Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2022/01/21 12:0 a.m.325 views

Banco Guayaquil 8.0.0 Cross Site Scripting Vulnerability

Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/12/28 12:0 a.m.325 views

TerraMaster F4-210 / F2-210 Remote Code Execution Exploit

Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected. /bin/env python """ Product: Terramaster F4-210, Terramaster F2-210 Version: TOS...

7.8AI score
Exploits0
0day.today
0day.today
added 2021/12/06 12:0 a.m.325 views

Microsoft Internet Explorer Active-X Control Security Bypass Vulnerability

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.3AI score
Exploits0
0day.today
0day.today
added 2021/11/08 12:0 a.m.325 views

Simple Client Management System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/09/03 12:0 a.m.325 views

Remote Mouse 4.002 - Unquoted Service Path Vulnerability

Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on: Windows 10 Proof...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/25 12:0 a.m.325 views

VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit

VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...

9.9CVSS0.6AI score0.1994EPSS
Exploits6
0day.today
0day.today
added 2018/01/15 12:0 a.m.325 views

Oracle PeopleSoft 8.5x - Remote Code Execution Vulnerability

Exploit for java platform in category web applications Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux...

7.5CVSS9.2AI score0.43492EPSS
Exploits4
0day.today
0day.today
added 2010/04/29 12:0 a.m.325 views

Eremetia (news.php and faq2.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================================ Eremetia news.php and faq2.php SQL Injection Vulnerability ============================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/08/19 12:0 a.m.325 views

Mambo cropimage Component <= 1.0 Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== Mambo cropimage Component = 1.0 Remote File Include Vulnerability ================================================================== C Y B E R - W A R R I O R T I M Mambo...

7.1AI score
Exploits0
0day.today
0day.today
added 2005/12/14 12:0 a.m.325 views

Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit

Exploit for unknown platform in category web applications ============================================================== Limbo this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/12/12 12:0 a.m.324 views

WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery Vulnerability

Exploit Title: WP Plugins Contact Form to Any API history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.1.7...

4.3CVSS7.1AI score0.00465EPSS
Exploits2
0day.today
0day.today
added 2023/03/29 12:0 a.m.324 views

Outline V1.6.0 - Unquoted Service Path Vulnerability

Exploit Title: Outline V1.6.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://getoutline.org/ Software Link: https://getoutline.org/ Tested Version: V1.6.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 11 Enterprise Step to...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/01/10 12:0 a.m.324 views

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection Vulnerability

---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="fi...

7.2CVSS7.1AI score0.01048EPSS
Exploits3
0day.today
0day.today
added 2022/04/12 12:0 a.m.324 views

WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting Vulnerability

Tittle: WordPress Plugin Anti-Malware Security and Brute-Force Firewall HTTP/1.1 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzi...

6.1CVSS6.3AI score0.03013EPSS
Exploits4
0day.today
0day.today
added 2022/02/23 12:0 a.m.324 views

Microweber CMS 1.2.10 Local File Inclusion Exploit

Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on: Microweber CMS v1.2.10...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/20 12:0 a.m.324 views

VulturiBuilder Insecure Permissions Vulnerability

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt Contact: email protected Media: twitter.com/malvuln Threat: VulturiBuilder Vulnerability: Insecure Permissions Description: The malware writes an .EXE with insecure...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/01/06 12:0 a.m.324 views

Dixell XWEB 500 - Arbitrary File Write Vulnerability

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.324 views

XenForo 2.1.10 Patch 2 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: XenForo v2.1.10 Patch 2 Stored XSS Author: Vincent666 ibn Winnie Software Link: https://xenforo.com/demo/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog :https://pentest-vincent.blogspot.com/ PoC...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/06/06 12:0 a.m.324 views

PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow Exploit

Exploit for php platform in category dos / poc Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if...

7.5CVSS8.8AI score0.87606EPSS
Exploits3
0day.today
0day.today
added 2015/02/23 12:0 a.m.324 views

WeBid 1.1.1 Unrestricted File Upload Exploit

Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/02/20 12:0 a.m.323 views

Ollama 0.5.11 Denial of Service Exploit

Ollama supports importing and parsing user-uploaded customized GGUF models via the network request by default. This functionality can be manipulated to cause an out-of-memory denial of service attack. Title: The malicious gguf model can lead to DoS due to out of memory killed via network in ollam...

7.1AI score0.00672EPSS
Exploits2
0day.today
0day.today
added 2024/03/20 12:0 a.m.323 views

Tramyardg Autoexpress 1.3.0 SQL Injection Vulnerability

Exploit Title: tramyardg autoexpress - SQL Injection Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48901 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901...

9.8CVSS7.4AI score0.01031EPSS
Exploits3
0day.today
0day.today
added 2024/02/27 12:0 a.m.323 views

Zoo Management System 1.0 - Unauthenticated Remote Code Execute Vulnerability

Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE Exploit Author: Çağatay Ceyhan Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.htmlgooglevignette Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/19 12:0 a.m.323 views

Student Study Center Management System v1.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Student Study Center Management System v1.0 - Stored Cross-Site Scripting XSS Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://phpgurukul.com Software Link:...

4.8CVSS5.7AI score0.03663EPSS
Exploits5
0day.today
0day.today
added 2023/04/20 12:0 a.m.323 views

Serendipity 2.4.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/28 12:0 a.m.323 views

Joomla! 4.2.7 Unauthenticated Information Disclosure Exploit

!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...

5.3CVSS6.2AI score0.99827EPSS
Exploits43
0day.today
0day.today
added 2023/03/23 12:0 a.m.323 views

MAN-EAM-0003 V3.2.4 - XML External Entity (XXE) Vulnerability

Exploit Title: MAN-EAM-0003 V3.2.4 - XXE Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: http://guralp.com/ Version: 3.2.4 Authentication Required: NO CVE : CVE-2022-38840 Google dork: " webconfig menu.cgi " Tested on: Windows Exploit 1 - browse to http:// name/cgi-bin/xmlstatus.cgi 2 - cli...

7.5CVSS7.6AI score0.09803EPSS
Exploits4
0day.today
0day.today
added 2022/08/10 12:0 a.m.323 views

AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit

-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...

9.8CVSS9.6AI score0.53752EPSS
Exploits5
0day.today
0day.today
added 2022/01/13 12:0 a.m.323 views

Online Diagnostic Lab Management System 1.0 - SQL Injection Vulnerability

Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/27 12:0 a.m.323 views

Bio Star 2.8.2 - Local File Inclusion Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Bio Star 2.8.2 - Local File Inclusion Authors: SITE Team Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi Exploit Author: SITE Team Vendor Homepage: https://www.supremainc.com/en/main.asp Software Link:...

5CVSS7.8AI score0.50734EPSS
Exploits4
0day.today
0day.today
added 2020/07/27 12:0 a.m.323 views

WordPress Email Subscribers & Newsletters 4.2.2 Plugin - Unauthenticated File Download Vulnerabi

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Exploit Author: email protectedESEC Vendor Homepage:...

5CVSS5.5AI score0.71399EPSS
Exploits4
0day.today
0day.today
added 2019/12/17 12:0 a.m.323 views

Metasploit Sample Linux Privilege Escalation Exploit

This Metasploit exploit module illustrates how a vulnerability could be exploited in a linux command for privilege escalation. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/11/19 12:0 a.m.323 views

XMPlay 3.8.3 - .m3u Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP/7/8 CVE ...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/03/19 12:0 a.m.323 views

Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit

Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Exim GHOST glibc gethostbyname Buffer Overflow', 'Description' = %q This modu...

10CVSS0.1AI score0.94859EPSS
Exploits29
0day.today
0day.today
added 2010/02/16 12:0 a.m.323 views

SongForever clone Shell Upload Vulnerability

Exploit for unknown platform in category web applications ============================================ SongForever clone Shell Upload Vulnerability ============================================ ======================================================================================== | Title :...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/03/12 12:0 a.m.322 views

Human Resource Management System 1.0 - (employeeid) SQL Injection Vulnerability

Exploit Title: Human Resource Management System - SQL Injection Exploit Author: Srikar Exp1o1t9r Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/02/27 12:0 a.m.322 views

Ubuntu 22.04 perl2exe < V30.10C - Arbitrary Code Execution Vulnerability

Exploit Title: Executables Created with perl2exe safe.pl user@testing:/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe safe.pl Perl2Exe V30.10C 2020-12-11 Copyright c 1997-2020 IndigoSTAR Software ... Generating safe user@testing:/example$ user@testing:/example$ Check that the program executes as...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/11/28 12:0 a.m.322 views

etcd-browser 87ae63d75260 Directory Traversal Vulnerability

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/12 12:0 a.m.322 views

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak Vulnerability

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/05/19 12:0 a.m.322 views

SEO Friendly Blog CMS 1.0 Cross Site Scripting Vulnerability

Title: SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database-1.0-2023 XSS-Reflected Vulnerability Author: nu11secur1ty Vendor: https://technosmarter.com/ Software: https://github.com/technosmarter/SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database Reference XSS:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.322 views

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution Exploit

Titan FTP Server Path Traversal Vulnerability in move-file Function Version: 2.0.1.2102 CVE-2023-22629 CWE-24: Path Traversal TitanFTP Server is vulnerable to a path traversal attack in the move-file function. An attacker can exploit this vulnerability by providing a specially crafted newPath...

8.8CVSS8.7AI score0.12322EPSS
Exploits4
0day.today
0day.today
added 2023/01/05 12:0 a.m.322 views

Linear eMerge E3-Series Access Controller Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in cardscandecoder.php via the No and door HTTP GET parameter. Successful...

9.8CVSS1.3AI score0.97136EPSS
Exploits16
0day.today
0day.today
added 2022/10/06 12:0 a.m.322 views

Canteen Management 1.0 2022 - XSS Reflected Vulnerability

Title: Canteen-Management-1.0-2022 suffers from XSS-Reflected Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/11/15 12:0 a.m.322 views

PHP Laravel 8.70.1 - Cross Site Scripting to Cross Site Request Forgery Vulnerability

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We can bypass larav...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.322 views

Cisco 7937G All-In-One Exploiter Exploit

This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below. Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepag...

9.8CVSS7.9AI score0.7977EPSS
Exploits8
0day.today
0day.today
added 2016/11/16 12:0 a.m.322 views

Nginx (Debian-Based Distributions) - Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/bin/bash Source: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html Nginx Debian-based distros - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid...

7.2CVSS0.1AI score0.04863EPSS
Exploits6
0day.today
0day.today
added 2012/12/30 12:0 a.m.322 views

Wordpress plugins sitepress-multilingual-cms Full Path Disclosure

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/05/28 12:0 a.m.321 views

ElkArte Forum 1.1.9 Remote Code Execution Vulnerability

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1 After login go t...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/04/21 12:0 a.m.321 views

Laravel Framework 11 - Credential Leakage Vulnerability

Exploit Title: Laravel Framework 11 - Credential Leakage Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and navigate to storage/logs/laravel.log...

6.6AI score0.01341EPSS
Exploits3
0day.today
0day.today
added 2024/04/12 12:0 a.m.322 views

PrusaSlicer 2.6.1 - Arbitrary code execution Vulnerability

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and Linux CVE:...

6.8AI score0.0072EPSS
Exploits4
Total number of security vulnerabilities5000