.406 views

Siemens S7-1200 - Unauthenticated Start / Stop Command Vulnerability

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -H $'Host: ' -H...

0.5AI score
Exploits0
zdt
zdt
added 2021/11/23 12:0 a.m.406 views

Bus Pass Management System 1.0 - (Search) SQL injection Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS MontereyVersion 12.0.1 SQL...

7.1AI score
Exploits0
zdt
zdt
added 2019/10/23 12:0 a.m.406 views

Linux Polkit pkexec Helper PTRACE_TRACEME Local Root Exploit

This Metasploit module exploits an issue in ptracelink in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel...

7.8CVSS0.5AI score0.52199EPSS
Exploits21
zdt
zdt
added 2015/05/11 12:0 a.m.406 views

ZTE F660 - Remote Config Download Vulnerability

Exploit for hardware platform in category web applications / Exploit Title : ZTE remote configuration download Date : 09 May 2015 Exploit Author : Daniel Cisa Vendor Homepage : http://wwwen.zte.com.cn/en/ Platform : Hardware Tested On : ZTE F660 Firmware Version: 2.22.21P1T8S...

7.1AI score
Exploits0
zdt
zdt
added 2023/10/30 12:0 a.m.405 views

SugarCRM 13.0.1 Server-Side Template Injection Exploit

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code. ---------------------------------------------------------------------------- SugarCRM = 13.0.1...

8AI score
Exploits0
zdt
zdt
added 2022/09/20 12:0 a.m.405 views

Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass Vulnerability

Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An authentication bypass...

0.2AI score
Exploits0
zdt
zdt
added 2021/12/04 12:0 a.m.405 views

Online Pre-owned/Used Car Showroom Management System 1.0 - SQL injection Authentication Bypass

Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.html Software Link:...

0.3AI score
Exploits0
zdt
zdt
added 2020/11/08 12:0 a.m.405 views

GovRAT 2.0 - FUD unknown RAT with special functions

This RAT was written by me and cannot be blocked. FUD tested with the strictest firewall policies. You are buying the source code + digital certificate to sign your files. I can also host the C&C for you for extra Functions: Access C&C with any browser. Compile C&C for Linux OR Windows. VALID...

7.2AI score
Exploits0
zdt
zdt
added 2023/02/03 12:0 a.m.404 views

Lenovo Diagnostics Driver Memory Access Exploit

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes. This module requires Metasploit: https://metasploit.com/download...

7.8CVSS7.8AI score0.04284EPSS
Exploits4
zdt
zdt
added 2022/11/16 12:0 a.m.404 views

BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection Vulnerability

======================================================================= title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 = 20.02 in new versioning scheme fixed version: 22.1 CVE number: CVE-2022-26088 impact: Low homepage:...

5.4CVSS0.01012EPSS
Exploits3
zdt
zdt
added 2022/04/08 12:0 a.m.404 views

AeroCMS 0.0.1 Cross Site Scripting Vulnerability

AeroCMS-Comment-StoredXSS-POC Author: D4rkP0w4r Note = Don't need register or login account Description = StoredXSS at comment box Step to Reproduct Click Read More - input payload at Author - click Submit button Exploit Input payload at Author - click Submit button When admin login to admin pane...

6.1CVSS5.5AI score0.01444EPSS
Exploits4
zdt
zdt
added 2022/02/21 12:0 a.m.404 views

WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability

UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...

6.5CVSS0.0201EPSS
Exploits3
zdt
zdt
added 2021/12/20 12:0 a.m.404 views

phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...

0.4AI score
Exploits0
zdt
zdt
added 2021/11/08 12:0 a.m.404 views

Froxlor 0.10.29.1 - SQL Injection (Authenticated) Vulnerability

Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Tested on: Ubuntu CVE:...

9.8CVSS9.2AI score0.11812EPSS
Exploits4
zdt
zdt
added 2021/06/03 12:0 a.m.404 views

VMware ESXi OpenSLP Heap Overflow Exploit

Proof of concept exploit for the OpenSLP heap overflow in VMware ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG. !/usr/bin/python3 CVE-2021-21974 PoC Exploit By: Johnny Yu @staightblast Tested against: 1 VMware ESXi 6.7.0...

8.8CVSS9.2AI score0.45063EPSS
Exploits7
zdt
zdt
added 2024/04/23 12:0 a.m.403 views

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry...

10CVSS10AI score0.99999EPSS
Exploits43
zdt
zdt
added 2022/12/24 12:0 a.m.403 views

OpenTSDB 2.4.0 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...

9.8CVSS9.9AI score0.8533EPSS
Exploits5
zdt
zdt
added 2022/05/17 12:0 a.m.403 views

T-Soft E-Commerce 4 - SQL injection (Authenticated) Vulnerability

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Description Step-1: Login as Admin or with privilage use...

0.5AI score0.00613EPSS
Exploits2
zdt
zdt
added 2021/11/27 12:0 a.m.403 views

Bagisto 1.3.3 - Client-Side Template Injection Vulnerability

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an account and login your...

7.1AI score
Exploits0
zdt
zdt
added 2023/12/20 12:0 a.m.402 views

MajorDoMo Remote Code Execution Vulnerability

Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...

9.8CVSS7.1AI score0.38263EPSS
Exploits6
zdt
zdt
added 2023/06/19 12:0 a.m.403 views

Jobpilot v2.61 - SQL Injection Vulnerability

Exploit Title: Jobpilot v2.61 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822 Demo Site: https://jobpilot.templatecookie.com Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Parameter: long GET Type: error-based...

7.1AI score
Exploits0
zdt
zdt
added 2022/04/08 12:0 a.m.402 views

PHPGurukul Zoo Management System 1.0 Shell Upload Exploit

Zoo Management System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = don't need register or login account Description= Upload web shell at Upload CV Step to Reproduct Access Vacancies - upload web shell at - Upload CV - APPLY Exploit Upload web shell at Upload CV When upload success acce...

9.8CVSS0.1AI score0.03242EPSS
Exploits3
zdt
zdt
added 2021/11/22 12:0 a.m.402 views

Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass Vulnerability

Ionic Identity Vault versions 5.0.4 and below suffer from a PIN unlock lockout bypass vulnerability on both Android and iOS. Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-020 CVE ID: CVE-2021-44033 Subject: PIN Unlock Lockout Bypass Android & iOS Severity: Medium Effect: Authentication...

6.8CVSS6.8AI score0.00487EPSS
Exploits3
zdt
zdt
added 2021/11/11 12:0 a.m.402 views

FormaLMS 2.4.4 - Authentication Bypass Exploit

Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136 Info: An...

9.8CVSS9.2AI score0.15725EPSS
Exploits4
zdt
zdt
added 2021/11/10 12:0 a.m.402 views

Employee and Visitor Gate Pass Logging System 1.0 - (name) Stored Cross-Site Scripting Vulnerability

Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...

7.1AI score
Exploits0
zdt
zdt
added 2017/05/19 12:0 a.m.402 views

Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten...

9.3CVSS0.9923EPSS
Exploits55
zdt
zdt
added 2017/02/03 12:0 a.m.402 views

CUPS 2.0.3 - Remote Command Execution Exploit

Exploit for linux platform in category remote exploits !/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link:...

10CVSS6.5AI score0.29913EPSS
Exploits8
zdt
zdt
added 2016/03/03 12:0 a.m.402 views

DropBearSSHD 2015.71 - Command Injection

Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...

5.5CVSS6.7AI score0.37016EPSS
Exploits13
zdt
zdt
added 2023/10/16 12:0 a.m.401 views

WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability

Today, on October 16, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...

9.8CVSS9.5AI score0.81695EPSS
Exploits18
zdt
zdt
added 2022/12/10 12:0 a.m.401 views

Planet eStream Code Execution / SQL Injection / XSS / Broken Control Vulnerabilities

Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities...

9.8CVSS0.01282EPSS
Exploits9
zdt
zdt
added 2022/08/01 12:0 a.m.401 views

CuteEditor for PHP 6.6 - Directory Traversal Vulnerability

Exploit Title: CuteEditor for PHP 6.6 - Directory Traversal Exploit Author: Stefan Hesselman Vendor Homepage: http://phphtmledit.com/ Software Link: http://phphtmledit.com/download/phphtmledit.zip Version: 6.6 Tested on: Windows Server 2019 CVE : N/A There is a path traversal vulnerability in the...

0.4AI score
Exploits0
zdt
zdt
added 2022/07/19 12:0 a.m.401 views

Travel Tours Script 1.0 SQL Injection Vulnerability

┌┌────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

7.4AI score
Exploits0
Total number of security vulnerabilities5000