Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2023/04/12 12:0 a.m.345 views

InnovaStudio WYSIWYG Editor Asset Manager 5.4 Shell Upload Vulnerability

InnovaStudio WYSIWYG Editor Asset Manager versions 5.4 and below suffer from a remote shell upload vulnerability. Exploit Title: InnovaStudio WYSIWYG Editor 5.4 ASSET MANAGER Unrestricted File Upload / Directory Traversal / Multiple WebApps Exploit Date: 11/04/2023 Exploit Author: Zer0FauLT...

7AI score
Exploits0
0day.today
0day.today
added 2022/07/11 12:0 a.m.345 views

WordPress Visual Slide Box Builder 3.2.9 SQL Injection Vulnerability

Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi Author: nu11secur1ty Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/04/19 12:0 a.m.345 views

REDCap 11.3.9 - Stored Cross Site Scripting Vulnerability

Exploit Title: REDCap 11.3.9 - Stored Cross-Site Scripting Exploit Author: Kendrick Lam References: https://github.com/KCL04/XSS-PoCs/blob/main/CVE-2021-42136.js Vendor Homepage: https://projectredcap.org Software Link: https://projectredcap.org Version: Redcap before 11.4.0 Tested on: 11.2.5 CVE...

9CVSS9.3AI score0.04657EPSS
Exploits5
0day.today
0day.today
added 2022/02/05 12:0 a.m.345 views

Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...

7.5CVSS0.6AI score0.11484EPSS
Exploits4
0day.today
0day.today
added 2019/11/15 12:0 a.m.345 views

Shrew Soft VPN Client 2.2.2 - (iked) Unquoted Service Path Vulnerability

Exploit Title: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path Exploit Author: D.Goedecke Vendor Homepage: www.shrew.net Software Link: https://www.shrew.net/download/vpn/vpn-client-2.2.2-release.exe Version: 2.2.2 Tested on: Windows 10 64bit C:\Users\userwmic service get name,...

0.5AI score
Exploits0
0day.today
0day.today
added 2019/06/26 12:0 a.m.345 views

GrandNode 4.40 - Path Traversal / Arbitrary File Download Vulnerabilities

Exploit for multiple platform in category web applications Exploit Title: GrandNode Path Traversal & Arbitrary File Download Unauthenticated Exploit Author: Corey Robinson https://twitter.com/CRobSec Vendor Homepage: https://grandnode.com/ Software Link:...

5CVSS7.6AI score0.53705EPSS
Exploits4
0day.today
0day.today
added 2016/03/14 12:0 a.m.346 views

WordPress Site Import 1.0.1 Plugin - Local File Inclusion / Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0.1 Tested o...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/04/19 12:0 a.m.345 views

MS15-034 Microsoft IIS Remote Code Execution Exploit

Reverdes from http.sys exploit includes ROP gadgets for Server 2008 and Server 2012 only! This is private exploit. You can buy it at https://0day.today...

10CVSS0.8AI score0.99999EPSS
Exploits16
0day.today
0day.today
added 2007/02/05 12:0 a.m.345 views

Geeklog 2 (BaseView.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ Geeklog 2 BaseView.php Remote File Inclusion Vulnerability ============================================================ GeekLog = 2.x BaseView.php Remote File Include...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/02/26 12:0 a.m.344 views

taskhub 2.8.7 - SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

8CVSS6.6AI score0.00692EPSS
Exploits5
0day.today
0day.today
added 2023/08/10 12:0 a.m.344 views

TP-Link Archer AX21 - Unauthenticated Command Injection Exploit

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

8.8CVSS7.1AI score0.99999EPSS
Exploits7
0day.today
0day.today
added 2023/06/01 12:0 a.m.344 views

Bumsys Business Management System 1.0.3-beta Shell Upload Vulnerability

Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Tested on: Windows 11, XAMPP-8.2.0 CVE...

8.8CVSS7.1AI score0.05748EPSS
Exploits5
0day.today
0day.today
added 2023/04/06 12:0 a.m.344 views

modoboa 2.0.4 - Admin Account Takeover Exploit

/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main import "fmt"...

9.8CVSS9.4AI score0.15088EPSS
Exploits4
0day.today
0day.today
added 2022/08/22 12:0 a.m.344 views

Transposh WordPress Translation 1.0.8.1 Incorrect Authorization Vulnerability

ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date published: 2022-08-16 CVSSv3 Score: 7.5...

7.5CVSS0.7AI score0.01369EPSS
Exploits4
0day.today
0day.today
added 2022/08/08 12:0 a.m.344 views

Nortek Linear eMerge E3-Series Account Takeover XSS Vulnerability

Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover. Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page:...

6.1CVSS6.2AI score0.06652EPSS
Exploits2
0day.today
0day.today
added 2022/01/05 12:0 a.m.344 views

RiteCMS 3.1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0 Tested on: Windo...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/11/05 12:0 a.m.344 views

ImportExportTools NG 10.0.4 - HTML Injection Vulnerability

Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/26 12:0 a.m.344 views

GSearch 1.0.1.0 - Denial of Service Exploit

Exploit Title: GSearch v1.0.1.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt" Cop...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/24 12:0 a.m.344 views

Microsoft Windows 10 1809 - CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration

Exploit for windows platform in category local exploits Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Windows: CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration EoP Platform: Windows 10 1809 not tested earlier Class: Elevation o...

7.2CVSS7.6AI score0.02643EPSS
Exploits1
0day.today
0day.today
added 2018/11/09 12:0 a.m.344 views

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass) Exploit

Exploit for windows platform in category local exploits Microsoft Windows 10 Build 17134 - Local Privilege Escalation UAC Bypass Exploit include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res =...

0.2AI score
Exploits0
0day.today
0day.today
added 2016/12/07 12:0 a.m.344 views

Linux Kernel 4.4.0 AF_PACKET Race Condition / Privilege Escalation Exploit

Linux AFPACKET race condition exploit for Ubuntu 16.04 x8664. / chocoboroot.c linux AFPACKET race condition exploit exploit for Ubuntu 16.04 x8664 vroom vroom ============================== email protected:$ uname -a Linux ubuntu 4.4.0-51-generic 72-Ubuntu SMP Thu Nov 24 18:29:54 UTC 2016 x8664...

7.2CVSS0.3AI score0.11127EPSS
Exploits16
0day.today
0day.today
added 2011/06/18 12:0 a.m.344 views

WeBid v1.0.2 Multiple Remote (CSRF) Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/02/02 12:0 a.m.344 views

CMS Mini <= 0.2.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================== CMS Mini ". "\n+ Ex. : php xpl.php localhost /CMSmini". "\n\n"; if $argc != 3 usage; $hostname = $argv 1; $path = $argv 2; $fp = fsockopen $hostname, 80; $post = "message="; $request = "PO...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/03/05 12:0 a.m.343 views

Wallos Shell Upload Vulnerability

Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: email protected Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: -----------------------------2925144213...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/02/19 12:0 a.m.343 views

Employee Management System v1 - (email) SQL Injection Vulnerability

Exploit Title: Employee Management System v1 - 'email' SQL Injection Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/07/11 12:0 a.m.343 views

Spring Cloud 3.2.2 - Remote Command Execution Exploit

Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...

9.8CVSS7.1AI score0.99939EPSS
Exploits36
0day.today
0day.today
added 2023/03/29 12:0 a.m.343 views

Human Resource Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/06 12:0 a.m.343 views

Agilebio Lab Collector 4.234 Remote Code Execution Exploit

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...

8.8CVSS8.7AI score0.0454EPSS
Exploits3
0day.today
0day.today
added 2023/02/28 12:0 a.m.343 views

Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list 120 of the application and the passwo...

0.9AI score
Exploits0
0day.today
0day.today
added 2022/12/30 12:0 a.m.343 views

Hughes Satellite Router Remote File Inclusion Cross Frame Scripting Vulnerability

Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal...

7AI score
Exploits0
0day.today
0day.today
added 2022/08/09 12:0 a.m.343 views

Matrimonial PHP Script 1.0 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr │ │ : │ Website : uisort.com │ │ │ │ Vendor : Uisort Technologies Pvt. Ltd. │ │ │...

0.7AI score
Exploits0
0day.today
0day.today
added 2019/08/23 12:0 a.m.343 views

Webmin 1.920 password_change.cgi Backdoor Exploit

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attackers inserted Perl qx statements into the build server's source code on two separate...

10CVSS9.7AI score0.99766EPSS
Exploits38
0day.today
0day.today
added 2019/06/18 12:0 a.m.343 views

Thunderbird ESR < 60.7.XXX - icalrecur_add_bydayrules Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...

9.8CVSS9.2AI score0.09903EPSS
Exploits3
0day.today
0day.today
added 2012/10/16 12:0 a.m.343 views

Visual Tools DVR Command Injection / Password Disclosure

Exploit for hardware platform in category web applications Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Statu...

6.7AI score
Exploits0
0day.today
0day.today
added 2024/09/11 12:0 a.m.342 views

VICIdial 2.14-917a SQL Injection Vulnerability

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...

9.8CVSS7.9AI score0.80023EPSS
Exploits10
0day.today
0day.today
added 2024/02/05 12:0 a.m.342 views

Curfew e-Pass Management System 1.0 - FromDate SQL Injection Vulnerability

Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login into the...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/11/12 12:0 a.m.342 views

Penglead 2.0 SQL injection Bypass Authentication Vulnerability

Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter is...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/05/23 12:0 a.m.342 views

PaperCut NG/MG 22.0.4 - Remote Code Execution Exploit

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

7.5CVSS7.1AI score0.99999EPSS
Exploits24
0day.today
0day.today
added 2023/02/28 12:0 a.m.342 views

WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting Vulnerability

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Unauthenticated Reflected Cross-Site Scripting XSS Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/09/19 12:0 a.m.342 views

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection Vulnerability

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/06/21 12:0 a.m.342 views

Lepin EP-KP001 KP001_V19 Authentication Bypass Vulnerability

When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication. Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability...

4.6CVSS0.6AI score0.00506EPSS
Exploits3
0day.today
0day.today
added 2022/02/08 12:0 a.m.342 views

Wing FTP Server 4.3.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/18 12:0 a.m.342 views

Landa Driving School Management System 2.0.1 Arbitrary File Upload Vulnerability

Exploit Title: Landa Driving School Management System Arbitrary File Upload Version 2.0.1 Exploit Author: Sohel Yousef - email protected Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Software link 2 :https://simcycreative.com/landa/ Software Demo :...

Exploits0
0day.today
0day.today
added 2021/12/08 12:0 a.m.342 views

Reprise License Manager 14.2 Buffer Overflow Vulnerability

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44154 Vulnerability Title: Authenticated Buffer Overflow Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: By using an...

7.2CVSS0.6AI score0.0185EPSS
Exploits3
0day.today
0day.today
added 2021/06/14 12:0 a.m.342 views

GLPI 9.4.5 - Remote Code Execution Exploit

Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...

9CVSS8.1AI score0.10949EPSS
Exploits7
0day.today
0day.today
added 2021/04/16 12:0 a.m.342 views

Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)

Linux/x64 - execve/bin/sh Shellcode 21 bytes Author: s1ege Tested on: x8664 GNU/Linux Shellcode Length: 21 / objdump disassembly 401000: 50 push %rax 401001: 48 31 d2 xor %rdx,%rdx 401004: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx 40100b: 2f 73 68 40100e: 53 push %rbx 40100f: 54 push...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/07/08 12:0 a.m.342 views

Cisco Data Center Network Manager 11.1(1) Remote Code Execution Exploit

Cisco Data Center Network Manager DCNM versions 11.11 and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities. Authentication Bypass and Arbitrary File Upload leading to remote code execution on Cisco Data Center...

10CVSS0.5AI score0.8378EPSS
Exploits8
0day.today
0day.today
added 2010/05/28 12:0 a.m.342 views

Clubpage (clubpage.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================================== Clubpage clubpage.php SQL Injection Vulnerability ==================================================== Title: Clubpage clubpage.php SQL Injection Vulnerability Version: All versions Author:...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/01 12:0 a.m.341 views

WordPress Critical Site Intel 1.0 SQL Injection Vulnerability

CVE-2024-55976 Critical Site Intel = 1.0 - Unauthenticated SQL Injection Description The Critical Site Intel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

9.3CVSS9.4AI score0.01166EPSS
Exploits2
0day.today
0day.today
added 2024/03/27 12:0 a.m.342 views

Artica Proxy Unauthenticated PHP Deserialization Exploit

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and...

9.8CVSS10AI score0.8126EPSS
Exploits9
Total number of security vulnerabilities5000