Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2023/09/13 12:0 a.m.314 views

Fundraising Script 1.0 SQL Injection Vulnerability

Title: Fundraising Script-1.0 SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/fundraising-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The cid parameter appears to be vulnerable to SQL injection...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/04 12:0 a.m.314 views

PlayTube 3.0.1 Information Disclosure Vulnerability

Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714 CWE: CWE-200 -...

7.5CVSS7.1AI score0.0521EPSS
Exploits3
0day.today
0day.today
added 2023/07/21 12:0 a.m.314 views

Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution

Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference: https://portswigger.net/web-security/access-control CVE-2023-33148...

7.8CVSS7.8AI score0.0234EPSS
Exploits4
0day.today
0day.today
added 2023/06/17 12:0 a.m.314 views

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip Version: 1.0 Teste...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/01/04 12:0 a.m.314 views

CD MP3 Terminator V2.07 Local Seh Exploit

Exploit Title: CD MP3 Terminator V2.07 Local Seh Exploit Date: 31.12.2022 Vendor Homepage: http://www.cdmp3terminator.com Software Link: https://www.softpedia.com/dyn-postdownload.php/7a9b28e4e4800cd04331f2f3df26259a/63b031ec/7084/4/2 Exploit Author: Achilles Tested Version: 2.07 Tested on: Windo...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/12/24 12:0 a.m.314 views

Senayan Library Management System 9.1.1 SQL Injection Vulnerability

Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.1.1/slims9bulian-9.1.1.zip Reference:...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/05/12 12:0 a.m.314 views

Ruijie Reyee Mesh Router - Remote Code Execution (Authenticated) Exploit

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS 1.55.1915 - EW3.01B11P35 an...

8.8CVSS0.6AI score0.33946EPSS
Exploits4
0day.today
0day.today
added 2022/04/13 12:0 a.m.314 views

Easy!Appointments < 1.4.3 - Information Disclosure Exploit

!/usr/bin/env ruby Exploit Title: Easy!Appointments 1.4.3 - Unauthenticated PII events disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Vendor Homepage:...

9.1CVSS9.3AI score0.38133EPSS
Exploits7
0day.today
0day.today
added 2022/03/24 12:0 a.m.314 views

Foxit PDF Editor 11.3.1 Arbitrary File Upload Vulnerability

Exploit Title: Foxit PDF Editor Arbitrary File Upload Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.foxit.com Software Link: https://apps.apple.com/us/app/foxit-pdf-editor/id507040546 Version: 11.3.1 Tested: iPhone 6 iOS 12.4.7 Contact: https://twitter.com/dmaral3noz -...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/02/05 12:0 a.m.314 views

Shopmetrics Mystery Shopping Software Broken Access Control / XSS Vulnerability

======================================================================= title: Broken access control & Cross-Site Scripting product: Shopmetrics Mystery Shopping Software vulnerable version: SaaS platform before v21-11 fixed version: SaaS platform v21-11 CVE number: n/a for SaaS impact: Critical...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/10/18 12:0 a.m.314 views

Support Board 3.3.4 - (Message) Stored Cross-Site Scripting Vulnerability

Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2 LTS, Windows 10 PO...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/07/16 12:0 a.m.314 views

Linux Kernel 2.6.19 < 5.9 - (Netfilter) Local Privilege Escalation Exploit

/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...

8.3CVSS8AI score0.78684EPSS
Exploits21
0day.today
0day.today
added 2020/03/31 12:0 a.m.314 views

FlashFXP 4.2.0 Build 1730 - Denial of Service Exploit

Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Vulnerable Software: FlashFXP Version: 4.2.0 Build 1730 Vulnerability Type:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/05/09 12:0 a.m.314 views

PlaySMS 1.4 - import.php Authenticated CSV File Upload Code Execution Exploit

This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php aka the Phonebook import feature. Authenticated Users can upload a CSV file containing a malicious payload...

7.5CVSS9.6AI score0.76742EPSS
Exploits3
0day.today
0day.today
added 2018/04/29 12:0 a.m.314 views

Websphere / JBoss / OpenNMS / Symantec - Java Deserialization Remote Code Execution

Exploit for multiple platform in category remote exploits ! /bin/bash/env python3 / | | | | | \ \ / \ '| |/ | |/ | / | '| | / | | | | | | | | || | | |/ || ||,||,|\/|| By Nikhil Sreekumar @roo7break Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code...

7.5CVSS8.7AI score0.96032EPSS
Exploits17
0day.today
0day.today
added 2018/02/20 12:0 a.m.314 views

MagniComp SysInfo - mcsiwrapper Privilege Escalation Exploit

Exploit for multiple platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MagniComp SysInfo mcsiwrapper Privilege Escalation', 'Description' = %q This module...

7.2CVSS6.6AI score0.0529EPSS
Exploits5
0day.today
0day.today
added 2015/01/05 12:0 a.m.314 views

Wordpress Infocus2 Theme Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Title : Wordpress Infocus2 Theme Arbitrary File Download Vulnerability Author : KillerX Date : 5/1/2015 KillerX Facebook : http://www.facebook.com/xXalreshyXx Ask : http://ask.fm/ALRESHY Twitter : https://twitter.com/killerx00x Email :...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/03/18 12:0 a.m.313 views

Backdrop CMS 1.23.0 - Stored XSS Vulnerability

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body of the post...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/03/05 12:0 a.m.313 views

Saflok System 6000 Key Derivation Exploit

// Exploit Title: Saflok KDF // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGTH 4 int mainint argc, char argv if argc != 2 printf"Usage: %s \n", argv0...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/29 12:0 a.m.313 views

7 Sticky Notes v1.9 - OS Command Injection Vulnerability

Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Server 64bit Steps to Reproduce...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/24 12:0 a.m.313 views

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/15 12:0 a.m.313 views

Xitami 2.5 Denial Of Service Exploit

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Xitami 2.5 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 14 january 2024 Vendor Homepage: https://imatix-legacy.github.io/xitami.com/ Download to demo:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/10 12:0 a.m.313 views

OutSystems Service Studio 11.53.30 - DLL Hijacking Vulnerability

Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability has been...

7.8CVSS7.1AI score0.01135EPSS
Exploits4
0day.today
0day.today
added 2023/06/12 12:0 a.m.313 views

Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit

Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit + PoC Backup:...

8.8CVSS7.1AI score0.62682EPSS
Exploits5
0day.today
0day.today
added 2023/06/07 12:0 a.m.313 views

CloudPanel 2.2.2 Privilege Escalation / Path Traversal Exploit

CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access. Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github :...

7.8CVSS7.3AI score0.00469EPSS
Exploits3
0day.today
0day.today
added 2023/06/06 12:0 a.m.313 views

Enrollment System Project v1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...

9.8CVSS7.1AI score0.14242EPSS
Exploits5
0day.today
0day.today
added 2023/05/26 12:0 a.m.313 views

WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting Vulnerability

Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/04/07 12:0 a.m.313 views

Opmon 9.11 - Cross-site Scripting Vulnerability

Exploit Title: Opmon 9.11 - Cross-site Scripting Exploit Author: p3tryx Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time Version: 9.11 Tested on: Chrome, IE and Firefox CVE : CVE-2021-43009 URL POC: alertdocument.cookie; var i=new Image;...

6.1CVSS0.1AI score0.02293EPSS
Exploits4
0day.today
0day.today
added 2018/07/19 12:0 a.m.313 views

Linux Kernel < 4.14.8 Sign Extension Local Privilege Escalation Exploit

Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter BPF which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have...

7.2CVSS0.9AI score0.30052EPSS
Exploits16
0day.today
0day.today
added 2015/03/13 12:0 a.m.313 views

osCommerce 2.3.4 - SQL Injection & Stored XSS Vulnerabilities

Exploit for php platform in category web applications Title: osCommerce 2.3.4 - SQL Injection & Stored XSS Date: 13.03.15 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2 / PHP 5.3 @ linux Contact: smash at devilteam.pl As disclosed before, you may create new...

7.1AI score
Exploits0
0day.today
0day.today
added 2005/03/11 12:0 a.m.313 views

SocialMPN Arbitrary File Injection Exploit

Exploit for unknown platform in category web applications ========================================== SocialMPN Arbitrary File Injection Exploit ========================================== !/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/06/13 12:0 a.m.312 views

Telerik Report Server Authentication Bypass / Remote Code Execution Exploit

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with...

9.9CVSS10AI score0.97482EPSS
Exploits14
0day.today
0day.today
added 2024/03/14 12:0 a.m.312 views

StimulusReflex 3.5.0 Arbitrary Code Execution Exploit

StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability. StimulusReflex CVE-2024-28121 Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10. Vulnerable code...

8.8CVSS9AI score0.01555EPSS
Exploits3
0day.today
0day.today
added 2024/03/12 12:0 a.m.312 views

Client Details System 1.0 - SQL Injection Vulnerability

Exploit Title: CVE-2023-7137ClientDetailsSystem-SQLInjection1 + Exploit Author: Hamdi Sevben + Vendor Homepage: https://code-projects.org/client-details-system-in-php-with-source-code/ + Software Link: https://download-media.code-projects.org/2020/01/CLIENTDETAILSSYSTEMINPHPWITHSOURCECODE.zip +...

8.8CVSS7.4AI score0.17026EPSS
Exploits4
0day.today
0day.today
added 2024/02/24 12:0 a.m.312 views

Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path Vulnerabilities

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. Tosibox Key...

8.1AI score
Exploits0
0day.today
0day.today
added 2024/01/29 12:0 a.m.312 views

Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup ...

9.8CVSS9.7AI score0.01068EPSS
Exploits4
0day.today
0day.today
added 2023/08/10 12:0 a.m.312 views

Request-Baskets v1.2.1 - Server-side request forgery Vulnerability

Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery SSRF Exploit Author: Iyaad Luqman K init6 Application: Request-Baskets v1.2.1 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC !/bin/bash if "$" -lt 2 || "$1" = "-h" || "$1" = "--help" ; then help="Usage: exploit.sh \n\n";...

6.5CVSS6.7AI score0.06976EPSS
Exploits29
0day.today
0day.today
added 2023/04/25 12:0 a.m.312 views

KodExplorer 4.49 - CSRF to Arbitrary File Upload Exploit

Exploit Title: KodExplorer ?php s...

8.8CVSS8.9AI score0.02666EPSS
Exploits6
0day.today
0day.today
added 2023/03/31 12:0 a.m.312 views

WooCommerce v7.1.0 - Remote Code Execution Vulnerability

Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description: simple, easy to use...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/02/03 12:0 a.m.312 views

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...

7.6CVSS5.5AI score0.0065EPSS
Exploits1
0day.today
0day.today
added 2021/10/25 12:0 a.m.312 views

Engineers Online Portal 1.0 - File Upload Remote Code Execution Vulnerability

Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windows 11...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/10/20 12:0 a.m.312 views

Macro Expert 4.7 - Unquoted Service Path Vulnerability

Exploit Title: Macro Expert 4.7 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Vendor Homepage: http://www.macro-expert.com/ Tested on: Windows 10 C:\Users\Mertsc qc "Macro Expert" SC QueryServiceConfig SUCCESS SERVICENAME: Macro Expert TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/10/13 12:0 a.m.312 views

Student Quarterly Grading System 1.0 - (grade) Stored Cross-Site Scripting Vulnerability

Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/09/02 12:0 a.m.312 views

Geutebruck Remote Command Execution Exploit

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and...

9.8CVSS8AI score0.95547EPSS
Exploits12
0day.today
0day.today
added 2019/07/08 12:0 a.m.312 views

Sony BRAVIA Smart TV Denial Of Service Vulnerability

Sony BRAVIA Smart TV Denial Of Service ADVISORY INFORMATION TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs ADVISORY URL: CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890...

7.5CVSS7.5AI score0.04383EPSS
Exploits2
0day.today
0day.today
added 2019/07/01 12:0 a.m.312 views

Linux/ARM64 - execve(/bin/sh, [/bin/sh], NULL) Shellcode (48 Bytes)

/ Title: Linux/ARM64 - execve"/bin/sh", "/bin/sh", NULL Shellcode 48 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xer...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.312 views

OCS Inventory NG ocsreports Shell Upload Vulnerability

OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. OCS Inventory NG ocsreports Shell Upload Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST...

0.4AI score0.05023EPSS
Exploits2
0day.today
0day.today
added 2018/11/07 12:0 a.m.312 views

OOP CMS BLOG 1.0 - search SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category:...

7.1AI score
Exploits0
0day.today
0day.today
added 2017/01/25 12:0 a.m.312 views

GNU Screen 4.5.0 - Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Commit f86a374 "screen.c: adding permissions check for the logfile name", 2015-11-04 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and...

6.8AI score
Exploits0
0day.today
0day.today
added 2009/02/05 12:0 a.m.312 views

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

Exploit for unknown platform in category web applications ================================================================= txtBB var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type',...

7.1AI score
Exploits0
Total number of security vulnerabilities5000