Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2024/04/12 12:0 a.m.265 views

Wordpress Playlist for Youtube 1.32 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.32 Proof Of Concept: 1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or "Playlist ID". PoC...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/12/04 12:0 a.m.265 views

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vulnerability

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access. R Radio Network...

7.9AI score
Exploits0
0day.today
0day.today
added 2023/09/12 12:0 a.m.265 views

Equipment Rental Script 1.0 SQL Injection Vulnerability

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears to be vulnerable t...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.265 views

Taskhub CRM Tool 2.8.6 - SQL Injection Vulnerability

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/04 12:0 a.m.265 views

WordPress Forminator 1.24.6 Plugin - Unauthenticated Remote Command Execution Vulnerability

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql - Apache2 -...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/15 12:0 a.m.265 views

Pluck v4.7.18 - Remote Code Execution Exploit

Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/06/07 12:0 a.m.265 views

USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Vulnerability

Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Exploit Author: Jeffrey Bencteux Vendor Homepage: https://binisoft.org/ Software Link: https://binisoft.org/wfc Version: 4.1.0.0 Tested on: Microsoft Windows 11 Pro Vulnerability Type: Unquoted Service Path PS C:\ wmic servic...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.265 views

Arris Router Firmware 9.1.103 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost = "http://192.168.0....

8.8CVSS8.9AI score0.42326EPSS
Exploits6
0day.today
0day.today
added 2022/09/13 12:0 a.m.265 views

ESM ETAP Safety Manager 1.0.0.32 Cross Site Scripting Vulnerability

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/03/31 12:0 a.m.265 views

IdeaRE RefTree Path Traversal Vulnerability

=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...

6.5CVSS0.6AI score0.02823EPSS
Exploits2
0day.today
0day.today
added 2022/02/10 12:0 a.m.265 views

WordPress Secure Copy Content Protection and Content Locking 2.8.1 Plugin - SQL-Injection Exploit

Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link: https://downloads.wordpress.org/plugin/secure-copy-content-protection.2.8.1.zip...

9.8CVSS0.78812EPSS
Exploits7
0day.today
0day.today
added 2022/02/08 12:0 a.m.265 views

Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...

9.8CVSS0.4AI score0.97639EPSS
Exploits13
0day.today
0day.today
added 2022/01/18 12:0 a.m.265 views

Online Resort Management System 1.0 - SQL injection (Authenticated) Vulnerability

Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can easily retrieved th...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/08/19 12:0 a.m.265 views

WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free Vulnerability

WebKit: heap-use-after-free in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy VULNERABILITY DETAILS PolicyChecker.cpp: define ISALLOWED mframe.page ? mframe.page-sessionID.isAlwaysOnLoggingAllowed : false define PAGEID mframe.loader.pageID.valueOrPageIdentifier.toUInt64 define FRAMEID...

8.8CVSS0.1AI score0.02164EPSS
Exploits2
0day.today
0day.today
added 2019/11/11 12:0 a.m.265 views

Alps HID Monitor Service 8.1.0.10 - (ApHidMonitorService) Unquote Service Path Vulnerability

Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single Language x64 Esp Ste...

Exploits0
0day.today
0day.today
added 2019/09/30 12:0 a.m.265 views

GoAhead 2.5.0 - Host Header Injection Vulnerability

Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers. Vendor Fix: N/A CVE : N/A CVSS...

8.6CVSS0.08183EPSS
Exploits3
0day.today
0day.today
added 2019/06/26 12:0 a.m.265 views

AZADMIN CMS 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications + Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: email protected + Tested on: Windows 7 and Linux +...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/30 12:0 a.m.265 views

QQ Mail hijacking account 0day Exploit

Using 0day exploit you can hijack any account and take possession of the correspondence...

1.9AI score
Exploits0
0day.today
0day.today
added 2018/10/30 12:0 a.m.265 views

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) SFTP Authentication Bypass Vulnerability

Exploit Title: Nutanix AOS & Prism - SFTP Authentication Bypass Exploit Author: Adam Brown Vendor Homepage: https://www.nutanix.org Software Link: https://www.nutanix.com/products/software-options/ Version: 5.5.5 LTS, 5.8.1 STS Tested on: Acropolis Operating System CVE : Related to CVE-2018-7750...

9.8CVSS0.5AI score0.27065EPSS
Exploits10
0day.today
0day.today
added 2006/04/10 12:0 a.m.265 views

phpBB <= 2.0.19 (user_sig_bbcode_uid) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =================================================================== phpBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $xpl-proxy'http'='http://'.$proxy if $proxy; $ids = 'IDS:r57 phpBB2 exploit...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/27 12:0 a.m.264 views

SpagoBI 3.5.1 Command Injection Vulnerability

CVE-2024-54794 Severity : Critical 9.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by Command Injection vulnerability in the script input feature. Poc In the Poc the attacker has to be logged into the...

9.1CVSS7.1AI score0.12829EPSS
Exploits3
0day.today
0day.today
added 2024/04/03 12:0 a.m.264 views

Wordpress Alemha Watermarker 1.3.1 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will run on anyone who...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/01 12:0 a.m.264 views

Online Diagnostic Lab Management 1.0 SQL Injection Vulnerability

Title: Online-Diagnostic-Lab-Management v1.0 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.youtube.com/watch?v=0nA5xfQ5G0g Vendor: https://www.youtube.com/@MayuriK Software:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/19 12:0 a.m.264 views

Diafan CMS 6.0 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya Karabag Vendor Homepage: https://www.diafancms.com/ Version: 6.0 Tested on: https://demo.diafancms.com Description: 1 https://demo.diafancms.com/ Go to main page and write your payload in Search in...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/25 12:0 a.m.264 views

Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Vulnerability

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/04/12 12:0 a.m.264 views

Sielco Analog FM Transmitter 2.12 Cookie Brute Force Vulnerability

Sielco Analog FM Transmitter 2.12 'id' Cookie Brute Force Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.264 views

WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/11/16 12:0 a.m.264 views

Cisco Secure Email Gateway Malware Detection Evasion Vulnerability

Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with t...

7.2AI score
Exploits0
0day.today
0day.today
added 2022/10/06 12:0 a.m.264 views

Wordpress Zephyr Project Manager 3.2.42 Plugin - Multiple SQL injection Vulnerabilities

Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/ Vendor Homepage:...

9.8CVSS0.3AI score0.09675EPSS
Exploits5
0day.today
0day.today
added 2022/07/26 12:0 a.m.264 views

Garage Management System 1.0 Shell Upload Exploit

Exploit Title: Garage Management System Remote Code Execution via File Upload Exploit Author: saitamang Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/garage.zip Version: 1.0 Tested on: Centos 7 + MySQL import...

Exploits0
0day.today
0day.today
added 2022/06/02 12:0 a.m.264 views

libxml2 xmlBufAdd Heap Buffer Overflow Exploit

libxml2: heap-buffer-overflow in xmlBufAdd libxml2 is vulnerable to a heap-buffer-overflow when xmlBufAdd is called on a very large buffer: int xmlBufAddxmlBufPtr buf, const xmlChar str, int len unsigned int needSize; .. needSize = buf-use + len + 2; A if needSize buf-size .. if !xmlBufResizebuf,...

6.5CVSS0.2AI score0.0363EPSS
Exploits5
0day.today
0day.today
added 2022/04/19 12:0 a.m.264 views

Microsoft Exchange Active Directory Topology 15.0.847.40 - Unquoted Service Path Vulnerability

Exploit Title: Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Vendor : Microsoft Version : 15.0.847.40 Tested on OS: Microsoft Exchange Server 2013 SP1 PoC : ============== C:\sc qc...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/04/06 12:0 a.m.264 views

Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path Vulnerability

Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE: CVE-2022-23909 Step t...

7.8CVSS0.4AI score0.01027EPSS
Exploits4
0day.today
0day.today
added 2022/02/02 12:0 a.m.264 views

WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability

Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/ Version: 1.0.2 Tested on: Windows 10 CVE: CVE-2021-24247 1. Description: The plugin settings are visible to all registered user...

5.4CVSS0.04682EPSS
Exploits5
0day.today
0day.today
added 2021/08/18 12:0 a.m.264 views

Lucee Administrator imgProcess.cfm Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...

9.8CVSS9.6AI score0.89189EPSS
Exploits5
0day.today
0day.today
added 2020/03/02 12:0 a.m.264 views

Nimsoft nimcontroller 7.80 Remote Code Execution Exploit

/ Exploit Title : Sing About Me, I'm Dying Of Thirst Exploit Author : wetw0rk Exploit Version : Public POC CVE : CVE-2020-8012 Vendor Homepage : https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en Software Version : 7.80 Tested on : Windows 10 Pro x64, Windows Server 2012 R2...

9.8CVSS9.6AI score0.77566EPSS
Exploits8
0day.today
0day.today
added 2019/06/05 12:0 a.m.264 views

Inateck 2.4 GHz Wearable Wireless Presenter WP2002 Keystroke Injection Vulnerability

Product: 2.4 GHz Wearable Wireless Presenter WP2002 Manufacturer: Inateck Affected Versions: n/a Tested Versions: n/a Vulnerability Type: Insufficient Verification of Data Authenticity CWE-345 Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification:...

8.8CVSS0.6AI score0.0192EPSS
Exploits1
0day.today
0day.today
added 2019/06/03 12:0 a.m.264 views

KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected Versions: KACE SMA versions prior to...

7.3AI score0.12206EPSS
Exploits6
0day.today
0day.today
added 2018/11/14 12:0 a.m.264 views

Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Data Center Audit 2.6.2 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/datacenteraudit/ Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2024/09/18 12:0 a.m.263 views

WordPress LiteSpeed Cache Cookie Theft Exploit

This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin...

9.8CVSS7.4AI score0.83178EPSS
Exploits7
0day.today
0day.today
added 2024/01/08 12:0 a.m.263 views

PluXml Blog 5.8.9 Remote Code Execution Vulnerability

Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in content your payloa...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/04 12:0 a.m.263 views

Bus Reservation System 1.1 - Multiple SQL injection Vulnerability

Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears to be vulnerable...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/05 12:0 a.m.263 views

BTCPay Server v1.7.4 - HTML Injection Vulnerability

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete API key, the html...

8.8CVSS8.7AI score0.07896EPSS
Exploits4
0day.today
0day.today
added 2023/03/23 12:0 a.m.263 views

wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability

Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...

9.8CVSS9.4AI score0.11276EPSS
Exploits4
0day.today
0day.today
added 2022/11/11 12:0 a.m.263 views

MSNSwitch Firmware MNT.2408 - Remote Code Exectuion Exploit

Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated configuration dump, authenticated RCE o...

9.8CVSS9.6AI score0.75556EPSS
Exploits4
0day.today
0day.today
added 2022/05/17 12:0 a.m.263 views

Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...

6.9CVSS5.6AI score0.03274EPSS
Exploits4
0day.today
0day.today
added 2022/05/12 12:0 a.m.263 views

PyScript - Read Remote Python Source Code Vulnerability

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE : CVE-2022-30286...

7.5CVSS7.7AI score0.13268EPSS
Exploits4
0day.today
0day.today
added 2022/04/07 12:0 a.m.263 views

Zenario CMS 9.0.54156 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys import json import...

0.2AI score0.02484EPSS
Exploits5
0day.today
0day.today
added 2022/02/22 12:0 a.m.263 views

WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability

The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...

6.1CVSS0.1AI score0.02379EPSS
Exploits2
0day.today
0day.today
added 2022/02/09 12:0 a.m.263 views

Exam Reviewer Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...

1AI score
Exploits0
Total number of security vulnerabilities5000