Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2023/07/21 12:0 a.m.235 views

RaidenFTPD 2.4.4005 - Buffer Overflow (SEH) Exploit

Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow SEH Exploit Author: Andre Nogueira Vendor Homepage: https://www.raidenftpd.com/en/ Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe Version: RaidenFTPD 2.4.4005 Tested on: Microsoft Windows 10 Build 19045 1.- Open RaidenFTPD 2...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/04/10 12:0 a.m.235 views

ever gauzy v0.281.9 - JWT weak HMAC secret Vulnerability

Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret Author: nu11secur1ty Vendor: https://gauzy.co/ Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 Reference: https://portswigger.net/kb/issues/00200903jwt-weak-hmac-secret Description: It was, detected a JWT signed using...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.235 views

Auto Dealer Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0912 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System Version: v 1.0 Tested...

8.8CVSS8.8AI score0.01635EPSS
Exploits5
0day.today
0day.today
added 2023/03/28 12:0 a.m.235 views

WordPress Jetpack 11.4 Cross Site Scripting Vulnerability

Exploit Title: Jetpack 11.4 - Cross Site Scripting XSS Author: Behrouz Mansoori Software Link: https://wordpress.org/plugins/jetpack Version: 11.4 Tested on: Mac m1 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/20 12:0 a.m.235 views

Medicine Tracker System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html Software...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/10/28 12:0 a.m.235 views

Vagrant Synced Folder Vagrantfile Breakout Exploit

This Metasploit module exploits a default Vagrant synced folder shared folder to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant...

7.7AI score
Exploits0
0day.today
0day.today
added 2022/10/05 12:0 a.m.235 views

Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : RAXO Group - raxo.org │ │ Softwa...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/06/26 12:0 a.m.235 views

Microsoft Office Visio VSD Silent Builder Exploit

0day exploit is a program that injects any executable formatted file .exe into the desired visio .vsd file. The exe is automatically executed when the file.vsd is opened. Bypasses all antivirus programs...

2.1AI score
Exploits0
0day.today
0day.today
added 2022/03/30 12:0 a.m.235 views

WordPress Curtain 1.0.2 Plugin - Cross-site Request Forgery Vulnerability

Exploit Title: WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery CSRF Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Summary: Cross site forgery vulnerability has been identified in curtain...

1.1AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.235 views

WordPress admin-word-count-column 2.2 - Local File Read Vulnerability

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2 Contact me: h at...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/03/23 12:0 a.m.235 views

Home Owners Collection Management System 1.0 SQL Injection Vulnerability

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution Blind SQLi to RCE Exploit Author: Hejap Zairy Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/01/25 12:0 a.m.235 views

Ametys CMS 4.4.1 Cross Site Scripting Vulnerability

Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability Product & Service Introduction: =============================== Build powerful and stunning websites. Whether you need an advanced corporate website, a powerful landing page, a professionnal blog or an event...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/17 12:0 a.m.235 views

OpenBMCS 2.4 Secret Disclosure Vulnerability

OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/01/03 12:0 a.m.235 views

WordPress CRM Form Entries 1.1.6 - Cross Site Scripting Vulnerability

WordPress CRM Form Entries versions prior to 1.1.7 appear susceptible to a cross site scripting vulnerability. Hello, today I disclosed the CVE-2021-25080 vulnerability. Here attached technical information: References: https://wpscan.com/vulnerability/acd3d98a-aab8-49be-b77e-e8c6ede171ac...

6.1CVSS6.2AI score0.842EPSS
Exploits5
0day.today
0day.today
added 2021/02/26 12:0 a.m.235 views

Zenphoto CMS 1.5.7 Shell Upload Vulnerability

Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...

7.2CVSS0.1AI score0.04722EPSS
Exploits3
0day.today
0day.today
added 2020/12/07 12:0 a.m.235 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Exploit

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6.3 Tested on:...

7.8CVSS7.8AI score0.08607EPSS
Exploits12
0day.today
0day.today
added 2020/01/16 12:0 a.m.235 views

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Exploit

Exploit for multiple platform in category web applications Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author: Dhiraj Mishra Vulnerable Version:...

7.5CVSS0.4AI score0.99999EPSS
Exploits48
0day.today
0day.today
added 2019/12/16 12:0 a.m.235 views

D-Link DIR-615 - Privilege Escalation Vulnerability

Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 - Privilege Escalation Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmwa...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/06/18 12:0 a.m.235 views

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits / CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation vulnerability found by: Guy Levin @vastart - twitter.com/vastart https://blog.vastart.dev to compile and run: gcc servu-pe-cve-2019-12181.c -o pe && ./pe / include include include int main ch...

0.2AI score0.65981EPSS
Exploits13
0day.today
0day.today
added 2019/05/09 12:0 a.m.235 views

Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications + Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-...

4.3CVSS0.1AI score0.05273EPSS
Exploits4
0day.today
0day.today
added 2014/10/14 12:0 a.m.235 views

DNS Reverse Lookup Shellshock Exploit

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability. DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary...

10CVSS0.1AI score0.99999EPSS
Exploits158
0day.today
0day.today
added 2011/04/23 12:0 a.m.235 views

ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS

Exploit for php platform in category web applications Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/04/09 12:0 a.m.235 views

Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================= Geeklog = 5.0 google dorks: "By Geeklog" "Created this page in" +seconds +powered "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml vulnerability, see...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/07/10 12:0 a.m.235 views

SQuery <= 4.5 (gore.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ SQuery = 4.5 gore.php Remote File Inclusion Vulnerability ============================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/01/27 12:0 a.m.234 views

SpagoBI 3.5.1 Cross Site Request Forgery Vulnerability

CVE-2024-54792 Severity : Medium 6.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by CSRF in the admin panel that manages user grants. Poc The add/edit/delete user panel, accessible by the admin user, do n...

6.1CVSS7.1AI score0.00281EPSS
Exploits4
0day.today
0day.today
added 2024/03/29 12:0 a.m.234 views

Purei CMS 1.0 - SQL Injection Vulnerability

Exploit Title: Purei CMS 1.0 - SQL Injection Exploit Author: Number 7 Vendor Homepage: purei.com Version: 1.0 Tested on: Linux Introduction: An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection transpires when web...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/11 12:0 a.m.234 views

Wp2Fac - OS Command Injection Exploit

Exploit Title: Wp2Fac v1.0 - OS Command Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent': 'Mozilla/5.0 X11;...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/28 12:0 a.m.234 views

Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Exploit

Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Google Dork: NA Date: 22-07-2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.keepersecurity.com/enGB/ Software Link: https://www.keepersecurity.com/enGB/get-keeper.html Version: Desktop App...

5.5CVSS5.6AI score0.00839EPSS
Exploits3
0day.today
0day.today
added 2023/07/21 12:0 a.m.234 views

Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability

Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation Common Vulnerability Scoring System: ==================================== 7.2 Vulnerability Class: ==================== Privilege Escalation Current Estimated Price: ======================== 3.000€ - 4.000€ Product & Service...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/14 12:0 a.m.234 views

Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Vulnerability

!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/28 12:0 a.m.234 views

rukovoditel 3.2.1 - Cross-Site Scripting Vulnerability

Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.234 views

Frhed (Free hex editor) v1.6.0 - Buffer overflow Vulnerability

Exploit Title: Frhed Free hex editor v1.6.0 - Buffer overflow Discovery by: Rafael Pedrero Vendor Homepage: http://frhed.sourceforge.net/ Software Link : http://frhed.sourceforge.net/ Tested Version: 1.6.0 Tested on: Windows 10 CVSS v3: 7.3 CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/22 12:0 a.m.234 views

Zyxel Unauthenticated LAN Remote Code Execution Exploit

This Metasploit module exploits a buffer overflow in the zhttpd binary /bin/zhttpd. It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After...

8.6AI score
Exploits0
0day.today
0day.today
added 2022/09/19 12:0 a.m.234 views

Social Share Buttons 2.2.3 SQL injection Vulnerability

Title: Social Share Buttons-2.2.3 SQLi Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/05/12 12:0 a.m.234 views

Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A Dom-based Cross-sit...

6.1CVSS6.4AI score0.02486EPSS
Exploits4
0day.today
0day.today
added 2022/03/15 12:0 a.m.234 views

Hades RAT Web Panel Information Disclosure Vulnerability

Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24B.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Information Disclosure Description: The Hades Rat web-panel listens on Port 80. There is no authentication check or...

Exploits0
0day.today
0day.today
added 2022/01/25 12:0 a.m.235 views

Online Project Time Management System 1.0 - Multiple Stored Cross Site Scripting Vulnerabilities

Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/01/05 12:0 a.m.234 views

WordPress WP Visitor Statistics 4.7 Plugin - SQL Injection Exploit

Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CVE: CVE-2021-2475...

8.8CVSS0.5AI score0.38298EPSS
Exploits5
0day.today
0day.today
added 2022/01/05 12:0 a.m.234 views

Siemens S7 Layer 2 - Denial of Service Exploit

Exploit Title: Siemens S7 Layer 2 - Denial of Service DoS Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/us/en.html Version: Firmware versions = 3 Tested on: Siemens S7-300, S7-400 PLCs !/usr/bin/python3 from scapy.all import from colorama import Fore, Back, Style from...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/12/09 12:0 a.m.234 views

Employees Daily Task Management System 1.0 - (multiple) Cross Site Scripting Vulnerability

Exploit Title: Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting XSS Exploit Author: able403 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

Exploits0
0day.today
0day.today
added 2021/10/07 12:0 a.m.234 views

Online DJ Booking Management System 1.0 - (Multiple) Blind Cross-Site Scripting Vulnerability

Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/ Version: V 1.0 Vulnerable endpoint:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/09/24 12:0 a.m.234 views

Pharmacy Point of Sale System 1.0 - SQL injection Authentication Bypass Vulnerability

Exploit Title: Pharmacy Point of Sale System 1.0 - SQLi Authentication Bypass Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/01/16 12:0 a.m.234 views

Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing

EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts...

8.1CVSS0.6AI score0.89436EPSS
Exploits14
0day.today
0day.today
added 2019/05/28 12:0 a.m.234 views

EquityPandit 1.0 - Password Disclosure Vulnerability

Exploit for Android platform in category local exploits...

1.8AI score
Exploits0
0day.today
0day.today
added 2017/10/05 12:0 a.m.234 views

CentOS 7 before 1708 PIE/stack corruption Vulnerability

Exploit for linux platform in category remote exploits Linux PIE/stack corruption CVE-2017-1000253 ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgmen...

5.5CVSS6.8AI score0.10695EPSS
Exploits10
0day.today
0day.today
added 2015/12/23 12:0 a.m.234 views

PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery

Exploit for php platform in category web applications Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: CSRF Remote Exploitable: Yes Reported t...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/10/09 12:0 a.m.234 views

MySQl 5.1 DLL Hijacking Exploit (lPK.dll)

Exploit for windows platform in category local exploits ========================================= MySQl 5.1 DLL Hijacking Exploit lPK.dll ========================================= / Exploit Title: MySQl 5.1 DLL Hijacking Exploit lPK.dll Date: Octobre 6, 2010 Author: Mu$lim email protected Version...

6.8AI score
Exploits0
0day.today
0day.today
added 2006/08/17 12:0 a.m.234 views

Mambo a6mambocredits Component 1.0.0 File Include Vulnerability

Exploit for unknown platform in category web applications =============================================================== Mambo a6mambocredits Component 1.0.0 File Include Vulnerability =============================================================== Title : Mambo a6mambocredits component v1.0.0 =...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/08/16 12:0 a.m.234 views

Mambo CopperminePhotoGalery Component Remote Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== Mambo CopperminePhotoGalery Component Remote Include Vulnerability ================================================================== CopperminePhotoGallery Component Found...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/01/31 12:0 a.m.233 views

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vulnerability

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations. TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page:...

7.2AI score
Exploits0
Total number of security vulnerabilities5000