Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2006/10/27 12:0 a.m.293 views

Light Blog Remote Multiple Vulnerabilities Exploit

Exploit for unknown platform in category web applications ================================================== Light Blog Remote Multiple Vulnerabilities Exploit ================================================== !/usr/bin/php -q -d shortopentag=on \r\n"; echo "Thanks to rgod for the php code and...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/08/08 12:0 a.m.292 views

Windows Firewall Control 6.11.0 Unquoted Service Path Vulnerability

Exploit Title: Microsoft Windows Firewall Control 6.11.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage: http://www.binisoft.org Softwar...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/27 12:0 a.m.292 views

Office Suite Premium 10.9.1.42602 Cross Site Scripting Vulnerability

Exploit Title: Office Suite Premium 10.9.1.42602 - Cross-Site Scripting reflected Exploit Author: tmrswrr Vendor Homepage: https://www.mobisystems.com/ Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506 Version: Office Suite Premium 10.9.1.42602 Tested on: Ubuntu...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/09 12:0 a.m.292 views

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass Exploit

This utility generates the TOTP passcode used to sign in as the support service account user for HammerSpace GFS default installations. Both the OVA and ISO are affected. Versions 4.6.6-324 and below with a default installation are affected. Affected Product: HammerSpace Global Data Environment /...

7.3AI score
Exploits0
0day.today
0day.today
added 2023/03/23 12:0 a.m.292 views

Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities

Exploit Title: Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: iPhone iOS 16.0 path traversal on HTTP built-in...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/05/04 12:0 a.m.292 views

Tenda HG6 3.3.0 Remote Command Injection Vulnerability

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces. Tenda HG6 v3.3.0 Remote Comman...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/04/07 12:0 a.m.292 views

WordPress Ad Inserter Plugin < 2.7.12 - Cross Site Scripting Vulnerability

Tittle: WordPress Plugin Ad Inserter Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba...

6.1CVSS6.3AI score0.03541EPSS
Exploits4
0day.today
0day.today
added 2022/01/19 12:0 a.m.292 views

Affiliate Pro 1.7 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting XSS Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities Product & Service Introduction: =============================== Affiliate Pro is a Powerful and yet simple to use PHP affiliate Managemen...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/01/28 12:0 a.m.293 views

PRTG Network Monitor Remote Code Execution Exploit

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a...

7.2CVSS0.1AI score0.87173EPSS
Exploits12
0day.today
0day.today
added 2020/08/18 12:0 a.m.292 views

Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/04 12:0 a.m.292 views

Cisco WLC 2504 8.9 - Denial of Service Exploit

Exploit Title: Cisco WLC 2504 8.9 - Denial of Service PoC Exploit Author: SecuNinja Vendor Homepage: cisco.com Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos Version: 8.4 to 8.9 Tested on: not applicable, works independent from OS CV...

6.5CVSS6.6AI score0.46305EPSS
Exploits5
0day.today
0day.today
added 2024/03/05 12:0 a.m.291 views

Multilaser RE160V Header Manipulation Access Bypass Vulnerability

Multilaser RE160V web management interface versions 12.03.01.09pt and 12.03.01.10pt suffer from an access control bypass vulnerability through header manipulation. email protected Status: RO Content-Length: 5433 Lines: 153 =====Tempest Security Intelligence - Security Advisory -...

9.8CVSS7.2AI score0.15528EPSS
Exploits3
0day.today
0day.today
added 2024/03/04 12:0 a.m.291 views

Easywall 0.3.1 - Authenticated Remote Command Execution Exploit

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3 urllib3.disablewarnin...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/08 12:0 a.m.291 views

Form Tools 3.1.1 Cross Site Scripting Vulnerability

Exploit Title: Form Tools Version: 3.1.1 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://formtools.org/ Version: 3.1.1 Tested on: https://www.softaculous.com/demos/FormTools 1 Write after formid your payload :...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/12/29 12:0 a.m.291 views

WhatACart 2.0.7 Cross Site Scripting Vulnerability

Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/17 12:0 a.m.291 views

Xoops CMS 2.5.10 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Xoops CMS 2.5.10 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: https://xoops.org/ Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10 Version: 2.5.10 Tested : https://www.softaculous.com/apps/cms/Xoops --- Description --- 1...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/03/29 12:0 a.m.291 views

Internet Download Manager v6.41 Build 3 - Remote Code Execution Vulnerability

Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/12/07 12:0 a.m.291 views

Evernote Web Clipper Same-Origin Policy Bypass Vulnerability

Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post. Evernote: extension allows cross-origin iframe communication I happened to notice that the Evernote Web Clipper...

Exploits0
0day.today
0day.today
added 2022/11/16 12:0 a.m.291 views

WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery Vulnerability

ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3 Score: 5.7...

8.8CVSS6.9AI score0.00781EPSS
Exploits5
0day.today
0day.today
added 2022/05/12 12:0 a.m.291 views

Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated) Exploit

!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...

4.9CVSS0.8AI score0.2195EPSS
Exploits6
0day.today
0day.today
added 2022/04/07 12:0 a.m.291 views

Online Sports Complex Booking System 1.0 SQL Injection Vulnerability

Online Sports Complex Booking System version 1.0 suffers from a remote blind SQL injection vulnerability in Users.php. This is a similar issue as the one discovered by Saud Alenazi in March of 2022 but affects a different file. Title: Online Sports Complex Booking System 1.0 SQL Injection Author:...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/03/02 12:0 a.m.291 views

Prowise Reflect v1.0.9 - Remote Keystroke Injection Exploit

Exploit Title: Prowise Reflect v1.0.9 - Remote Keystroke Injection Exploit Author: Rik Lutz Vendor Homepage: https://www.prowise.com/ Version: V1.0.9 Tested on: Windows 10 Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. Much like how a rubber duck...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/02/21 12:0 a.m.291 views

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Vulnerability

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site to be iframed...

9.8CVSS0.3AI score0.39973EPSS
Exploits3
0day.today
0day.today
added 2021/10/08 12:0 a.m.291 views

django-unicorn 0.35.3 - Stored Cross-Site Scripting Vulnerability

Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS vulnerability by...

5.4CVSS5.6AI score0.02524EPSS
Exploits4
0day.today
0day.today
added 2020/08/19 12:0 a.m.291 views

Pharmacy Medical Store And Sale Point 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/18 12:0 a.m.291 views

D-Link Central WiFi Manager CWM(100) Remote Code Execution Exploit

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes i...

9.8CVSS9.8AI score0.80682EPSS
Exploits4
0day.today
0day.today
added 2020/01/04 12:0 a.m.291 views

Microsoft Windows VCF Denial Of Service Exploit

Microsoft Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code. + Credits...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/11 12:0 a.m.291 views

Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Product web page: https://www.inim.biz Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/07/01 12:0 a.m.291 views

Supermicro Onboard IPMI Port 49152 Sensitive File Exposure Exploit

This module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the...

6.7AI score
Exploits0
0day.today
0day.today
added 2008/02/05 12:0 a.m.291 views

All Club CMS <= 0.0.2 index.php Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== All Club CMS No go on the hack attempt."; // log attempt, from IP, etc. if $SYSSET'banattackip' // ban ip if banattackip die; $sth = $dbh-prepare"SELECT FROM accmsmodules...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/06/04 12:0 a.m.290 views

appRain CMF 4.0.5 - Remote Code Execution (Authenticated) Exploit

Exploit Title: appRain CMF 4.0.5 - Remote Code Execution RCE Authenticated Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.apprain.org Software Link: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip Version: latest Tested on: MacOS import requests import sys import...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/03/11 12:0 a.m.290 views

TP-Link TL-WR740N - Buffer Overflow DOS Exploit

Exploit Title: TP-Link TL-WR740N - Buffer Overflow 'DOS' Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N Description: There exist a buffer overflow vulnerability in TP-Link TL-WR74...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/26 12:0 a.m.290 views

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Exploit

Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1 REQUIRED Tested on:...

8.8CVSS7.1AI score0.02304EPSS
Exploits4
0day.today
0day.today
added 2023/06/17 12:0 a.m.291 views

Monstra 3.0.4 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested : https://www.softaculous.com/softaculous/demos/Monstra --- Description --- 1 Login admin panel a...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/03/16 12:0 a.m.290 views

Human Resources Management System - Multiple SQL injection Vulnerability

A Blind SQL injection vulnerability in the login page /hrm/controller/login.php in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by "name" parameter. Request PoC POST /hrm/controller/login.php HTTP/1.1 Host:...

9.3AI score
Exploits0
0day.today
0day.today
added 2023/02/27 12:0 a.m.290 views

Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal

Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities. Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link:...

9.8CVSS0.9AI score0.43187EPSS
Exploits9
0day.today
0day.today
added 2022/09/23 12:0 a.m.290 views

Bitbucket Git Command Injection Exploit

Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/projectKey/repos/repositorySlug/archive endpoint creates an archive of the repository, leveraging the git-archive...

8.8CVSS9.2AI score0.99077EPSS
Exploits24
0day.today
0day.today
added 2022/06/27 12:0 a.m.290 views

Library Management System With QR Code 1.0 Cross Site Scripting Vulnerability

Title: Library Management System with QR code Attendance 1.0 Stored Cross-Site Scripting Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/06/07 12:0 a.m.290 views

dbus-broker-29 Memory Corruption Exploit

======================================================================= title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version: dbus-broker-31 CVE number: CVE-2022-31212, CVE-2022-31213 impact: medium homepage:...

7.5CVSS7.8AI score0.01749EPSS
Exploits4
0day.today
0day.today
added 2022/02/28 12:0 a.m.290 views

WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation Vulnerability

Exploit Title: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation Exploit Author: Momen Eldawakhly Cyber Guy at Cypro AB Vendor Homepage: https://www.wago.com Version: Firmware version 03.05.1017 Tested on: PopOS! Linux CVE : CVE-2021-46388 ======================================== = The ordinar...

8.8AI score
Exploits2
0day.today
0day.today
added 2020/07/26 12:0 a.m.290 views

INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Exploit

Exploit for multiple platform in category web applications Exploit Title: INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Exploit Author: Patrick Hener, SySS GmbH Many credits go to Dr. Benjamin Heß, SySS GmbH for helping with php oddities and the powershell payload Advisory:...

9.7AI score0.16585EPSS
Exploits5
0day.today
0day.today
added 2020/07/15 12:0 a.m.290 views

Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/php/14198/online-farm-management-system-phpmysql.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/01/27 12:0 a.m.290 views

Realtek SDK Information Disclosure / Code Execution Exploit

Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities. 1 Sensitive data disclosure and incorrect access control in several series of Realtek SDK based routers...

9.8CVSS0.1AI score0.29557EPSS
Exploits6
0day.today
0day.today
added 2018/10/28 12:0 a.m.290 views

Webiness Inventory 2.9 Shell Upload Exploit

Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName =...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/12/30 12:0 a.m.290 views

Liferay Portal 7.0.x <= 7.0.2 - Pre-Auth RCE Exploit

Exploit for windows platform in category remote exploits !/bin/sh Exploit title: Liferay Portal 7.0 RCE Date: 11/16/2014 Exploit author: drone @dronesec Vendor homepage: http://www.liferay.com/ Software link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/05/19 12:0 a.m.289 views

Backdrop CMS 1.27.1 - Remote Command Execution Exploit

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os import time import...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/04/01 12:0 a.m.289 views

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

9.8CVSS10AI score0.78303EPSS
Exploits6
0day.today
0day.today
added 2024/01/31 12:0 a.m.289 views

Proxmox VE - TOTP Brute Force Exploit

Exploit Title: Proxmox VE TOTP Brute Force Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.parse import json...

8.8CVSS8.9AI score0.0099EPSS
Exploits3
0day.today
0day.today
added 2023/10/09 12:0 a.m.289 views

Webedition CMS v2.9.8.8 - Blind SSRF Vulnerability

Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF Application: Webedition CMS Version: v2.9.8.8 Bugs: Blind SSRF Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 07.09.2023 Author: Mirabbas...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/10/02 12:0 a.m.289 views

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vulnerability

Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or intern...

7.7AI score
Exploits0
Total number of security vulnerabilities5000