Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2024/04/16 12:0 a.m.311 views

Centreon 23.10-1.el8 SQL Injection Vulnerability

;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; version: centreon-vbox-vm-2310-1.el8.zip ;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html ;; ;; sqlmap request.txt POST /centreon/main.get.php?p=60201 HTTP/1.1 Host: 192.168.56.156...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/05/31 12:0 a.m.311 views

Pydio Cells 4.1.2 - Server-Side Request Forgery Vulnerability

Exploit Title: Pydio Cells 4.1.2 - Server-Side Request Forgery Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Server-Side Request Forgery Security Risk: medium Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

6.5CVSS7.1AI score0.03846EPSS
Exploits4
0day.today
0day.today
added 2023/05/26 12:0 a.m.311 views

Ulicms 2023.1 - create admin user via mass assignment Vulnerability

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/19 12:0 a.m.311 views

MobileTrans 4.0.11 Weak Service Permissions Vulnerability

Vendor Name: MobileTrans Product Name: MobileTrans Vendor Home Page: https://mobiletrans.wondershare.com/ Affected Versions: MobileTrans version 4.0.11 Vulnerability Type: Weak Service Permissions CWE-276 CVE Reference: CVE-2023-31748 Security Researcher: Thurein Soe Vulnerability description:...

7.8CVSS7.1AI score0.00828EPSS
Exploits4
0day.today
0day.today
added 2023/04/20 12:0 a.m.311 views

Serendipity 2.4.0 - Cross-Site Scripting Vulnerability

Exploit Title: Serendipity 2.4.0 - Cross-Site Scripting XSS Author: Mirabbas Ağalarov Application: Serendipity Version: 2.4.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found: 13.04.2023 Tested on: Linux 2. Technic...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.311 views

WordPress Translatepress Multilinugal plugin < 2.3.3 - Authenticated SQL Injection Vulnerability

Exploit Title: Translatepress Multilinugal WordPress plugin 2.3.3 - Authenticated SQL Injection Exploit Author: Elias Hohl Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Version: 2.3.3 Tested on: Ubuntu 20.04 CVE :...

8.8CVSS8.8AI score0.03851EPSS
Exploits5
0day.today
0day.today
added 2022/05/24 12:0 a.m.311 views

Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/03/24 12:0 a.m.311 views

Event Management System 1.0 Shell Upload Vulnerability

Title: Event Management System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip Reference:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/02 12:0 a.m.311 views

Huawei DG8045 Router 1.0 - Credential Disclosure Vulnerability

Title: Huawei DG8045 Router 1.0 - Credential Disclosure Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 HardwareVersion: VER.A CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. ...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/10/25 12:0 a.m.311 views

Engineers Online Portal 1.0 - File Upload Remote Code Execution Vulnerability

Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windows 11...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/03/17 12:0 a.m.311 views

Rconfig 3.x Chained Remote Code Execution Exploit

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...

9.8CVSS1.4AI score0.99683EPSS
Exploits20
0day.today
0day.today
added 2018/08/28 12:0 a.m.311 views

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Exploit

Exploit for linux platform in category remote exploits !/usr/bin/env python3 coding=utf-8 struts-pwn: Apache Struts CVE-2018-11776 Exploit Author: Mazin Ahmed This code uses a payload from: https://github.com/jas502n/St2-057 import argparse import random import requests import sys try: from urlli...

8.5AI score0.99993EPSS
Exploits41
0day.today
0day.today
added 2017/06/05 12:0 a.m.311 views

Intel AMT Digest Authentication Bypass Scanner Exploit

This module scans for Intel Active Management Technology endpoints and attempts to bypass authentication using a blank HTTP digest CVE-2017-5689. This service can be found on ports 16992, 16993 tls, 623, and 624tls. This module requires Metasploit: http://metasploit.com/download Current source:...

10CVSS0.1AI score0.92189EPSS
Exploits13
0day.today
0day.today
added 2015/01/15 12:0 a.m.311 views

Hide vnc HVNC (Hide VNC/VNC User Desktop/WebCam/Download & Upload Files)

src -server -backconnect server -bot -builder -resextract -removal !This project is stopped with the end of 2013. !Not supported !EXE files posted on the public! !identified as a virus. !need to correct and modifying. !src for creative interest. !today all RIP from zeus +Download & Upload Files...

7AI score
Exploits0
0day.today
0day.today
added 2008/06/23 12:0 a.m.311 views

Joomla Component com_facileforms 1.4.4 RFI Vulnerability

Exploit for unknown platform in category web applications ======================================================== Joomla Component comfacileforms 1.4.4 RFI Vulnerability ======================================================== Title: Joomla Component ComFacileforms...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/03/13 12:0 a.m.310 views

WordPress ThemeEgg ToolKit 1.2.9 Shell Upload Exploit

import argparse import re import time import requests from bs4 import BeautifulSoup by Nxploit | Khaled Alenazi requests.packages.urllib3.disablewarnings session = requests.Session session.verify = False def displaybanner: banner = """...

9.1CVSS9.4AI score0.01188EPSS
Exploits3
0day.today
0day.today
added 2024/03/29 12:0 a.m.310 views

NodeBB v3.6.7 Broken Access Control Vulnerability

Exploit Title: Broken Access Control - on NodeBB v3.6.7 Exploit Author: Vibhor Sharma Vendor Homepage: https://nodebb.org/ Version: 3.6.7 Description: I identified a broken access control vulnerability in nodeBB v3.6.7, enabling attackers to access restricted information intended solely for...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/03/04 12:0 a.m.311 views

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file Vulnerability

Exploit Title: Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0...

6.1CVSS6.3AI score0.01335EPSS
Exploits4
0day.today
0day.today
added 2024/02/27 12:0 a.m.310 views

Automatic Systems SOC FL9600 FastLine - Backdoor Account Vulnerability

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on: V06, VersionSVN =...

7.5CVSS7.1AI score0.00857EPSS
Exploits4
0day.today
0day.today
added 2024/01/15 12:0 a.m.310 views

WordPress RSVPMaker 9.3.2 SQL Injection Vulnerability

!/bin/bash Set the URL of the website running the vulnerable plugin url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php" Set the number of columns in the query columns=5 response=$curl -s "$url" query=$echo "$response" | grep -oP 'FROM . WHERE .' payload="' UNION SELECT...

9.8CVSS7.7AI score0.12003EPSS
Exploits3
0day.today
0day.today
added 2024/01/15 12:0 a.m.310 views

ProSSHD 1.2 20090726 Denial Of Service Exploit

!/usr/bin/perl use Net::SSH2 Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 13 january 2024 Vendor Homepage: https://prosshd.com/ Notification vendor: No reported Tested Version: ProSSHD 1.2 20090726 Tested on: Window XP Professional -...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.310 views

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Vulnerability

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v. 16.0.2.14 is an...

9.8CVSS9.6AI score0.02884EPSS
Exploits4
0day.today
0day.today
added 2023/02/18 12:0 a.m.310 views

Best POS Management System 1.0 SQL Injection Vulnerability

Exploit Title: SQL Injection on Best pos Management System Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/kruxton.zip Version: 1.0...

Exploits0
0day.today
0day.today
added 2023/02/01 12:0 a.m.310 views

io_uring Same Type Object Reuse Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

8.8CVSS8.8AI score0.03718EPSS
Exploits4
0day.today
0day.today
added 2022/04/19 12:0 a.m.310 views

PTPublisher v2.3.4 - Unquoted Service Path Vulnerability

Exploit Title: PTPublisher v2.3.4 - Unquoted Service Path Discovery by: bios Vendor Homepage: https://www.primera.com/ Tested Version: 2.3.4 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\wmic service get...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/08 12:0 a.m.310 views

PHP Everywhere 2.0.3 Remote Code Execution Vulnerability

On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level,...

9.9CVSS0.3AI score0.026EPSS
Exploits3
0day.today
0day.today
added 2021/10/08 12:0 a.m.310 views

WordPress Pie Register 3.7.1.4 Plugin - Admin Privilege Escalation Vulnerability

Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation Unauthenticated Google Dork: inurl:/plugins/pie-register/ Exploit Author: Lotfi13-DZ Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/10/01 12:0 a.m.310 views

Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode (230 bytes)

; Name: Windows/x86 - MessageBoxA PEB & Export Address Table NullFree/Dynamic Shellcode 230 bytes ; Author: h4pp1n3ss ; Tested on: Microsoft Windows Version 10.0.19042.1237 ; Description: ; This is a shellcode that ; pop a MessageBox and show the text "Pwn3d by h4pp1n3ss". In order to accomplish...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.310 views

QiHang Media Web Digital Signage 3.0.9 Remote Code Execution Vulnerability

Exploit for hardware platform in category web applications function uploadShellPoC var xhr = new XMLHttpRequest; xhr.open"POST", "http://192.168.1.74:8090/QH.aspx", true; xhr.s...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/06/04 12:0 a.m.309 views

WBCE CMS v1.6.2 - Remote Code Execution Exploit

Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.2.zip Version: 1.6.2 Tested on: MacOS import requests from bs4 import BeautifulSoup import sys...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/15 12:0 a.m.309 views

Taokeyun SQL Injection Vulnerability

!/bin/bash Variables url="http://example.com/path/to/taokeyun/application/index/controller/m/Drs.php" cid="1' UNION SELECT 1,2,3,4,5,6,7,8,9,email FROM users-- -" Construct the request request="POST $url HTTP/1.1\r\n" request+="Content-Type: application/x-www-form-urlencoded\r\n"...

9.8CVSS7.4AI score0.00792EPSS
Exploits2
0day.today
0day.today
added 2023/09/11 12:0 a.m.309 views

LG Simple Editor Remote Code Execution Exploit

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

9.8CVSS7.7AI score0.82964EPSS
Exploits3
0day.today
0day.today
added 2023/08/09 12:0 a.m.309 views

EuroTel ETL3100 Transmitter Information Disclosure Vulnerability

The EuroTel ETL3100 TV and FM transmitters suffer from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access. EuroTel ETL3100 Transmitter...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/26 12:0 a.m.309 views

Azure Apache Ambari 2302250400 - Spoofing Exploit

Exploit Title: Azure Apache Ambari 2302250400 - Spoofing country: Iran Exploit Author: Amirhossein Bahramizadeh Category : Remote Vendor Homepage: Microsoft Apache Ambari Microsoft azure Hdinsights Tested on: Windows/Linux CVE : CVE-2023-23408 import requests Set the URL and headers for the Ambar...

4.5CVSS7.1AI score0.04047EPSS
Exploits3
0day.today
0day.today
added 2023/04/28 12:0 a.m.309 views

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution Vulnerability

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

6.9AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.309 views

Art Gallery Management System Project in PHP v 1.0 - SQL injection Vulnerability

Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection Exploit Author: Yogesh Verma Vendor Homepage: https://y0gesh-verma.github.io/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/,...

9.8CVSS9.2AI score0.03684EPSS
Exploits3
0day.today
0day.today
added 2023/04/05 12:0 a.m.309 views

Froxlor 2.0.3 Stable - Remote Code Execution Exploit

!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...

8.8CVSS8.6AI score0.97653EPSS
Exploits8
0day.today
0day.today
added 2023/01/10 12:0 a.m.309 views

Online Food Ordering System 2.0 Shell Upload Vulnerability

Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Exploit Author: Hakan Sonay Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/04/19 12:0 a.m.309 views

PKP Open Journals System 3.3 - Cross-Site Scripting Vulnerability

Exploit Title: PKP Open Journals System 3.3 - Cross-Site Scripting XSS Exploit Author: Hemant Kashyap Vendor Homepage: https://github.com/pkp/pkp-lib/issues/7649 Version: PKP Open Journals System 2.4.8 = 3.3 Tested on: All OS CVE : CVE-2022-24181 References: https://youtu.be/v8-9evO2oVg XSS via...

6.1CVSS6.3AI score0.0608EPSS
Exploits3
0day.today
0day.today
added 2022/01/20 12:0 a.m.309 views

CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle Vulnerability

The panel for Collector Stealer malware version 2.0.0 suffers from a man-in-the-middle vulnerability. Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1dB.txt Contact: email protected Media: twitter.com/malvuln Threat:...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/12/14 12:0 a.m.309 views

Booked Scheduler 2.7.5 - Remote Command Execution Exploit

Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581 !/usr/bin/python3...

8.8CVSS0.1349EPSS
Exploits4
0day.today
0day.today
added 2021/03/23 12:0 a.m.309 views

Microsoft Exchange ProxyLogon Remote Code Execution Exploit

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you...

9.1CVSS9.6AI score0.99999EPSS
Exploits65
0day.today
0day.today
added 2020/10/26 12:0 a.m.309 views

Whatsapp Desktop (session hijacking) Payload 0day Exploit

This vulnerability makes you able to get Full Access Any account Victim installed Whatsapp Version Desktop By Payload Exploit Support ant last version proof video: https://0day.today/videos/34312.mp4...

1.5AI score
Exploits0
0day.today
0day.today
added 2020/08/01 12:0 a.m.309 views

Daily Tracker System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Tracker System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodetester.com Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/06/04 12:0 a.m.309 views

Cisco RV130W 1.0.3.44 - Remote Stack Overflow Exploit

!/usr/bin/python Exploit Title: Cisco RV130W Remote Stack Overflow Google Dork: n/a Date: Advisory Published: Feb 2019 Exploit Author: @0x00string Vendor Homepage: cisco.com Software Link: https://www.cisco.com/c/en/us/products/routers/rv130w-wireless-n-multifunction-vpn-router/index.html Version...

10CVSS0.3AI score0.95707EPSS
Exploits15
0day.today
0day.today
added 2018/11/12 12:0 a.m.309 views

Advanced Comment System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications 0day.today 2018-11-12...

0.2AI score0.04185EPSS
Exploits5
0day.today
0day.today
added 2009/03/24 12:0 a.m.309 views

PHPizabi v0.848b C1 HFP1 Remote Privilege Escalation Vulnerability

Exploit for unknown platform in category web applications ================================================================== PHPizabi v0.848b C1 HFP1 Remote Privilege Escalation Vulnerability ==================================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/01 12:0 a.m.308 views

PHP CPMS 2.0 SQL Injection Vulnerability

Titles: PHP - CPMS Version 2.0 SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to be...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/11 12:0 a.m.308 views

Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS Vulnerability

Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xhr2.setRequestHeader'Content-Type', 'application/json';...

6.1CVSS6.3AI score0.52088EPSS
Exploits4
0day.today
0day.today
added 2023/09/04 12:0 a.m.308 views

Member Login Script 3.3 - Client-side desync Vulnerability

Title: Member Login Script 3.3 - Client-side desync Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Reference: https://portswigger.net/web-security/request-smuggling/browser/client-side-desync Description: The server appears to be vulnerable to client-side desync attacks. A POST request...

7.4AI score
Exploits0
Total number of security vulnerabilities5000