Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2024/03/18 12:0 a.m.399 views

Gibbon LMS < v26.0.00 - Authenticated Remote Code Execution Exploit

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu...

8.8CVSS8.8AI score0.5132EPSS
Exploits7
0day.today
0day.today
added 2023/12/20 12:0 a.m.399 views

MajorDoMo Remote Code Execution Vulnerability

Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...

9.8CVSS7.1AI score0.38263EPSS
Exploits6
0day.today
0day.today
added 2023/10/16 12:0 a.m.399 views

WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability

Today, on October 16, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...

9.8CVSS9.5AI score0.81695EPSS
Exploits18
0day.today
0day.today
added 2022/04/07 12:0 a.m.399 views

CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities

Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/11/22 12:0 a.m.399 views

Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass Vulnerability

Ionic Identity Vault versions 5.0.4 and below suffer from a PIN unlock lockout bypass vulnerability on both Android and iOS. Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-020 CVE ID: CVE-2021-44033 Subject: PIN Unlock Lockout Bypass Android & iOS Severity: Medium Effect: Authentication...

6.8CVSS6.8AI score0.00487EPSS
Exploits3
0day.today
0day.today
added 2021/11/06 12:0 a.m.399 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy Vulnerability

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checke...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/03/03 12:0 a.m.399 views

DropBearSSHD 2015.71 - Command Injection

Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...

5.5CVSS6.7AI score0.37016EPSS
Exploits13
0day.today
0day.today
added 2005/09/04 12:0 a.m.399 views

man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)

Exploit for cgi platform in category web applications =================================================================== man2web include include include include void usagechar argv0 fprintfstderr, "x86/linux multipie man2web cgi-scripts remote command spawn\n"; fprintfstderr, "researched by...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/01 12:0 a.m.398 views

ABB Cylon Aspect 3.08.02 CookieDB SQL Injection Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...

7.6CVSS8.3AI score0.00274EPSS
Exploits2
0day.today
0day.today
added 2022/09/14 12:0 a.m.398 views

Rocket LMS 1.6 Shell Upload Vulnerability

Exploit Title: Rocket LMS - Learning Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Version: Version 1.6 Tested on Ubuntu 18.04 base64 encode your...

Exploits0
0day.today
0day.today
added 2022/04/21 12:0 a.m.398 views

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Exploit

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7. !/usr/bin/env python...

7AI score
Exploits0
0day.today
0day.today
added 2022/04/19 12:0 a.m.398 views

EaseUS Data Recovery - (ensserver.exe) Unquoted Service Path Vulnerability

Exploit Title: EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path Discovery by: bios Vendor Homepage: https://www.easeus.com/ Tested Version: 15.1.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\wmic...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/10/26 12:0 a.m.398 views

WordPress Filterable Portfolio Gallery 1.0 Plugin - (title) XSS Vulnerability

Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.filterable-portfolio.com/ Software Link: https://wordpress.org/plugins/fg-gallery/ Version: 1.0 Tested on : Windows...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/03/15 12:0 a.m.398 views

ManageEngine Desktop Central Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in the getChartImage method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64. This module requires Metasploit: https://metasploit.com/download Current source:...

10CVSS0.2AI score0.99941EPSS
Exploits6
0day.today
0day.today
added 2019/12/06 12:0 a.m.398 views

Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit

Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro 2.2.0.9026 / Home 2.0.0.9021 Tested on: Windows XP / Win7 / Win10 CVE:...

9.8CVSS0.6AI score0.10746EPSS
Exploits5
0day.today
0day.today
added 2019/09/24 12:0 a.m.398 views

Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...

10CVSS10AI score0.99999EPSS
Exploits123
0day.today
0day.today
added 2017/10/02 12:0 a.m.398 views

Dnsmasq < 2.78 - Information Leak Exploit

Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup...

4.3CVSS8.1AI score0.67549EPSS
Exploits5
0day.today
0day.today
added 2024/02/13 12:0 a.m.397 views

Splunk 9.0.4 - Information Disclosure Vulnerability

Exploit Title: Splunk 9.0.4 - Information Disclosure Date: 2023-09-18 Exploit Author: Parsa rezaie khiabanloo Vendor Homepage: https://www.splunk.com/ Version: 9.0.4 Tested on: Windows OS Splunk through 9.0.4 allows information disclosure by appending...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/02 12:0 a.m.397 views

Ultra Mini HTTPd 1.21 Denial Of Service Exploit

Exploit Title: Ultra Mini HTTPd 1.21 - Denial of Service DoS Discovery by: Fernando Mengali Vendor Homepage: https://acme.com/ Software Link: https://acme.com/ Notification vendor: Yes reported Tested Version: Ultra Mini HTTPd 1.21 Tested on: Window XP Professional - Service Pack 2 and 3 - Englis...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/11 12:0 a.m.397 views

Splunk Enterprise Account Takeover Exploit

Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edituser capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests...

8.8CVSS7AI score0.73537EPSS
Exploits7
0day.today
0day.today
added 2023/03/15 12:0 a.m.397 views

Microsoft Outlook Remote Code Execution 0day Exploit

Microsoft Outlook Remote Code Execution 0day Exploit - zero-click exploit leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment...

2.5AI score
Exploits0
0day.today
0day.today
added 2023/02/07 12:0 a.m.397 views

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...

9.8CVSS10AI score0.99753EPSS
Exploits15
0day.today
0day.today
added 2022/08/27 12:0 a.m.397 views

WordPress Robo Gallery 3.2.1 plugin - Bypass POST comment approvement Vulnerability

Title: WordPress 6.0 - Bypass POST comment approvement Robo Gallery 3.2.1 Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/robo-gallery/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery Description:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/06/30 12:0 a.m.397 views

Fruits-Bazar 2021 1.0 SQL Injection Vulnerability

Title: Fruits-Bazar 2021 v1.0 SQLi Author: nu11secur1ty Vendor: https://github.com/creativesaiful Software: https://github.com/creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- Reference:...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/05/10 12:0 a.m.397 views

Spring4Shell Spring Framework Class Property Remote Code Execution Exploit

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...

9.8CVSS0.4AI score0.99677EPSS
Exploits102
0day.today
0day.today
added 2022/01/17 12:0 a.m.397 views

SB Admin Cross Site Request Forgery / SQL Injection Vulnerabilities

Credits & Authors: ================== Taurus Omar - @TaurusOmar email protected taurusomar.com Document Title: =============== SB Admin Bootstrap CSRF / Sqli Vulnerability / Bypasss Login Access Severity Level: =============== High Google & Bing Dorks =================== intitle:SB Admin - login...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/11/23 12:0 a.m.397 views

Webrun 3.6.0.42 - (P_0) SQL Injection Vulnerability

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 =-=-=-= Description =-=-=-= Webrun version 3.6.0.42 is vulnerable to SQL Injection,...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/01/10 12:0 a.m.397 views

WeBid 1.0.6 SQL Injection Vulnerability

WeBid version 1.0.6 suffers from a remote SQL injection vulnerability. Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested O...

8.1AI score
Exploits0
0day.today
0day.today
added 2022/07/14 12:0 a.m.396 views

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

8.8CVSS9AI score0.7431EPSS
Exploits8
0day.today
0day.today
added 2022/02/10 12:0 a.m.396 views

Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQLi / Code Execution Vulnerabilities

Tokheim Profleet DiaLOG Fuel Management System version 11.005.02 suffers from a remote SQL injection vulnerability that can allow for remote code execution. Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Exploit Author: golem445 Vendor Homepage:...

10CVSS0.6AI score0.01932EPSS
Exploits3
0day.today
0day.today
added 2021/11/22 12:0 a.m.396 views

PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection Vulnerability

PuneethReddyHC Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability. CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection...

7.5CVSS8.2AI score0.10013EPSS
Exploits4
0day.today
0day.today
added 2021/10/07 12:0 a.m.396 views

Online Traffic Offense Management System 1.0 - Multiple XSS Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/10/06 12:0 a.m.396 views

Company's Recruitment Management System SQL Injection Vulneraility

Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability. Company's Recruitment Management System SQL Injection Vulneraility Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the...

0.3AI score
Exploits0
0day.today
0day.today
added 2010/09/10 12:0 a.m.396 views

gnuboard 4 Remote Upload Vulnerability

Exploit for php platform in category web applications ====================================== gnuboard 4 Remote Upload Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/06/20 12:0 a.m.396 views

emuCMS 0.3 (cat_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ====================================================== emuCMS 0.3 catid Remote SQL Injection Vulnerability ====================================================== Dork : Powered by emuCMS exploit :...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/04/02 12:0 a.m.395 views

Smart School 6.4.1 - SQL Injection Vulnerability

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...

9.8CVSS7.1AI score0.0106EPSS
Exploits4
0day.today
0day.today
added 2024/03/06 12:0 a.m.395 views

Artica Proxy 4.50 Unauthenticated PHP Deserialization Vulnerability

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected. Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID:...

9.8CVSS7.9AI score0.8126EPSS
Exploits9
0day.today
0day.today
added 2024/01/21 12:0 a.m.395 views

WordPress Backup Migration 1.3.7 Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php...

9.8CVSS9.7AI score0.97846EPSS
Exploits14
0day.today
0day.today
added 2023/12/04 12:0 a.m.395 views

ARM Mali r44p0 Use-After-Free Exploit

Arm Mali r44p0: UAF by freeing waitqueue with elements on it In Mali r44p0, it became possible to free the kbasecontext of a kbasefile while still having a file pointing to the kbasefile. This is supposed to be safe because of the kfile-fopscount and kfile-mapcount checks. However, kbasepoll will...

7.8CVSS7.2AI score0.00334EPSS
Exploits3
0day.today
0day.today
added 2023/04/03 12:0 a.m.395 views

ERPGo SaaS 3.9 - CSV Injection Vulnerability

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Exploit Author: Sajibe Kanti Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version: 3.9 Tested on: Windows &...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/05/12 12:0 a.m.395 views

TLR-2005KSH - Arbitrary File Upload Vulnerability

Exploit Title: TLR-2005KSH - Arbitrary File Upload Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428 Vulnerability Description...

9.8CVSS0.7AI score0.56931EPSS
Exploits5
0day.today
0day.today
added 2021/11/17 12:0 a.m.395 views

LiquidFiles 3.5.13 Privilege Escalation Vulnerability

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

9CVSS8.7AI score0.03695EPSS
Exploits3
0day.today
0day.today
added 2019/05/07 12:0 a.m.395 views

Linux/x86 - execve /bin/sh Shellcode (20 bytes)

/ Linux/x86 - execve /bin/sh shellcode 20 bytes Author: Rajvardhan Tested on: i686 GNU/Linux Shellcode Length: 20 Disassembly of section .text: 08049000 : 8049000: 31 c9 xor %ecx,%ecx 8049002: 6a 0b push $0xb 8049004: 58 pop %eax 8049005: 51 push %ecx 8049006: 68 2f 2f 73 68 push $0x68732f2f...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/03/23 12:0 a.m.395 views

Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit

Exploit for Android platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :ar...

9.3CVSS0.3AI score0.42623EPSS
Exploits12
0day.today
0day.today
added 2024/04/02 12:0 a.m.394 views

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...

6.1CVSS7.1AI score0.25877EPSS
Exploits4
0day.today
0day.today
added 2023/10/04 12:0 a.m.394 views

Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...

10CVSS8.1AI score0.9015EPSS
Exploits5
0day.today
0day.today
added 2023/09/06 12:0 a.m.394 views

WordPress Newsletter 7.8.9 Cross Site Scripting Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Newsletter = 7.8.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Newsletter – Send awesome emails from WordPress Plugin Slug: newsletter Affected Versions: = 7.8.9 CVE ID: CVE-2023-4772 CVSS...

6.4CVSS7.1AI score0.00437EPSS
Exploits2
0day.today
0day.today
added 2023/04/25 12:0 a.m.394 views

Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Vulnerability

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/03/11 12:0 a.m.394 views

Linux/x86_64 - sudo enumeration Shellcode (245 bytes)

sudo vulnerability enumeration shellcode / sudo vulnerability enumeration shellcode xordynamic - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 245 bytes compilation: gcc -fno-stack-protector -z execstack .c -o "disasssemble only main." 0000000000001179 : 1179: 55 push...

7AI score
Exploits0
0day.today
0day.today
added 2021/11/22 12:0 a.m.394 views

Wipro Holmes Orchestrator 20.4.1 Report Disclosure Vulnerability

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1 application, if at...

7.5CVSS7.5AI score0.53008EPSS
Exploits3
Total number of security vulnerabilities5000