Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2020/08/10 12:0 a.m.205 views

ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)

Exploit for java platform in category web applications Exploit Title: ManageEngine ADSelfService Plus 6000 – Unauthenticated Remote Code Execution Exploit Author: Bhadresh Patel Vendor link: https://www.manageengine.com/company.html Version: ADSelfService Plus build 6003 CVE : CVE-2020-11552 This...

9.2AI score0.07403EPSS
Exploits4
0day.today
0day.today
added 2020/07/15 12:0 a.m.205 views

Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.205 views

Apartment Visitors Management System Project 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Apartment Visitors Management System Project 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/03/26 12:0 a.m.205 views

HP ThinPro 6.x / 7.x Citrix Command Injection Vulnerability

HP ThinPro - Citrix command injection =============================================================================== Identifiers ------------------------------------------------- CVE-2019-18909 CVSSv3 score ------------------------------------------------- 6.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N...

8CVSS0.3AI score0.02181EPSS
Exploits3
0day.today
0day.today
added 2019/10/07 12:0 a.m.205 views

Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)

Date: 4th October 2019 Shellcode Author: @bolonobolo - https://bolonobolo.github.io Tested on: Linux x86 execve.asm global start section .text start: ; put NULL bytes in the stack xor eax, eax push eax //bin/sh push 0x68732f6e push 0x69622f2f mov ebx, esp ; push NULL in the EDX position push eax...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/17 12:0 a.m.205 views

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) Exploit

Exploit for windows platform in category local exploits Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path...

0.5AI score
Exploits0
0day.today
0day.today
added 2015/05/08 12:0 a.m.205 views

Adobe Flash Player NetConnection Type Confusion Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player NetConnection Type Confusion', 'Description' = %q This...

9.3CVSS0.2AI score0.71536EPSS
Exploits4
0day.today
0day.today
added 2010/02/07 12:0 a.m.205 views

DA Mailing List System V2 Remote Admin Login Vulnerability

Exploit for unknown platform in category web applications ========================================================== DA Mailing List System V2 Remote Admin Login Vulnerability ========================================================== Dork: DA Mailing List System V2 Powered by DigitalArakan.Net...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/10/13 12:0 a.m.205 views

IndexScript 3.0 (sug_cat.php parent_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== IndexScript 3.0 sugcat.php parentid SQL Injection Vulnerability ===================================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/11/21 12:0 a.m.204 views

Ivanti EPM Agent Portal Command Execution Exploit

This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior ...

9.8CVSS7.3AI score0.12904EPSS
Exploits5
0day.today
0day.today
added 2023/05/05 12:0 a.m.204 views

Ulicms 2023.1 sniffing-vicuna - Stored Cross-Site Scripting Vulnerability

Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting XSS Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Stored Xss Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/06 12:0 a.m.204 views

atrocore 1.5.25 User interaction - Unauthenticated File upload Vulnerability

Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create Import Feed...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/04/05 12:0 a.m.204 views

zstore 6.6.0 - Cross-Site Scripting Vulnerability

Exploit Title: zstore 6.6.0 - Cross-Site Scripting XSS Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/01/26 12:0 a.m.204 views

Polkit pkexec Local Privilege Escalation Vulnerability

pwnkit: Local Privilege Escalation in polkit's pkexec CVE-2021-4034 ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgments Timeline...

7.8CVSS8.6AI score0.94921EPSS
Exploits152
0day.today
0day.today
added 2022/01/17 12:0 a.m.204 views

Worktime 10.20 Build 4967 Unquoted Service Path Vulnerability

Exploit Title: WorkTime 10.20 Build Build 4967 Unquoted Service Path Discovery by: Yehia Elghaly Vendor Homepage: https://www.worktime.com/ Software Link: https://www.worktime.com/download/worktimecorporate.exe Tested Version: 10.20 Build Build 4967 Vulnerability Type: Unquoted Service Path Teste...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/10 12:0 a.m.204 views

Online Railway Reservation System 1.0 - Remote Code Execution Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

0.9AI score
Exploits0
0day.today
0day.today
added 2020/11/09 12:0 a.m.204 views

Chrome V8 Turbofan Type Confusion Exploit

V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion NOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline. VULNERABILITY DETAILS When turbofan compiles code that performs a Map...

8.8CVSS9AI score0.48574EPSS
Exploits3
0day.today
0day.today
added 2019/11/20 12:0 a.m.205 views

Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path

Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c: ================================================================== +define vmafputvma vmadofputvma, func, LINE...

7.1CVSS7.4AI score0.01158EPSS
Exploits2
0day.today
0day.today
added 2019/10/31 12:0 a.m.204 views

Nostromo 1.9.6 Directory Traversal / Remote Command Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function httpverify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. This module...

9.8CVSS1.2AI score0.99057EPSS
Exploits24
0day.today
0day.today
added 2019/05/24 12:0 a.m.204 views

Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: rajvardhan ;Architecture: Linux x8664 ;Possibly The Smallest And Fully Reliable Shellcode =========== Asm Source =========== global start section .text start: xor rsi,rsi push rsi mov rdi,0x68732f2f6e69622f push rdi push rsp...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.204 views

BulletProof FTP Server 2019.0.0.50 - (DNS Address) Denial of Service Exploit

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...

Exploits0
0day.today
0day.today
added 2019/03/10 12:0 a.m.204 views

DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADM...

6.8CVSS8.7AI score0.02435EPSS
Exploits5
0day.today
0day.today
added 2018/05/23 12:0 a.m.204 views

Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation Exploit

This Metasploit module exploits a race condition and use-after-free in the packetsetring function in net/packet/afpacket.c AFPACKET in the Linux kernel to execute code as root CVE-2016-8655. The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting...

7.2CVSS0.1AI score0.11127EPSS
Exploits16
0day.today
0day.today
added 2018/05/15 12:0 a.m.205 views

IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerabilities

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities. Vulnerabilities in IBMs Flashsystems and Storwize Products...

0.5AI score0.02658EPSS
Exploits3
0day.today
0day.today
added 2017/02/28 12:0 a.m.204 views

ESET Endpoint Antivirus 6 Remote Code Execution Exploit

Exploit for windows platform in category remote exploits CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6 --------------------------------------------------------------------------- Summary ======= Name: Remote Code Execution as Root via ESET Endpoint Antivirus 6 CVE:...

7.5CVSS8.3AI score0.13335EPSS
Exploits4
0day.today
0day.today
added 2015/08/01 12:0 a.m.204 views

BIND9 - TKEY PoC Exploit

Exploit for multiple platform in category dos / poc / PoC for BIND9 TKEY assert Dos CVE-2015-5477 Usage: tkill What it does: - First sends a "version" query to see if the server is up. - Regardless of the version response, it then sends the DoS packet. - Then it waits 5 seconds for a response. If...

7.8CVSS0.1AI score0.91284EPSS
Exploits12
0day.today
0day.today
added 2014/10/21 12:0 a.m.204 views

Windows OLE Package Manager SandWorm Exploit

Proof of concept exploit builder for the OLE flaw in packager.dll. !/usr/bin/env python import os import zipfile import sys ''' Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on: Linux/MacOSX Date: 17/10/2014 Exploit Author:...

9.3CVSS0.2AI score0.81628EPSS
Exploits22
0day.today
0day.today
added 2010/08/05 12:0 a.m.204 views

Foo-Goo (calendar.php & gallery.php id) SQL Injection Exploit (.py)

Exploit for php platform in category web applications =================================================================== Foo-Goo calendar.php & gallery.php id SQL Injection Exploit .py =================================================================== !/usr/bin/env python -- coding:cp1254 --...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/05/30 12:0 a.m.204 views

Zeeways Script Multiple Vulnerabilities

Exploit for php platform in category web applications ======================================= Zeeways Script Multiple Vulnerabilities ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ ...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/09/15 12:0 a.m.204 views

PhotoPost <= 4.6 (PP_PATH) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ PhotoPost 4.6 PPPATH Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/07/25 12:0 a.m.203 views

Prison Management System 1.0 Shell Upload Vulnerability

Exploit Title: Prison Management System 1.0 - Unuthenticated RCE Exploit Author: Muhammet Ali Dak Vendor Homepage: https://www.sourcecodester.com/sql/17287/prison-management-system.html Software Link: https://www.sourcecodester.com/download-code?nid=17287&title=Prison+Management+System+Using+PHP...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/11/16 12:0 a.m.203 views

Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass Exploit

Exploit Title: Revenue Collection System v1.0 - Authentication Bypass via Stored XSS Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip Tested on: Ka...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/10/19 12:0 a.m.203 views

AVS Audio Converter 10.3 Stack Overflow Exploit

Exploit Title: AVS Audio Converter 10.3 - Stack Overflow SEH Discovered by: Yehia Elghaly - Mrvar0x Discovered Date: 2022-10-16 Tested Version: 10.3.1.633 Tested on OS: Windows 7 Professional x86 pop+ret Address=005154E6 Message= 0x005154e6 : pop ecx pop ebp ret 0x04 | startnull PAGEEXECUTEREAD...

0.6AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.203 views

PDF Generator Web App Using TCPDF 1.0 Local File Inclusion Vulnerability

PDF Generator Web App using TCPDF version 1.0 suffers from a local file inclusion vulnerability. Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...

7.2AI score
Exploits0
0day.today
0day.today
added 2021/09/29 12:0 a.m.203 views

Storage Unit Rental Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/05 12:0 a.m.203 views

c-ares 1.16.0 Use-After-Free Exploit

c-ares version 1.16.0 has an issue where aresdestroy with pending aresgetaddrinfo leads to a use-after-free condition. c-ares 1.16.0: aresdestroy with pending aresgetaddrinfo leads to use-after-free The following code was introduced in c-ares commit dbd4c441 first released in 1.16.0, which was...

7AI score
Exploits0
0day.today
0day.today
added 2020/06/30 12:0 a.m.203 views

openSIS 7.4 Incorrect Access Control Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and...

6.4CVSS0.4AI score0.52814EPSS
Exploits6
0day.today
0day.today
added 2020/06/30 12:0 a.m.203 views

openSIS 7.4 Multiple SQL Injection Vulnerabilties

Exploit for php platform in category web applications ----------------------------------------------------- openSIS = 7.4 Multiple SQL Injection Vulnerabilities ----------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior...

7.5CVSS0.2AI score0.59028EPSS
Exploits7
0day.today
0day.today
added 2019/11/30 12:0 a.m.203 views

Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities

Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...

6.9AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.203 views

Easy File Sharing Web Server 7.2 - author Remote Buffer Overflow (SEH) Exploit

An issue was discovered in Easy File Sharing EFS Web Server 7.2, A stack-based buffer overflow vulnerability occurs when an authenticated user sends a malicious POST request to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. Exploit Titl...

9.8CVSS0.6AI score0.03497EPSS
Exploits2
0day.today
0day.today
added 2018/02/27 12:0 a.m.203 views

Joomla K2 2.8.0 Component - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component K2 2.8.0 - Arbitrary File Download Dork: N/A Date: 26.02.2018 Vendor Homepage: http://www.joomlaworks.net/ Software Link:...

5CVSS7.7AI score0.02353EPSS
Exploits3
0day.today
0day.today
added 2015/10/22 12:0 a.m.203 views

TeamSpeak Client <= 3.0.18.1 - RFI to RCE Exploit

Exploit for windows platform in category remote exploits Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux...

7.1AI score
Exploits0
0day.today
0day.today
added 2008/09/24 12:0 a.m.203 views

AJ Auction Pro Platinum Skin #2 (detail.php item_id) SQL Injection Vuln

Exploit for unknown platform in category web applications ======================================================================= AJ Auction Pro Platinum Skin 2 detail.php itemid SQL Injection Vuln ======================================================================= AJ Auction Pro Platinum Ski...

7.1AI score
Exploits0
0day.today
0day.today
added 2005/07/18 12:0 a.m.203 views

Open Bulletin Board <= 1.0.5 SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================== Open Bulletin Board new Proto = "tcp", PeerAddr = "$server", PeerPort = "80"; printf $socket "GET...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/05/10 12:0 a.m.202 views

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/07/31 12:0 a.m.202 views

General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested on: Windows 10...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/07/15 12:0 a.m.202 views

Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass Vulnerability

Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...

10CVSS7.1AI score0.75863EPSS
Exploits14
0day.today
0day.today
added 2022/10/17 12:0 a.m.202 views

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: /dev/null -------------------------------------------------------------------- Tested on: MiniDVBLinux 5.4 BusyBox v1.25.1 Architecture: armhf,...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/03/30 12:0 a.m.202 views

Fingerprint Attendance 1.0 Account Takeover Vulnerability

Title: Fingerprint Attendance 1.0 Account Takeover Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Fingerprint...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/03/07 12:0 a.m.202 views

Foxit PDF Reader 11.0 - Unquoted Service Path Vulnerability

Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...

7.4AI score
Exploits0
Total number of security vulnerabilities5000