Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2021/10/25 12:0 a.m.1761 views

phpMyAdmin 4.8.1 - Remote Code Execution Exploit

Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested on: Linux - Debian...

8.8CVSS0.1AI score0.98391EPSS
Exploits21
0day.today
0day.today
added 2019/05/24 12:0 a.m.1747 views

Bitbucket Path Traversal / Remote Code Execution Vulnerability

Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that...

0.7AI score0.05057EPSS
Exploits1
0day.today
0day.today
added 2016/12/23 12:0 a.m.1731 views

OpenSSH 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation Exp

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separation is enabled by default, it is documented a...

6.9CVSS0.4AI score0.0424EPSS
Exploits2
0day.today
0day.today
added 2009/04/17 12:0 a.m.1722 views

Online Guestbook Pro (display) Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ Online Guestbook Pro display Blind SQL Injection Vulnerability ================================================================ Online Guestbook Pro display Blind SQL Injecti...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/05/29 12:0 a.m.1706 views

Communique Detail ID (communique_detail) SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================================== Communique Detail ID communiquedetail.php SQL Injection Vulnerability ======================================================================== Title: Communique Detail...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/10 12:0 a.m.1694 views

XMeye P2P Cloud Remote Code Execution / Integrity Issues Vulnerabilities

XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution. ======================================================================= title: Remote Code Execution via XMeye...

9.8CVSS0.2AI score0.01251EPSS
Exploits4
0day.today
0day.today
added 2022/06/07 12:0 a.m.1691 views

Apache 2.4.50 Remote Code Execution Exploit

include include include include include / Apache 2.4.50 exploit CVE-2021-42013 Author: Vilius Povilaika Website: www.povilaika.com / // compile: $ gcc cve-2021-42013.c -lcurl -o cve-2021-42013 int usagechar prog printf"Usage: %s \n", prog; printf" - %s https://127.0.0.1 "uname -a"\n", prog;...

9.8CVSS0.99964EPSS
Exploits174
0day.today
0day.today
added 2021/03/03 12:0 a.m.1686 views

AnyDesk 5.5.2 - Remote Code Execution Exploit

Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001 def...

9.8CVSS9.6AI score0.80551EPSS
Exploits8
0day.today
0day.today
added 2017/10/12 12:0 a.m.1678 views

Apache Tomcat JSP Upload Bypass Remote Code Execution Exploit

This Metasploit module uploads a jsp payload and executes it. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat RCE via JSP Upload Bypass', 'Description' = %q This module uploads a jsp...

6.8CVSS8.1AI score0.99988EPSS
Exploits23
0day.today
0day.today
added 2022/04/12 12:0 a.m.1677 views

Windows User Profile Service Privlege Escalation Exploit

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...

7.8CVSS8.9AI score0.14393EPSS
Exploits2
0day.today
0day.today
added 2011/02/24 12:0 a.m.1651 views

VidiScript SQL Injection Vulnerability

Exploit for php platform in category web applications + Title: VidiScript Sql Injection Vulnerability + Date: 23.02.2011 + Software Link: VidiScript.com + Where : From Remote Founded by : ThEtA.Nu Team: Kosova Hacker Security Contact: theta.nuatwindowslivedotcom Home: www.khs-crew.org...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/07/11 12:0 a.m.1642 views

Nginx 1.20.0 - Denial of Service Exploit

Exploit Title: Nginx 1.20.0 - Denial of Service DOS Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bionic CVE:...

7.7CVSS0.1AI score0.53461EPSS
Exploits10
0day.today
0day.today
added 2019/03/15 12:0 a.m.1641 views

Moodle 3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the...

6.5CVSS8.8AI score0.32234EPSS
Exploits5
0day.today
0day.today
added 2018/03/09 12:0 a.m.1629 views

Microsoft Office - Composite Moniker Remote Code Execution Exploit

Exploit for windows platform in category local exploits What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the...

9.3CVSS7.9AI score0.99933EPSS
Exploits38
0day.today
0day.today
added 2020/07/12 12:0 a.m.1628 views

Liferay Portal Remote Code Execution Exploit

Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface. Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Vendor: Link:...

9.8CVSS9.5AI score0.99783EPSS
Exploits10
0day.today
0day.today
added 2020/03/12 12:0 a.m.1615 views

SQL Server Reporting Services (SSRS) ViewState Deserialization Exploit

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...

8.8CVSS0.8AI score0.99046EPSS
Exploits14
0day.today
0day.today
added 2024/02/21 12:0 a.m.1611 views

WordPress 6.4.3 Username Disclosure Vulnerability

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability. Title: wordpress 6.4.3 - Username Disclosure Author: h4shur Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested...

7.2AI score
Exploits0
0day.today
0day.today
added 2017/10/25 12:0 a.m.1607 views

osTicket 1.10.1 Shell Upload Vulnerability

Exploit for php platform in category web applications Reference: https://becomepentester.blogspot.ae/2017/10/osTicket-File-Upload- Restrictions-Bypassed-CVE-2017-15580.html Exploit Title: File Upload Restrictions Bypassed Date: 18 October, 2017 Exploit Author: Rajwinder Singh Vendor Homepage:...

7.5CVSS9.2AI score0.15977EPSS
Exploits5
0day.today
0day.today
added 2006/12/09 12:0 a.m.1600 views

mxBB Module Profile CP 0.91c Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================== mxBB Module Profile CP 0.91c Remote File Include Vulnerability ============================================================== mxBB Module Profile Control Panel 0.91c Remote Fil...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/08/17 12:0 a.m.1598 views

Werkzeug Debug Shell Command Execution Exploit

This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian. This module requires Metasploit:...

6.9AI score
Exploits0
0day.today
0day.today
added 2009/04/03 12:0 a.m.1597 views

glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================================= glFusion 1 // Check user status $status = SECcheckUserStatus$userid; if $status == USERACCOUNTACTIVE || $status == USERACCOUNTAWAITINGACTIVATION $userloggedin = 1;...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/06/27 12:0 a.m.1596 views

elFinder 2.0 - file manager for web(rc1) - File Upload Vulnerability

Usage Info Info : u can upload .php .php3 .php6 .txt .html .pl .htaccess and ... Upload Your webshell and load from : site.com/var/upload/ro0t.php site.com/files/upload/ro0t.php site.com/var/upload/ro0t.php for get file url double click on your file to open file iframe page |/ o o...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/06/26 12:0 a.m.1587 views

SPIP v4.2.0 - Remote Code Execution (Unauthenticated) Exploit

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS7.1AI score0.99637EPSS
Exploits23
0day.today
0day.today
added 2020/08/22 12:0 a.m.1586 views

Linux/x86 execve /bin/sh Shellcode (10 bytes)

Exploit Title: Linux/x86 - execve "/bin/sh" 10 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 10 SLAE-id : Purchased | email protected Reference :...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/09/10 12:0 a.m.1581 views

Atlassian Confluence WebWork OGNL Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence WebWork OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence's WebWork compone...

9.8CVSS8.8AI score0.99999EPSS
Exploits45
0day.today
0day.today
added 2019/11/21 12:0 a.m.1576 views

Network Management Card 6.2.0 - Host Header Injection Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Network Management Card 6.2.0 - Host Header Injection Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link: https://www.apc.com/shop/in/en/products/Network-Management-Card...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/02/09 12:0 a.m.1570 views

WordPress 5.9.0 core Remote Code Execution 0day Exploit

This python exploit allow remote code execution, work with default installations and should not require any authentication or user interaction...

3.8AI score
Exploits0
0day.today
0day.today
added 2019/05/07 12:0 a.m.1569 views

Oracle Weblogic Server Deserialization Remote Code Execution Exploit

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS1AI score0.99964EPSS
Exploits35
0day.today
0day.today
added 2006/03/15 12:0 a.m.1564 views

php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ====================================================================== php iCalendar autisticiorg\r\n"; echo "this works if "phpicalendarpublishing" is set to 1 in config.inc.php\r\n\r\n"; short explaination: phpICal lets users...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/10/29 12:0 a.m.1555 views

PHP-FPM + Nginx - Remote Code Execution Exploit

Exploit for php platform in category web applications PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have...

7.5CVSS0.1AI score0.9947EPSS
Exploits55
0day.today
0day.today
added 2019/04/03 12:0 a.m.1542 views

PhreeBooks ERP 5.2.3 - Arbitrary File Upload Exploit

Exploit for php platform in category web applications PhreeBooks ERP v5.2.3 - Arbitrary File Upload Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/files/latest/download Category: Webapps Version: 5.2.3 Tested...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/04/02 12:0 a.m.1537 views

MongoDB nativeHelper.apply Remote Code Execution Vulnerability

This Metasploit module exploits the nativeHelper feature from spiderMonkey which allows control over execution by calling it with specially crafted arguments. This Metasploit module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze. This file is part of the Metasplo...

6CVSS0.3AI score0.44543EPSS
Exploits7
0day.today
0day.today
added 2007/02/15 12:0 a.m.1537 views

CodeAvalanche News 1.x (CAT_ID) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== CodeAvalanche News 1.x CATID Remote SQL Injection Vulnerability ================================================================== CodeAvalanche News SQL Injection Software...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/04/15 12:0 a.m.1530 views

ThinkPHP 5.0.23 Remote Code Execution Exploit

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the...

9.8CVSS9.8AI score0.9953EPSS
Exploits9
0day.today
0day.today
added 2011/04/30 12:0 a.m.1527 views

ClanSphere 2011.0 (CKEditor) Multiple Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/06/21 12:0 a.m.1524 views

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components. ======================================================================= title: Hardcoded Backdoor User and Outdated Software Components...

10CVSS7.2AI score0.94859EPSS
Exploits52
0day.today
0day.today
added 2006/12/01 12:0 a.m.1518 views

deV!Lz Clanportal [DZCP] <= 1.3.6 Arbitrary File Upload Vulnerability

Exploit for unknown platform in category web applications ===================================================================== deV!Lz Clanportal DZCP = 1.3.6 Arbitrary File Upload Vulnerability ===================================================================== S Y N O P S I S /...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/01/02 12:0 a.m.1500 views

ClipShare (uprofile.php UID) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== ClipShare uprofile.php UID Remote SQL Injection Vulnerability =============================================================== video sharing www.clip-share.com Remote SQL...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/06/18 12:0 a.m.1497 views

e107 Plugin - FilleDownload Plugin Upload Shell / Remote File Disclosure

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/05/16 12:0 a.m.1494 views

Jcow 4.2.1 LFI Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................Jcow 4.2.1 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.jcow.net/ Discover...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/07/01 12:0 a.m.1484 views

deV!Lz Clanportal [DZCP] <= 1.34 (id) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================== deV!Lz Clanportal DZCP = 1.34 id Remote SQL Injection Exploit ================================================================== ? errorreportingEERROR; function exploitini...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/10/13 12:0 a.m.1468 views

Moodle Admin Shell Upload Exploit

This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the payload is sent for execution, and the plugin uninstalled. You must have an admin account to exploit this...

0.3AI score
Exploits3
0day.today
0day.today
added 2017/04/20 12:0 a.m.1463 views

October CMS 1.0.412 Code Execution / Shell Upload Vulnerabilities

Exploit for php platform in category web applications October CMS v1.0.412 several vulnerabilities Information =========== Name: October CMS v1.0.412 build 412 Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be authenticat...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/10/21 12:0 a.m.1463 views

IObit Advanced SystemCare 9 Unquoted Service Path Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: IObit Advanced SystemCare 9 Unquoted Service Path Privilege Escalation Date: 19/10/2016 Exploit Author: Federico Zambito Vendor Homepage: http://www.iobit.com/ Software Link: http://www.iobit.com/en/advancedsystemcarefree.php...

6.8AI score
Exploits0
0day.today
0day.today
added 2013/08/27 12:0 a.m.1460 views

Obehotel CMS SQL Injection Vulnerability

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...

7.8CVSS0.5AI score0.98945EPSS
Exploits17
0day.today
0day.today
added 2024/03/27 12:0 a.m.1453 views

OpenNMS Horizon 31.0.7 Remote Command Execution Exploit

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versio...

8.2CVSS8.3AI score0.02951EPSS
Exploits3
0day.today
0day.today
added 2022/08/04 12:0 a.m.1444 views

MobileIron Log4Shell Remote Command Execution Exploit

MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP...

10CVSS0.7AI score0.99999EPSS
Exploits351
0day.today
0day.today
added 2007/10/21 12:0 a.m.1437 views

BBPortalS <= 2.0 Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== BBPortalS get$sql; if!$res - content = /Warning/ print " The Current number of fields is : $err\n"; $err++; max007; else if$err=...

7.1AI score
Exploits0
0day.today
0day.today
added 2017/05/25 12:0 a.m.1425 views

Samba 3.5.0 - Remote code execution Exploit

Exploit for linux platform in category remote exploits ! /usr/bin/env python Title : ETERNALRED Date: 05/24/2017 Exploit Author: steelo Vendor Homepage: https://www.samba.org Samba 3.5.0 - 4.5.4/4.5.10/4.4.14 CVE-2017-7494 import argparse import os.path import sys import tempfile import time from...

10CVSS9.7AI score0.99448EPSS
Exploits24
0day.today
0day.today
added 2014/01/24 12:0 a.m.1425 views

XOS Shop 1.0 rc7o (redirect.php, goto param) - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: XOS Shopv1.0rc7o Sql Injection Vulnerability Date: 23/01/2014 Exploit Author: JoKeRStEx Vendor Homepage: http://www.xos-shop.com/ Software Link: http://xos-shop.com/main/index.php/cPath/25/ Version: v1.0 rc7o Tested on: Windows...

7.1AI score
Exploits0
Total number of security vulnerabilities5000