Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2021/10/18 12:0 a.m.387 views

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 PoC Request POST...

6.1CVSS0.5AI score0.04032EPSS
Exploits4
0day.today
0day.today
added 2013/08/22 12:0 a.m.387 views

Ovidentia 7.9.4 - Multiple Vulnerabilities

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site...

7.6AI score
Exploits0
0day.today
0day.today
added 2024/06/26 12:0 a.m.386 views

SolarWinds Platform 2024.1 SR1 - Race Condition Expoit

Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...

7.5CVSS7AI score0.13913EPSS
Exploits4
0day.today
0day.today
added 2024/02/26 12:0 a.m.386 views

comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset Exploit

Exploit Title: POC-CVE-2023-3244 Exploit Author: Diaa Hanna Software Link: download link if available Version: = 1.2.0 comments-like-dislike Tested on: 1.1.6 comments-like-dislike CVE : CVE-2023-3244 References https://nvd.nist.gov/vuln/detail/CVE-2023-3244 The Comments Like Dislike plugin for...

5.3CVSS7.1AI score0.00787EPSS
Exploits4
0day.today
0day.today
added 2022/06/29 12:0 a.m.386 views

OpenCart 3.x So Filter Shop By SQL Injection Vulnerability

Exploit Title: OpenCart v3.x So Filter Shop By - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://codecanyon.net/item/so-filter-shop-by-responsive-opencart-module/13945633 Version: V3.X Tested on: XAMPP, Linux Contact:...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/01/12 12:0 a.m.386 views

Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Vulnerability

Exploit Title: Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSe...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/10/25 12:0 a.m.386 views

Online Event Booking and Reservation System 1.0 - (reason) Stored Cross-Site Scripting Vulnerability

Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/31 12:0 a.m.386 views

PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit

Exploit for windows platform in category local exploits Exploit Title: PassFab Excel Password Recovery SEH Local Exploit Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-excel-password-recovery.exe Exploit Autho...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/08/15 12:0 a.m.385 views

Microsoft Azure Subdomain Scanner / Enumerator Exploit

This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more! Background: Microsoft makes use of a numbe...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/08 12:0 a.m.385 views

Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit

!/bin/bash Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" echo " ESDS eMagic...

8.8CVSS7.1AI score0.24029EPSS
Exploits4
0day.today
0day.today
added 2023/01/31 12:0 a.m.385 views

Control Web Panel Unauthenticated Remote Command Execution Exploit

Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running...

9.8CVSS10AI score0.99995EPSS
Exploits12
0day.today
0day.today
added 2022/08/27 12:0 a.m.385 views

AeroCMS v0.0.1 SQL injection Vulnerability

Title: AeroCMS-v0.0.1 SQLi Author: nu11secur1ty Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The author parameter from...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/04/08 12:0 a.m.385 views

WordPress SiteGround Security 1.2.5 Authentication Bypass Vulnerability

WordPress SiteGround Security plugin versions 1.2.5 and below suffer from an authentication bypass vulnerability as well as an authorization weakness in versions 1.2.4 and below. Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug:...

9.8CVSS0.8AI score0.07285EPSS
Exploits3
0day.today
0day.today
added 2022/02/05 12:0 a.m.385 views

Servisnet Tessa - Add sysAdmin User (Unauthenticated) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...

9.8CVSS0.4AI score0.11441EPSS
Exploits4
0day.today
0day.today
added 2021/11/12 12:0 a.m.385 views

Xlight FTP 3.9.3.1 - Buffer Overflow Exploit

Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on OS: Windows XP SP3 - Windows...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/07/28 12:0 a.m.385 views

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits include include / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define...

7.2CVSS7.6AI score0.09788EPSS
Exploits2
0day.today
0day.today
added 2019/07/20 12:0 a.m.385 views

fuelCMS 1.4.1 - Remote Code Execution Exploit

Exploit for linux platform in category web applications Exploit Title: fuelCMS 1.4.1 - Remote Code Execution Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start =...

7.5CVSS9.6AI score0.82937EPSS
Exploits17
0day.today
0day.today
added 2023/12/21 12:0 a.m.384 views

Vinchin Backup And Recovery Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0., v6.0., v6.7., and v7.0.. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user. This module requires Metasploit...

9.8CVSS10AI score0.20477EPSS
Exploits4
0day.today
0day.today
added 2023/06/19 12:0 a.m.384 views

WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit

Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...

8.1CVSS7.1AI score0.13625EPSS
Exploits3
0day.today
0day.today
added 2023/03/29 12:0 a.m.384 views

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/08/08 12:0 a.m.384 views

WordPress Duplicator 1.4.7.1 Plugin - Unauthenticated Backup Download Vulnerability

Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...

0.2AI score
Exploits0
0day.today
0day.today
added 2010/11/15 12:0 a.m.384 views

Jcow 4.2.0 Blind SQL/XPath injection Vulnerability

Exploit for php platform in category web applications ================================================== Jcow 4.2.0 Blind SQL/XPath injection Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/02/12 12:0 a.m.383 views

WyreStorm Apollo VX20 Credential Disclosure Vulnerability

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

9.1CVSS6.5AI score0.50622EPSS
Exploits4
0day.today
0day.today
added 2023/08/08 12:0 a.m.383 views

Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Vulnerability

Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Version: 2.14.0 Tested on: Windows 10...

7.5CVSS7.1AI score0.36205EPSS
Exploits4
0day.today
0day.today
added 2023/06/01 12:0 a.m.383 views

STARFACE 7.3.0.10 Broken Authentication Exploit

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

8.1CVSS7.3AI score0.04421EPSS
Exploits4
0day.today
0day.today
added 2023/01/04 12:0 a.m.383 views

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution Exploit

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhost =...

8.8CVSS8.9AI score0.64354EPSS
Exploits5
0day.today
0day.today
added 2022/07/14 12:0 a.m.383 views

WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload Vulnerability

WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability. Description: Arbitrary File Upload/Deletion and Other Affected Plugin: Kaswara Modern WPBakery Page Builder Addons Plugin Slug: kaswara Affected Versions: = 3.0.1 CVE...

9.8CVSS0.6AI score0.4214EPSS
Exploits3
0day.today
0day.today
added 2021/11/02 12:0 a.m.383 views

WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution Exploit

This Metasploit module uses an authentication bypass vulnerability in Wordpress Pie Register plugin versions 3.7.1.4 and below to generate a valid cookie. With this cookie, hopefully of the admin, it will generate a plugin, pack the payload into it and upload it to a server running WordPress. Thi...

7.3AI score
Exploits0
0day.today
0day.today
added 2019/05/01 12:0 a.m.383 views

Oracle #Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution Exploit #RCE

Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...

7.5CVSS9AI score0.99964EPSS
Exploits35
0day.today
0day.today
added 2018/12/23 12:0 a.m.383 views

ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected. ASUS Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title:...

1AI score0.00575EPSS
Exploits5
0day.today
0day.today
added 2023/11/17 12:0 a.m.382 views

Magento 2.4.6 XSLT Server Side Injection / Command Execution Vulnerability

Magento version 2.4.6 suffers from an XSLT server side injection vulnerability that allows for remote command execution. Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link:...

8.2AI score
Exploits0
0day.today
0day.today
added 2023/05/19 12:0 a.m.382 views

Textpattern 4.8.8 Session Token Disclosure Vulnerability

Textpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer. Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Vendor: https://textpattern.com/ Software:...

6.9AI score
Exploits0
0day.today
0day.today
added 2021/10/05 12:0 a.m.382 views

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0 ≤ version...

5.3CVSS0.9AI score0.99999EPSS
Exploits6
0day.today
0day.today
added 2021/06/01 12:0 a.m.382 views

Veyon 4.4.1 - (VeyonService) Unquoted Service Path Vulnerability

Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type: Unquoted Service Path...

8CVSS0.4AI score0.11123EPSS
Exploits4
0day.today
0day.today
added 2015/03/12 12:0 a.m.382 views

ElasticSearch Search Groovy Sandbox Bypass Exploit

This Metasploit module exploits a remote command execution RCE vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox ca...

7.5CVSS0.5AI score0.99906EPSS
Exploits19
0day.today
0day.today
added 2024/02/17 12:0 a.m.381 views

DS Wireless Communication - Remote Code Execution Exploit

Exploit Title: DS Wireless Communication Remote Code Execution Exploit Author: MikeIsAStar Vendor Homepage: https://www.nintendo.com Version: Unknown Tested on: Wii CVE: CVE-2023-45887 """This code will inject arbitrary code into a client's game. You are fully responsible for all activity that...

9.8CVSS9.7AI score0.01566EPSS
Exploits3
0day.today
0day.today
added 2023/08/29 12:0 a.m.381 views

SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection Vulnerability

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...

9.8CVSS7.1AI score0.20112EPSS
Exploits4
0day.today
0day.today
added 2023/04/05 12:0 a.m.381 views

Apache Tomcat 10.1 - Denial Of Service Exploit

Exploit Title: Apache Tomcat 10.1 - Denial Of Service Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE : CVE-2022-29885 CVE Owner: 4ra1n Exploit...

7.5CVSS7.7AI score0.73139EPSS
Exploits5
0day.today
0day.today
added 2022/11/16 12:0 a.m.381 views

libxml2 xmlParseNameComplex Integer Overflow Vulnerability

libxml2: Integer overflow in xmlParseNameComplex libxml2 is vulnerable to an integer overflow in xmlParseNameComplex when an attribute list has a very long name name is = 232 characters. static const xmlChar xmlParseNameComplexxmlParserCtxtPtr ctxt int len = 0, l; ... return xmlDictLookupctxt-dic...

7.5CVSS7.9AI score0.22791EPSS
Exploits5
0day.today
0day.today
added 2022/05/31 12:0 a.m.381 views

WordPress User Meta Lite / Pro 2.4.3 Path Traversal Vulnerability

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...

6.5CVSS0.4AI score0.02233EPSS
Exploits5
0day.today
0day.today
added 2021/11/02 12:0 a.m.381 views

10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH) Exploit

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow SEH Exploit Author: ro0k Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.31 Tested on: Windows 10 x64 Education...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/01/04 12:0 a.m.381 views

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Softwar...

7.5CVSS0.99323EPSS
Exploits23
0day.today
0day.today
added 2024/02/22 12:0 a.m.380 views

CMS Made Simple 2.2.19 Server-Side Template Injection Vulnerability

Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Layout Design Manager Breadcrumbs 2 Click edit and write SSTI payloa...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/20 12:0 a.m.380 views

WordPress My Login Theme 2FA Brute Force Exploit

The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/18 12:0 a.m.380 views

Chrome Read-Only Property Overwrite Exploit

Chrome: Read-only property overwrite in TurboFan VULNERABILITY DETAILS While collecting information for a property store, TurboFan bails out if the property isn't writable2. Unfortunately, the branch condition1 does not include one of the store modes, namely kDefine. This allows an attacker to...

8.8CVSS7.1AI score0.01776EPSS
Exploits2
0day.today
0day.today
added 2023/09/13 12:0 a.m.380 views

PHP Shopping Cart 4.2 SQL Injection Vulnerability

Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to be vulnerable to S...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/09/21 12:0 a.m.380 views

ProcessMaker Privilege Escalation Exploit

Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Exploit Author: Sornram Kampeera...

8.8CVSS0.5AI score0.01451EPSS
Exploits4
0day.today
0day.today
added 2022/07/01 12:0 a.m.380 views

PHP Library Remote Code Execution Vulnerability

Several PHP compatibility libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more. JAHx221 - RCE in copy/pasted...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/04/08 12:0 a.m.380 views

Car Rental System 1.0 SQL Injection Vulnerability

Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...

8.8CVSS0.3AI score0.01518EPSS
Exploits3
0day.today
0day.today
added 2019/05/06 12:0 a.m.380 views

iOS 12.1.3 - cfprefsd Memory Corruption Exploit

// c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. // iOS 12.1.3 - cfprefsd Memory Corruption Exploit include import include include include include include define AGENT 1 define...

7.8CVSS0.2AI score0.15705EPSS
Exploits2
Total number of security vulnerabilities5000