Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2013/10/29 12:0 a.m.329 views

WordPress Ghost theme - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/02 12:0 a.m.328 views

WordPress Navayan CSV Export 1.0.9 SQL Injection Vulnerability

CVE-2024-55988 Navayan CSV Export = 1.0.9 - Unauthenticated SQL Injection Description The Navayan CSV Export plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

9.3CVSS7.4AI score0.01116EPSS
Exploits1
0day.today
0day.today
added 2024/02/19 12:0 a.m.328 views

Microsoft Windows Defender - VBScript Detection Bypass Vulnerability

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...

7.2AI score
Exploits0
0day.today
0day.today
added 2023/10/02 12:0 a.m.328 views

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway. Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink...

7AI score
Exploits0
0day.today
0day.today
added 2023/04/20 12:0 a.m.328 views

Franklin Fueling Systems TS-550 - Default Password Vulnerability

Exploit Title: Franklin Fueling Systems TS-550 - Default Password Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to find the panel...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/12/24 12:0 a.m.328 views

macOS/x64 Execve Caesar Cipher String Null-Free Shellcode (286 bytes)

Shellcode Title: macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode 286 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/07/02 12:0 a.m.328 views

Stock Management System 2020 SQL injection Vulnerability

Title: Stock-Management-System-2020 SQLi Author: nu11secur1ty Vendor: https://github.com/Dav-ee Software: https://github.com/Dav-ee/Stock-Management-System Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Kiprono-Davies/2022/Stock-Management-System-2020 Description: T...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/04/21 12:0 a.m.328 views

Online Restaurant Table Reservation System 1.0 SQL Injection Vulnerability

Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/04/19 12:0 a.m.328 views

Zyxel NWA-1100-NH - Command Injection Vulnerability

Exploit Title: Zyxel NWA-1100-NH - Command Injection Exploit Author: Ahmed Alroky Vendor Homepage: https://www.zyxel.com/homepage.shtml Version: ALL BEFORE 2.12 Tested on: Linux CVE : CVE-2021-4039 References : https://download.zyxel.com/NWA1100-NH/firmware/NWA1100-NH2.12AASI.3C02.pdf ,...

9.8CVSS0.71048EPSS
Exploits4
0day.today
0day.today
added 2022/01/20 12:0 a.m.328 views

CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage Vulnerability

The panel for Collector Stealer malware version 2.0.0 stores the login credentials in plaintext in its MySQL database. Third-party attackers who gain access to the system can read the database username passwords without having to crack them offline. Discovery / credits: Malvuln - malvuln.com c 20...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.328 views

Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Vulnerabilities

Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen@cq674350529 of Qihoo 360 Nirvan Team Product Description ================== Router...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/04/17 12:0 a.m.328 views

Shape Web Solutions CMS SQL Injection Vulnerability

Exploit for php platform in category web applications Shape Web Solutions CMS SQL Injection Vulnerability Exploit Title: Shape Web Solutions CMS SQL Injection Vulnerability Date: 03-18-2011 Vendor or Software Link: http://www.shapeweb.com.br/ Version: All version Category:: webapps Google dork:...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/02/13 12:0 a.m.327 views

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Denial Of Service Exploit

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/11/28 12:0 a.m.327 views

CSZ CMS 1.3.0 Shell Upload Vulnerability

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/30 12:0 a.m.327 views

GOM Player 2.3.90.5360 MITM / Remote Code Execution Exploit

GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit. Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/...

7.9AI score
Exploits0
0day.today
0day.today
added 2023/07/10 12:0 a.m.327 views

Faculty Evaluation System v1.0 - SQL Injection Vulnerability

Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/26 12:0 a.m.327 views

Service Provider Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Service Provider Management System v1.0 - SQL Injection Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/25 12:0 a.m.327 views

Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode

; Name: Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode ; Author: Nayani ; Tested on: Microsoft Windows Version 10.0.22621 Build 22621 ; Description: ; This an implementation of DeleteFileA Windows api to delete a file in the C:/Windows/Temp/ directory. ; To test this...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/05/12 12:0 a.m.327 views

Explore CMS 1.0 - SQL Injection Vulnerability

Exploit Title: Explore CMS 1.0 - SQL Injection Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: CVE-2022-27412 POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an...

9.8CVSS0.1AI score0.03829EPSS
Exploits3
0day.today
0day.today
added 2022/04/19 12:0 a.m.327 views

Scriptcase 9.7 - Remote Code Execution Exploit

Exploit Title: Scriptcasr 9.7 arbitrary file upload getshell Exploit Author: luckyt0mat0 Vendor Homepage: https://www.scriptcase.net/ Software Link: https://www.scriptcase.net/download/ Version: 9.7 Tested on: Windows Server 2019 Proof of Concept: POST...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/06 12:0 a.m.327 views

Virtual Airlines Manager 2.6.2 - (multiple) SQL Injection Vulnerability

Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Google Dork: Powered by Virtual Airlines Manager v2.6.2 Exploit Author: Milad Karimi Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/ Version: 2.6.2...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/08 12:0 a.m.327 views

WordPress Backup and Restore 1.0.3 Plugin - Arbitrary File Deletion Vulnerability

Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Windows 10 Poc:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/11/18 12:0 a.m.327 views

ZeroLogon - Netlogon Elevation of Privilege Exploit

Exploit Title: ZeroLogon - Netlogon Elevation of Privilege Date: 2020-10-04 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Tested on: Microsof...

10CVSS9.4AI score0.99512EPSS
Exploits75
0day.today
0day.today
added 2020/07/01 12:0 a.m.327 views

PHP-Fusion 9.03.60 - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.60 - PHP Object Injection Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 Description: PHP...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/10/11 12:0 a.m.326 views

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vulnerability

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system. ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb...

7.9AI score
Exploits0
0day.today
0day.today
added 2024/02/12 12:0 a.m.326 views

WyreStorm Apollo VX20 Account Enumeration Vulnerability

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery. + Credits: John...

7.5CVSS7.3AI score0.04051EPSS
Exploits4
0day.today
0day.today
added 2023/10/24 12:0 a.m.326 views

VMWare Aria Operations For Networks SSH Private Key Exposure Exploit

VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. This module requir...

9.8CVSS9.8AI score0.64194EPSS
Exploits9
0day.today
0day.today
added 2022/11/11 12:0 a.m.326 views

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Vulnerability

Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...

7.5CVSS1.4AI score0.45957EPSS
Exploits5
0day.today
0day.today
added 2022/05/12 12:0 a.m.326 views

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (Authenticated) Exploit

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on MyBB's Admin CP in...

7.2CVSS0.2AI score0.77677EPSS
Exploits9
0day.today
0day.today
added 2022/03/02 12:0 a.m.326 views

Firefox MCallGetProperty Write Side Effects Use-After-Free Exploit

This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order ...

8.8CVSS8.9AI score0.42327EPSS
Exploits4
0day.today
0day.today
added 2021/10/13 12:0 a.m.326 views

myfactory.FMS 7.1-911 Cross Site Scripting Vulnerability

Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser. Details...

6.1CVSS6.3AI score0.05832EPSS
Exploits4
0day.today
0day.today
added 2018/11/07 12:0 a.m.326 views

Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation Exploit

Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account. Dell OpenManage Network...

9CVSS1.1AI score0.12324EPSS
Exploits7
0day.today
0day.today
added 2016/12/13 12:0 a.m.326 views

PHP 7.0.13 Use After Free unserialize() PoC Exploit

Exploit for php platform in category dos / poc PoC: data; function unserialize$data $this-data = unserialize$data; class obj2 var $ryat; function wakeup $this-ryat = null; $inner = 's:4:"ryat";'; $exploit = 'a:2:i:0;C:4:"obj1":'.strlen$inner.':'.$inner.'i:1;O:4:"obj2":1:s:4:"ryat";R:3;'; $data =...

7.5CVSS9.2AI score0.04303EPSS
Exploits2
0day.today
0day.today
added 2024/04/15 12:0 a.m.325 views

djangorestframework-simplejwt 5.3.1 - Information Disclosure Exploit

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

5.5CVSS7AI score0.00804EPSS
Exploits4
0day.today
0day.today
added 2024/04/11 12:0 a.m.325 views

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution. import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET =...

9.8CVSS7.7AI score0.03821EPSS
Exploits6
0day.today
0day.today
added 2024/03/20 12:0 a.m.325 views

Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution Vulnerabilities

Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution. Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload Exploit Author: kai6u Vendor Homepage: https://www.getlektor.co...

8.3AI score
Exploits0
0day.today
0day.today
added 2024/03/11 12:0 a.m.325 views

DataCube3 v1.0 - Unrestricted file upload Remote Code Execution Exploit

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Tested on: DataCube3...

9.8CVSS6.7AI score0.2403EPSS
Exploits6
0day.today
0day.today
added 2024/02/22 12:0 a.m.325 views

SitePad 1.8.2 Cross Site Scripting Vulnerability

Exploit Title: SitePad Version : 1.8.2 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://sitepad.com/ Version : 1.8.2 Tested on: https://www.softaculous.com/apps/blogs/SitePad 1 Go to Templates Header Edit Pagelayer Template 2 Write in Name : " 3 After save and refresh page will be se...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/09 12:0 a.m.325 views

liveSite 2019.1 Remote Code Execution Vulnerability

Exploit Title: liveSite Version : 2019.1 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region Name:megamenu ,...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/10/02 12:0 a.m.325 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure Vulnerability

Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access. Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.325 views

EuroTel ETL3100 - Transmitter Default Credentials Vulnerability

Exploit Title: EuroTel ETL3100 Transmitter Default Credentials Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/26 12:0 a.m.325 views

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Exploit

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

9.8CVSS9.2AI score0.12453EPSS
Exploits4
0day.today
0day.today
added 2022/09/26 12:0 a.m.325 views

Active eCommerce CMS 6.3.0 Cross Site Scripting Vulnerability

Exploit Title: Active eCommerce CMS Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 -------Request----------- POST /ajax-search HTTP/1.1...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/21 12:0 a.m.325 views

Banco Guayaquil 8.0.0 Cross Site Scripting Vulnerability

Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/12/28 12:0 a.m.325 views

TerraMaster F4-210 / F2-210 Remote Code Execution Exploit

Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected. /bin/env python """ Product: Terramaster F4-210, Terramaster F2-210 Version: TOS...

7.8AI score
Exploits0
0day.today
0day.today
added 2021/12/06 12:0 a.m.325 views

Microsoft Internet Explorer Active-X Control Security Bypass Vulnerability

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.3AI score
Exploits0
0day.today
0day.today
added 2021/11/08 12:0 a.m.325 views

Simple Client Management System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/10/21 12:0 a.m.325 views

NIMax 5.3.1f0 - (VISA Alias) Denial of Service Exploit

Exploit Title: NIMax 5.3.1f0 - 'VISA Alias' Denial of Service PoC Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required - https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000000YGQwCAO&l=en-GB...

Exploits0
0day.today
0day.today
added 2021/09/03 12:0 a.m.325 views

Remote Mouse 4.002 - Unquoted Service Path Vulnerability

Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on: Windows 10 Proof...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/25 12:0 a.m.325 views

VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit

VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...

9.9CVSS0.6AI score0.1994EPSS
Exploits6
Total number of security vulnerabilities5000