Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2006/03/06 12:0 a.m.214 views

D2-Shoutbox 4.2 IPB Mod (load) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== D2-Shoutbox 4.2 IPB Mod load Remote SQL Injection Exploit =========================================================== !/usr/bin/perl | | | \ | | |/ D2-Shoutbox 4.2IPB Mod=SQL...

7.1AI score
Exploits0
0day.today
0day.today
added 2005/01/13 12:0 a.m.214 views

ITA Forum <= 1.49 SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================= ITA Forum = 1.49 SQL Injection Exploit ======================================= !/usr/bin/perl use LWP::UserAgent; ITA Forum 1.49 sql injection exploit with one char bruteforce by 1dt.w0lf // r57...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/08/08 12:0 a.m.213 views

Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability

Title: Open WebUI Stored Cross-Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper...

6.1CVSS7AI score0.0062EPSS
Exploits3
0day.today
0day.today
added 2023/01/19 12:0 a.m.213 views

Zstore 6.5.4 Cross Site Scripting Vulnerability

Title: zstore-6.5.4 - XSS-Reflected Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of manual insertion...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/09/29 12:0 a.m.213 views

Online Examination System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Online Examination System - Cross site scripting Reflected Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/03/15 12:0 a.m.213 views

Hades RAT Web Panel Insecure Credential Storage Vulnerability

Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Insecure Credential Storage Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/21 12:0 a.m.213 views

Dbltek GoIP - Local File Inclusion Vulnerability

Exploit Title: Dbltek GoIP - Local File Inclusion Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/09/21 12:0 a.m.213 views

Budget and Expense Tracker System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/09/21 12:0 a.m.213 views

Yenkee Hornet Gaming Mouse - (GM312Fltr.sys) Denial Of Service Exploit

Exploit Title: Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service PoC Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.yenkee.eu/gaming-mouse-hornet-aim/yms-3029 Reference:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/26 12:0 a.m.213 views

Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Exploit

Exploit Title: Port Forwarding Wizard 4.8.0 - Buffer Overflow SEH Exploit Author: Sarang Tumne Confirmed on release 4.8.0 and 4.5.0 Vendor: http://www.port-forwarding.net/ Tested on OS- Windows Vista Buffer overflow in upRedSun Port Forwarding Wizard 4.8.0 and earlier version allows local attacke...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/05/17 12:0 a.m.213 views

WordPress PHPMailer Host Header Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to t...

7.5CVSS9.7AI score0.99714EPSS
Exploits58
0day.today
0day.today
added 2013/12/16 12:0 a.m.213 views

PHP openssl_x509_parse() Memory Corruption Vulnerability

The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated...

7.5CVSS0.4AI score0.35635EPSS
Exploits8
0day.today
0day.today
added 2010/06/10 12:0 a.m.213 views

Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability

Exploit for php platform in category web applications ====================================================== Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/07/19 12:0 a.m.212 views

CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection Vulnerability

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/23 12:0 a.m.212 views

Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/23 12:0 a.m.212 views

Stackposts Social Marketing Tool v1.0 - SQL Injection Vulnerability

Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/stackposts-social-marketing-tool/21747459 Demo Site: https://demo.stackposts.com Tested on: Kali Linux CVE: N/A Request POST /spmo/auth/login HTTP/1.1...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/09/29 12:0 a.m.212 views

Lavalite 9.0.0 XSRF TOKEN cookie File path traversal Vulnerability

Title: Lavalite-9.0.0 XSRF-TOKEN cookie File path traversal Author: nu11secur1ty Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite Description: The XSRF-TOKEN cookie is...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/07/31 12:0 a.m.212 views

Transposh WordPress Translation 1.0.8.1 Improper Authorization Vulnerability

Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber". 1. ADVISORY INFORMATION ======================= Product:...

6.5CVSS0.3AI score0.00891EPSS
Exploits5
0day.today
0day.today
added 2022/07/31 12:0 a.m.213 views

Loan Management System 1.0 SQL Injection Vulnerability

Exploit Title: Loan Management System - SQL Injection via login page Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack vector for the SQ...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/07/31 12:0 a.m.212 views

Loan Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Loan Management System - XSS Stored Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There are several functions and parameter...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.212 views

One Church Management System 1.0 SQL Injection Vulnerability

Exploit Title: One Church Management System 1.0 - attendancy.php search2 SQL Injection Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One Church...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.212 views

Royale Event Management System 1.0 Privilege Escalation Vulnerability

Royale Event Management System version 1.0 suffers from a privilege escalation vulnerability by allowing an attacker to register an account as an administrator. Exploit Title: Royale Event Management System 1.0 - Authentication Bypass Date: 25/03/2022 Exploit Author: Mr Empy Software Link:...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/02/21 12:0 a.m.212 views

Cab Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/02/02 12:0 a.m.212 views

WordPress Post Grid 2.1.1 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/post-grid/ Version: 2.1.1 Tested on: Windows 10 CVE: CVE-2021-24488 1. Description: This plugin creates a post grid from any post types. The slider import search...

6.1CVSS0.11241EPSS
Exploits5
0day.today
0day.today
added 2021/09/23 12:0 a.m.212 views

WordPress Advanced Order Export For WooCommerce 3.1.7 Plugin - Reflected XSS Vulnerability

Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Version: 3.1.7 Tested on: Windows 10 CVE: CVE-2021-24169 1. Description: This plugin helps you to easil...

6.1CVSS0.10348EPSS
Exploits5
0day.today
0day.today
added 2020/02/10 12:0 a.m.212 views

iOS / macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()

While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...

7.8CVSS0.1AI score0.16111EPSS
Exploits1
0day.today
0day.today
added 2016/05/31 12:0 a.m.212 views

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)

Exploit for windows platform in category remote exploits Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested o...

9.3CVSS0.5AI score0.94297EPSS
Exploits14
0day.today
0day.today
added 2015/10/07 12:0 a.m.212 views

Huawei 3G Routers Multiple Vulnerabilities

Huawei 3G routers suffer from authentication bypass, cross site request forgery, denial of service, and various other vulnerabilities. Advisory Information Title: Huawei 3G routers vulnerable to multiple threats Advisory URL: https://pierrekim.github.io/advisories/2015-huawei-0x00.txt Blog URL:...

7.3AI score
Exploits0
0day.today
0day.today
added 2024/06/02 12:0 a.m.211 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS7AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/04/01 12:0 a.m.211 views

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/05/23 12:0 a.m.211 views

Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/27 12:0 a.m.211 views

Employee Performance Evaluation System v1.0 - File Inclusion / Remote Code Execution Exploit

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/06/14 12:0 a.m.211 views

phpIPAM 1.4.5 - Remote Code Execution (Authenticated) Exploit

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS !/usr/bin/env python3...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/03/31 12:0 a.m.211 views

EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path Vulnerabilities

Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path Local Privilege Escalation Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: http://www.egsoftweb.in/index.aspx Software Link: http://www.egsoftweb.in/OurProductReadmore.aspx?id=6 Version: 2020 Tested: Windows 10...

0.9AI score
Exploits2
0day.today
0day.today
added 2022/03/29 12:0 a.m.211 views

Royale Event Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Royale Event Management System 1.0 - Cross-site Scripting Stored unauthenticated Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ Royale...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/09/17 12:0 a.m.211 views

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Exploit

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/03/13 12:0 a.m.211 views

QCubed 3.1.1 PHP Object Injection Vulnerability

QCubed PHP Object Injection =========================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technolog...

9.8CVSS0.1AI score0.0545EPSS
Exploits3
0day.today
0day.today
added 2020/08/18 12:0 a.m.211 views

Savsoft Quiz 5 - Stored Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/13 12:0 a.m.211 views

Online Birth Certificate System 1.0 SQL Injection / Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Online Birth Certificate System - RCE Through SQLi Date: 2020-07-08 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/04 12:0 a.m.211 views

Bolt CMS 3.7.0 XSS / CSRF / Shell Upload Vulnerabilities

Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click. Bolt CMS = 3.7.0 Multiple Vulnerabilities Author - Sivanesh Ashok | @sivaneshashok | stazot.co...

4.3CVSS0.4AI score0.02026EPSS
Exploits4
0day.today
0day.today
added 2020/04/16 12:0 a.m.211 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit

This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...

9CVSS9AI score0.99064EPSS
Exploits10
0day.today
0day.today
added 2020/03/28 12:0 a.m.211 views

WordPress StatTraq 1.3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : WordPress StatTraq 1.3.0 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Software Download Link : downloads.wordpress.org/plugin/wp-stattraq.zip Software Version : 1.3.0 WordPress Versi...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/03/06 12:0 a.m.211 views

Google Chrome 72 / 73 Array.map Corruption Exploit

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to...

6.5CVSS7.5AI score0.55925EPSS
Exploits6
0day.today
0day.today
added 2020/02/10 12:0 a.m.211 views

OpenSMTPD - MAIL FROM Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution', 'Description' = %q This module exploits a command injection in the MAIL FROM field during SMTP...

10CVSS9.7AI score0.98946EPSS
Exploits27
0day.today
0day.today
added 2019/09/30 12:0 a.m.211 views

ACTi ACD-2100 Video Encoder Remote Command Execution Exploit

Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACD-2100 Video Encoder Remote Command Execution Exploit Copyright 2019 c Todor Donev Firmware Version = A1D-220-V3.08.08-AC Production ID = ACD2100-08E-X-00498 Factory Default Type = NTSC, Composite, Two Ways Audio 0x7...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.211 views

macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit

macOS ifaaddr-safamily != AFINET6 // - crash here IFAUNLOCKifa; error = EAFNOSUPPORT; break; Note that IFALOCK is called on user-provided data; it appears that there is an opportunity for memory corruption a controlled write when using indirect mutexes via LCKMTXTAGINDIRECT see lckmtxlockslow...

7.1CVSS7.3AI score0.04442EPSS
Exploits2
0day.today
0day.today
added 2018/11/12 12:0 a.m.211 views

Netscape Enterprise 3.63 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications alert"XSS" The server response: Request URL: http://X.X.X.X/servlet/SnoopServlet Request information: Request method: GET Request URI: /servlet/SnoopServlet Request protocol: HTTP/1.1 Servlet path: /servlet/SnoopServlet Path info: Path...

6.4AI score0.01416EPSS
Exploits3
0day.today
0day.today
added 2018/08/24 12:0 a.m.211 views

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A RO...

6.8CVSS0.4AI score0.64074EPSS
Exploits13
0day.today
0day.today
added 2018/05/09 12:0 a.m.211 views

PlaySMS 1.4 - sendfromfile.php?Filename Authenticated Code Execution Exploit

This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This...

7.5CVSS8.7AI score0.62308EPSS
Exploits3
0day.today
0day.today
added 2018/01/04 12:0 a.m.211 views

Linksys WVBR0-25 User-Agent Command Execution Exploit

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerabilit...

10CVSS9.6AI score0.87929EPSS
Exploits9
Total number of security vulnerabilities5000