Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2023/04/14 12:0 a.m.248 views

Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/04/05 12:0 a.m.248 views

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw. Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Vendor: https://www.hitachivantara.com/ Software...

9.8CVSS9.2AI score0.9767EPSS
Exploits7
0day.today
0day.today
added 2022/10/04 12:0 a.m.248 views

Joomla Easy Shop 1.4.1 Cross Site Scripting Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : JoomTech - joomtech.net │ │...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/07/31 12:0 a.m.248 views

Transposh WordPress Translation 1.0.7 Incorrect Authorization Vulnerability

Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users ...

5.3CVSS0.4AI score0.03644EPSS
Exploits6
0day.today
0day.today
added 2022/05/17 12:0 a.m.248 views

SolarView Compact 6.0 - OS Command Injection Vulnerability

Exploit Title: SolarView Compact 6.0 - OS Command Injection Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST /confmail.php HTTP/1.1...

9.8CVSS9.6AI score0.97961EPSS
Exploits6
0day.today
0day.today
added 2022/03/31 12:0 a.m.248 views

Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path Vulnerabilities

Exploit Title: Spoofer 1.4.6 – Local Privilege Escalation via Unquoted Service Path Exploit Author: Asim Sattar @MAsim1 Vendor Homepage: https://www.caida.org/projects/spoofer/ Software Link: https://www.caida.org/projects/spoofer/downloads/Spoofer-1.4.6-win32.exe Version: 1.4.6 Tested: Windows 1...

9.6AI score
Exploits2
0day.today
0day.today
added 2022/03/30 12:0 a.m.248 views

WordPress cab-fare-calculator 1.0.3 Plugin - Local File Inclusion Vulnerability

Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/ Version: 1.0.3 Tested on: Firefox...

Exploits0
0day.today
0day.today
added 2022/03/23 12:0 a.m.248 views

Xlight FTP 3.9.3.2 Buffer Overflow Exploit

Exploit Title: Xlight FTP v3.9.3.2 - Buffer Overflow SEH Egghunter + ROP Exploit Author: Hejap Zairy Software Link: http://www.xlightftpd.com/download/setup.exe Tested Version: v3.9.3.22022-1-5 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy Al...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/01/13 12:0 a.m.248 views

SalonERP 3.0.1 - (sql) SQL Injection Vulnerability

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/10/13 12:0 a.m.248 views

Simple Issue Tracker System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Exploit Author: Bekir Bugra TURKOGLU Vendor Homepage: https://www.sourcecodester.com/php/14938/simple-issue-tracker-system-project-using-php-and-sqlite-free-download.html Software Link:...

0.9AI score
Exploits0
0day.today
0day.today
added 2021/10/06 12:0 a.m.248 views

Local Offices Contact Directory Site SQL Injection Vulnerability

Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability. Local Offices Contact Directory Site SQL Injection Vulnerability...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.248 views

Teachers Record Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Teachers Record Management System 1.0 - 'searchteacher' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.248 views

Cyber Cafe Management System SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Cyber Cafe Management System - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/09 12:0 a.m.248 views

Cisco Immunet / Cisco AMP For Endpoints Scanning Denial Of Service Exploit

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection AMP for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system...

0.4AI score0.00966EPSS
Exploits6
0day.today
0day.today
added 2018/03/31 12:0 a.m.248 views

osCommerce 2.3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on:...

Exploits0
0day.today
0day.today
added 2018/01/08 12:0 a.m.248 views

Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit

Exploit for multiple platform in category remote exploits !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github:...

5CVSS0.1AI score0.99993EPSS
Exploits45
0day.today
0day.today
added 2006/09/14 12:0 a.m.248 views

Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== Mambo comserverstat Component = 0.4.4 File Include Vulnerability ==================================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/02/27 12:0 a.m.247 views

SuperStoreFinder - Multiple Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

7.4AI score
Exploits0
0day.today
0day.today
added 2023/07/19 12:0 a.m.247 views

PimpMyLog v1.7.14 - Improper access control Exploit

Exploit Title: PimpMyLog v1.7.14 - Improper access control Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from improper access contro...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/03 12:0 a.m.247 views

MyBB 1.8.32 - Remote Code Execution (Authenticated) Exploit

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE : N/A Detailed...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/03/28 12:0 a.m.247 views

HDD Health 4.2.0.112 - (HDDHealth) Unquoted Service Path Vulnerability

Exploit Title: HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path Exploit Author: Jorge Manuel Lozano Gómez Vendor Homepage: https://www.panterasoft.com Software Link: https://hdd-health.softonic.com Version : 4.2.0.112 Tested on: Windows 11 64bit CVE : N/A About Unquoted Service Path :...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.247 views

WebTareas 2.4 - SQL Injection (Unauthorised) Vulnerability

Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10 using XAMPP,...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/12/18 12:0 a.m.247 views

Bangresta 1.0 SQL Injection Vulnerability

Title: Bangresto 1.0 SQLi Author: nu11secur1ty Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Demo: https://axcora.my.id/bangrestoapp/start.php Software: https://github.com/mesinkasir/bangresto Reference:...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/10/04 12:0 a.m.247 views

Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting Vulnerability

Chrome: Universal XSS in Autofill Assistant VULNERABILITY DETAILS From the Autofill Assistant README file1: Autofill Assistant is an execution engine to run user journeys on websites given a set of actions. These actions include clicking on buttons or scrolling to an element. They also provide a...

Exploits0
0day.today
0day.today
added 2022/10/03 12:0 a.m.247 views

ZKSecurity BIO 3.0.5.0_R Privilege Escalation Vulnerability

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

8.8CVSS0.6AI score0.0102EPSS
Exploits3
0day.today
0day.today
added 2022/09/23 12:0 a.m.247 views

WorkOrder CMS 0.1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting XSS Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Payload:...

Exploits0
0day.today
0day.today
added 2022/09/13 12:0 a.m.247 views

kampag CMS Local File Download / Disclosure Vulnerability

kampag CMS local file Download/Disclosure Vulnerability A local file download/disclosure vulnerability can lead to Directory Traversal attacks, where an attacker will try to find and access files on the web server to gain more useful information, such as log files. Log files can reveal the...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/04/20 12:0 a.m.247 views

Audio Conversion Wizard V2.01 Denial of Service Exploit

Exploit Title: Audio Conversion Wizard V2.01 Denial of Service Exploit Date: 20.04.2022 Vendor Homepage:https://www.litexmedia.com Software Link: https://www.litexmedia.com/acwizard.exe Exploit Author: Achilles Tested Version: V2.01 Tested on: Windows 7 x64 1.- Run python code :Audio.py 2.- Open...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/04/14 12:0 a.m.247 views

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability

enteliTouch XSS alertdocument.cookie" / input type="hidden" n...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/03/28 12:0 a.m.247 views

Online Student Admission v1.0 SQL injection Vulnerability

Title: Online Student Admission v1.0 SQLi Author: nu11secur1ty Date: 03.28.2022 Vendor: https://www.sourcecodester.com/users/walterjnr1 Software: https://www.sourcecodester.com/php/14874/online-student-admission-system.html Reference:...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/01/27 12:0 a.m.247 views

WordPress Modern Events Calendar V 6.1 Plugin - SQL Injection (Unauthenticated) Exploit

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip Version: = 6.1...

9.8CVSS0.9AI score0.728EPSS
Exploits7
0day.today
0day.today
added 2022/01/17 12:0 a.m.247 views

Worktime 10.20 Build 4967 DLL Hijacking Vulnerability

/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Worktime 10.20 Build 4967 DLL Hijacking Exploit Date: 15/01/2022 Author:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/27 12:0 a.m.248 views

docPrint Pro 8.0 - (Add URL) Buffer Overflow (SEH Egghunter) Exploit

Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow SEH Egghunter Exploit Author: MasterVlad Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Vulnerability Type: Local Buffer Overflow Tested on: Windows 7 32-bit Proof of Concep...

0.7AI score
Exploits0
0day.today
0day.today
added 2020/01/04 12:0 a.m.247 views

Serv-U Remote (Directory Traversal) 0day Exploit

Tested and affected versions for Windows: Serv-U v15.1, v15.0, v14.0, v11.1, v11.0, v10.5, v10.0...

4.1AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.247 views

Microsoft Windows - Multiple UAC Protection Bypass Exploit

Windows 10 UAC bypass for all executable files which are autoelevate true. https://heynowyouseeme.blogspot.com/2019/08/windows-10-lpe-uac-bypass-in-windows.html Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47753.zip...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/03/04 12:0 a.m.247 views

Booked Scheduler 2.7.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Booked Scheduler v2.7.5 - Remote Command Execution', 'Description' = %q This module exploits...

0.1AI score
Exploits0
0day.today
0day.today
added 2025/03/13 12:0 a.m.246 views

asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

8.1AI score
Exploits0
0day.today
0day.today
added 2024/10/22 12:0 a.m.246 views

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vulnerability

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems...

7.2AI score
Exploits0
0day.today
0day.today
added 2024/02/26 12:0 a.m.246 views

Flashcard Quiz App v1.0 - (card) SQL Injection Vulnerability

Exploit Title: Flashcard Quiz App v1.0 - 'card' SQL Injection Application: Flashcard Quiz App Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.htm...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/10/09 12:0 a.m.246 views

Atcom 2.7.x.x - Authenticated Command Injection Vulnerability

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Tested on: Kali Linux Exploit Request:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/04 12:0 a.m.246 views

WebsiteBaker v2.13.3 - Stored XSS Vulnerability

Exploit Title: WebsiteBaker v2.13.3 - Stored XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author: Mirabbas Ağalarov...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/06/06 12:0 a.m.246 views

Total CMS 1.7.4 - Remote Code Execution Vulnerability

Exploit Title: Total CMS 1.7.4 - Remote Code Execution RCE Exploit Author: tmrswrr Version: 1.7.4 Vendor home page : https://www.totalcms.co/ 1 Go to this page and click edit page button https://www.totalcms.co/demo/soccer/ 2After go down and will you see downloads area 3Add in this area shell.ph...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/10 12:0 a.m.246 views

WebsiteBaker v2.13.3 - Cross-Site Scripting Vulnerability

Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.246 views

Composr CMS Version <=10.0.39 - Authenticated Remote Code Execution Exploit

Exploit Title: Composr-CMS Version Commandr !/usr/bin/python3 import requests from bs4 import BeautifulSoup import time cookies = 'hascookies': '1', 'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c', You need to change this as it is dynamic 'commandrdir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',...

8.8CVSS8.7AI score0.09183EPSS
Exploits4
0day.today
0day.today
added 2023/03/27 12:0 a.m.246 views

Password Manager for IIS v2.0 - XSS Vulnerability

Exploit Title: Password Manager for IIS v2.0 - XSS Exploit Author: VP4TR10T Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/ Software Link: http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when changing user password: POST...

6.1CVSS6.4AI score0.03767EPSS
Exploits5
0day.today
0day.today
added 2022/10/05 12:0 a.m.246 views

Canteen Management 1.0 2022 SQL Injection Vulnerability

Title: Canteen-Management1.0-2022 SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...

0.6AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.246 views

One Church Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: One Church Management System 1.0 - Multiple Cross-site Scripting Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One Church Management...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/14 12:0 a.m.246 views

H3C SSL VPN Username Enumeration Vulnerability

H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotel...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/10 12:0 a.m.246 views

WordPress Contact Form Entries Cross Site Scripting Vulnerability

WordPress Contact Form Entries plugin versions prior to 1.2.4 suffer from an unauthenticated persistent cross site scripting vulnerability. Exploit Title: Contact Form Entries Vulnerability Discovery: Gaetano Perrone aka gx1 Vendor Homepage: https://www.crmperks.com/ Software Link:...

6.1CVSS6.2AI score0.0682EPSS
Exploits4
0day.today
0day.today
added 2020/11/19 12:0 a.m.246 views

Oracle WebLogic Server Administration Console Handle Remote Code Execution Exploit

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against...

10CVSS8.9AI score0.99997EPSS
Exploits45
Total number of security vulnerabilities5000