Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2022/01/25 12:0 a.m.364 views

H2 Database Console Remote Code Execution Exploit

The H2 Database console suffers from an unauthenticated remote code execution vulnerability. Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL databas...

9.8CVSS0.9AI score0.64766EPSS
Exploits4
0day.today
0day.today
added 2020/06/26 12:0 a.m.364 views

ASUS Aura Sync 1.07.71 Privilege Escalation Exploit

// CVE-2019-17603: ASUS Aura Sync 1.07.71 'ene.sys' EoP Kernel Exploit // Discovered by @dhn // Author of PoC: Connor McGarr @33y0re - https://connormcgarr.github.io // Windows 10 RS1 Version 10.0.14393 Build 14393 // Tested with VBS, HyperGuard, and PatchGuard disabled include include include //...

7.8CVSS0.9AI score0.0073EPSS
Exploits5
0day.today
0day.today
added 2019/12/05 12:0 a.m.364 views

Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Exploit #RCE

Exploit for windows platform in category web applications Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Author: Peter Lapp Vendor:...

7.5CVSS0.5AI score0.20391EPSS
Exploits6
0day.today
0day.today
added 2019/01/12 12:0 a.m.364 views

Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Code Blocks 17.12 - Local Buffer Overflow SEHUnicode Date: 01-10-2019 Vulnerable Software: Code Blocks 17.12 Vendor Homepage: http://www.codeblocks.org/ Version: 17.12...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/11/06 12:0 a.m.364 views

FaceTime - VCPDecompressionDecodeFrame Memory Corruption Exploit

Exploit for macOS platform in category dos / poc FaceTime - VCPDecompressionDecodeFrame Memory Corruption Exploit There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue...

0.5AI score0.06448EPSS
Exploits1
0day.today
0day.today
added 2015/02/10 12:0 a.m.364 views

Achat 0.150 beta7 Buffer Overflow Exploit

This Metasploit module exploits a unicode SEH-based stack buffer overflow in Achat version 0.150. By sending a crafted message to the default port 9256 it's possible to overwrites the SEH handler. Even when the exploit is reliable it depends of timing since there are two threads overflowing the...

7.3AI score
Exploits0
0day.today
0day.today
added 2010/08/02 12:0 a.m.364 views

Eremetia (news.php & faq2.php id) SQL Injection Exploit (.py)

Exploit for php platform in category web applications ============================================================= Eremetia news.php & faq2.php id SQL Injection Exploit .py ============================================================= !/usr/bin/env python -- coding:cp1254 -- Eremetia news.php &...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/03/27 12:0 a.m.363 views

Nagios XI Version 2024R1.01 - SQL Injection Exploit

Exploit Title: NAGIOS XI SQLI Exploit Author: Jarod Jaslow MAWK https://www.linkedin.com/in/jarod-jaslow-codename-mawk-265144201/ Vendor Homepage: https://www.nagios.com/changelog/nagios-xi Software Link: https://github.com/MAWK0235/CVE-2024-24401 Version: Nagios XI Version 2024R1.01 Tested on:...

9.8CVSS7.4AI score0.45884EPSS
Exploits5
0day.today
0day.today
added 2024/02/05 12:0 a.m.363 views

TP-Link TL-WR740N - UnAuthenticated Directory Transversal Vulnerability

Exploit Title: TP-Link TL-WR740N UnAuthenticated Directory Transversal Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N ---------------------------POC--------------------------...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/12/07 12:0 a.m.363 views

ConQuest Dicom Server 1.5.0d Remote Command Execution Exploit

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/02/28 12:0 a.m.363 views

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability. Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version:...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/12/09 12:0 a.m.363 views

Microsoft Office Word MSHTML Remote Code Execution Exploit

This Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead to code execution. This vulnerability exists because an attacker can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering...

8.8CVSS7.5AI score0.96843EPSS
Exploits38
0day.today
0day.today
added 2021/11/07 12:0 a.m.363 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution Vulnerability

Pentaho allows users to create and run Pentaho Report Bundles .prpt. Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the executio...

8.8CVSS9.6AI score0.02266EPSS
Exploits3
0day.today
0day.today
added 2021/11/03 12:0 a.m.363 views

Mult-e-Cart Ultimate 2.4 - (id) SQL Injection Vulnerability

Exploit Title: Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection Vendor Homepage: https://multecart.com/ Version: 2.4 Product & Service Introduction: =============================== Digital Multivendor Marketplace Online Store - eShop CMS Source: https://ultimate.multecart.com/ &...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/14 12:0 a.m.363 views

Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing Vulnerability

David Haintz ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact: High homepage:...

Exploits0
0day.today
0day.today
added 2017/12/06 12:0 a.m.363 views

Microsoft Office Equation Editor Code Execution Exploit

This Metasploit module exploits a flaw in how the Equation Editor handles OLE objects in memory to execute arbitrary code using RTF files without interaction. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

9.3CVSS8.6AI score0.99945EPSS
Exploits33
0day.today
0day.today
added 2024/06/04 12:0 a.m.362 views

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Employee and Visitor Gate Pass Logging System - SQLi Authentication Bypass Exploit Author: Furkan Eren Tetik Vendor Homepage:...

8.7AI score
Exploits0
0day.today
0day.today
added 2024/03/18 12:0 a.m.362 views

ZoneMinder Snapshots < 1.37.33 - Unauthenticated Remote Code Execution Exploit

import re import requests from bs4 import BeautifulSoup import argparse import base64 Exploit Title: Unauthenticated RCE in ZoneMinder Snapshots Date: 12 December 2023 Discovered by : @Unblvr1 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://zoneminder.com/ Software Link:...

9.8CVSS7AI score0.80462EPSS
Exploits11
0day.today
0day.today
added 2024/03/05 12:0 a.m.362 views

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

5.4CVSS5.5AI score0.00446EPSS
Exploits4
0day.today
0day.today
added 2023/10/24 12:0 a.m.363 views

WordPress LiteSpeed Cache 5.6 Cross Site Scripting Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...

6.4CVSS6AI score0.19684EPSS
Exploits2
0day.today
0day.today
added 2023/09/19 12:0 a.m.362 views

Free And Open Source Inventory Management System 1.0 SQL Injection Vulnerability

Exploit Title: Free and Open Source Inventory Management System 1.0 - Unauthenticated SQL Injection Exploit Author: Sefa Ozan Vendor: MAYURIK Vendor Homepage: https://mayurik.com/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/27 12:0 a.m.362 views

VMWare Aria Operations For Networks Remote Command Execution Exploit

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS10AI score0.98281EPSS
Exploits7
0day.today
0day.today
added 2023/02/27 12:0 a.m.362 views

Employee Task Management System 1.0 SQL Injection Vulnerability

Employee Task Management System - SQL Injection on task-details.php?taskid=? with low privilege authentication CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Author Email: email protected Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System Version: ...

8.8CVSS7.2AI score0.02693EPSS
Exploits13
0day.today
0day.today
added 2022/09/22 12:0 a.m.362 views

Unified Remote Authentication Bypass / Code Execution Exploit

This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password f...

9.8CVSS9.6AI score0.66354EPSS
Exploits4
0day.today
0day.today
added 2022/09/02 12:0 a.m.362 views

Zyxel Firewall SUID Binary Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an...

9.8CVSS9.2AI score0.99938EPSS
Exploits28
0day.today
0day.today
added 2022/06/21 12:0 a.m.362 views

SoftGuard SNMP Network Management Extension HTML Injection / File Download Vulnerability

======================================================================= title: Multiple vulnerabilities product: SoftGuard SNMP Network Management Extension vulnerable version: SoftGuard Web SGW 5.1.5 fixed version: SoftGuard version 5.1.5 from 2022-06-01 CVE number: CVE-2022-31201, CVE-2022-3120...

6.5CVSS0.01166EPSS
Exploits4
0day.today
0day.today
added 2022/05/06 12:0 a.m.362 views

ZoneMinder Language Settings Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...

9.8CVSS9.8AI score0.66317EPSS
Exploits6
0day.today
0day.today
added 2022/01/20 12:0 a.m.362 views

Grandstream GXV3175 Unauthenticated Command Execution Exploit

This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authenticati...

9.8CVSS0.3AI score0.15353EPSS
Exploits7
0day.today
0day.today
added 2019/12/08 12:0 a.m.362 views

SiteVision 4.x / 5.x Remote Code Execution Exploit #RCE

Exploit for jsp platform in category web applications SiteVision Remote Code Execution CVE-2019-12733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12733 https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/ Summary Attackers may...

8.7AI score0.06039EPSS
Exploits6
0day.today
0day.today
added 2017/12/06 12:0 a.m.362 views

Claymore Dual Miner 10.1 Stack Buffer Overflow Vulnerability

Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner versions 10.1 and below suffer from a stack buffer overflow vulnerability. Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner...

10CVSS8.9AI score0.3434EPSS
Exploits6
0day.today
0day.today
added 2006/09/16 12:0 a.m.362 views

Mambo com_registration_detailed <= 4.1 Remote File Include

Exploit for unknown platform in category web applications ========================================================== Mambo comregistrationdetailed ghoz, homeedition2001, iFX, and for all friend's&enemy 0day.today 2018-02-16...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/11/15 12:0 a.m.361 views

SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (Authenticated) Exploit

Exploit Title: SOPlanning 1.52.01 Simple Online Planning Tool - Remote Code Execution RCE Authenticated Date: 6th October, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Version: 1.52.01 Tested on: Ubuntu import argparse import requests import random import string import urllib.parse def...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/04/02 12:0 a.m.362 views

Simple Backup Plugin 2.7.10 - Path Traversal Exploit

Exploit Title: Simple Backup Plugin 0: printresponse.text Replace with the desired action for the downloaded content filepath = f'simplebackupfilename' with openfilepath, 'wb' as file: file.writeresponse.content printf'File saved in: filepath' else: print"Nothing was downloaded. You can try to...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/24 12:0 a.m.361 views

CrafterCMS 4.0.2 Cross Site Scripting Vulnerability

--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...

7.4CVSS7.1AI score0.01304EPSS
Exploits2
0day.today
0day.today
added 2023/08/01 12:0 a.m.361 views

Eramba 3.19.1 Remote Command Execution Exploit

Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community edition Vendor: Eramba Limited,...

8.8CVSS7.1AI score0.57359EPSS
Exploits6
0day.today
0day.today
added 2023/03/28 12:0 a.m.361 views

Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...

9.8CVSS9.6AI score0.93384EPSS
Exploits7
0day.today
0day.today
added 2022/08/22 12:0 a.m.361 views

macOS RawCamera Out-Of-Bounds Write Vulnerability

There is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1. Although the advisory notes an attached poc, Google did not have one attached. MacOS: Out-of-bounds write in RawCamera There is an...

7.8CVSS8.3AI score0.00383EPSS
Exploits1
0day.today
0day.today
added 2022/06/14 12:0 a.m.361 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution Exploit

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remote code execution...

8.8CVSS8.6AI score0.7431EPSS
Exploits8
0day.today
0day.today
added 2022/06/04 12:0 a.m.361 views

NVIDIA Data Center GPU Manager Remote Memory Corruption Exploit

NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 remote mgmt. A native client named DCGMI allows users to make...

6.3CVSS0.4AI score0.16508EPSS
Exploits3
0day.today
0day.today
added 2022/04/12 12:0 a.m.361 views

WordPress LayerSlider 7.1.2 Cross Site Scripting Vulnerability

Tittle: WordPress Plugin LayerSlider 5. Exit 6. Save Project 7. XSS will trigger when accessing the project again for example there seem to be other place when its triggered as well, like in the Project's settings POC2 via file,json 1. Add new post & Create Blank Project 2. Import Projects 3. Loa...

4.8CVSS5.2AI score0.02691EPSS
Exploits4
0day.today
0day.today
added 2022/02/17 12:0 a.m.361 views

Algorithmia MSOL Remote Code Execution Vulnerability

Exploit Title: Algorithmia MSOL - Remote Code Execution Vendor Homepage: https://algorithmia.com/ Software Link: https://algorithmia.com/product Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date o...

8.8CVSS8.9AI score0.015EPSS
Exploits1
0day.today
0day.today
added 2021/11/12 12:0 a.m.361 views

WordPress WP Symposium Pro 2021.10 Plugin - (wps_admin_forum_add_name) XSS Vulnerability

Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 - 'wpsadminforumaddname' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.wpsymposiumpro.com/ Software Link: https://wordpress.org/plugins/wp-symposium-pro/ Version: 2021.10 Tested o...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/06/07 12:0 a.m.361 views

Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...

8.4CVSS0.2AI score0.30623EPSS
Exploits5
0day.today
0day.today
added 2020/06/18 12:0 a.m.361 views

Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...

10CVSS10AI score0.14014EPSS
Exploits5
0day.today
0day.today
added 2019/02/21 12:0 a.m.361 views

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

MikroTik RouterOS 6.43.12 stable / 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack ca...

7.5CVSS0.5AI score0.15697EPSS
Exploits4
0day.today
0day.today
added 2018/11/05 12:0 a.m.361 views

PHP Proxy 3.0.3 - Local File Inclusion Exploit

Exploit for php platform in category web applications Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...

7.4AI score
Exploits0
0day.today
0day.today
added 2005/02/15 12:0 a.m.361 views

vBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2)

Exploit for unknown platform in category web applications ============================================================= vBulletin fetcharray$forumusers == True , when you visit the forums, it must has at least one user show the forum. Fourth condition: magicquotesgpc must be OFF Vulnerable System...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.360 views

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

9.8CVSS7.1AI score0.01073EPSS
Exploits4
0day.today
0day.today
added 2023/02/28 12:0 a.m.360 views

WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality Vulnerability

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/07/21 12:0 a.m.360 views

Emporium eCommerce Online Shopping CMS 1.2 SQL Injection Vulnerability

┌┌────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable...

0.3AI score
Exploits0
Total number of security vulnerabilities5000