Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ZdtRecent
RecentMost viewed

39001 matches found

0day.today
0day.todayadded 2024/03/12 12:0 a.m.255 views

SnipeIT 6.2.1 - Stored Cross Site Scripting Vulnerability

Exploit Title: SnipeIT 6.2.1 - Stored Cross Site Scripting Exploit Author: Shahzaib Ali Khan Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/snipe/snipe-it/releases/tag/v6.2.1 Version: 6.2.1 Tested on: Windows 11 22H2 and Ubuntu 20.04 CVE: CVE-2023-5452 Description:...

5.4CVSS7.4AI score0.00527EPSS
Exploits4
0day.today
0day.todayadded 2024/03/12 12:0 a.m.308 views

Client Details System 1.0 - SQL Injection Vulnerability

Exploit Title: CVE-2023-7137ClientDetailsSystem-SQLInjection1 + Exploit Author: Hamdi Sevben + Vendor Homepage: https://code-projects.org/client-details-system-in-php-with-source-code/ + Software Link: https://download-media.code-projects.org/2020/01/CLIENTDETAILSSYSTEMINPHPWITHSOURCECODE.zip +...

8.8CVSS7.4AI score0.17026EPSS
Exploits4
0day.today
0day.todayadded 2024/03/11 12:0 a.m.263 views

Ladder v0.0.21 - Server-side request forgery Vulnerability

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

7.5CVSS7.2AI score0.02718EPSS
Exploits3
0day.today
0day.todayadded 2024/03/11 12:0 a.m.383 views

Sitecore - Remote Code Execution v8.2 Exploit

!/usr/bin/env python3 Exploit Title: Sitecore - Remote Code Execution v8.2 Exploit Author: abhishek morla Google Dork: N/A Date: 2024-01-08 Vendor Homepage: https://www.sitecore.com/ Software Link: https://dev.sitecore.net/ Version: 10.3 Tested on: windows64bit / mozila firefox CVE : CVE-2023-358...

9.8CVSS9.6AI score0.86685EPSS
Exploits7
0day.today
0day.todayadded 2024/03/11 12:0 a.m.347 views

Numbas < v7.3 - Remote Code Execution Exploit

Exploit Title: Numbas v7.3 - Remote Code Execution Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests, re, argparse, subprocess, time from bs...

6.2CVSS6.6AI score0.10706EPSS
Exploits3
0day.today
0day.todayadded 2024/03/11 12:0 a.m.319 views

DataCube3 v1.0 - Unrestricted file upload Remote Code Execution Exploit

Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Tested on: DataCube3...

9.8CVSS6.7AI score0.2403EPSS
Exploits6
0day.today
0day.todayadded 2024/03/11 12:0 a.m.228 views

Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/11 12:0 a.m.260 views

Akaunting < 3.1.3 - Remote Code Execution Exploit

Exploit Title: Akaunting 3.1.3 - RCE Exploit Author: email protected Vendor Homepage: https://akaunting.com Software Link: https://github.com/akaunting/akaunting Version: = 3.1.3 Tested on: Ubuntu 22.04 CVE : CVE-2024-22836 !/usr/bin/python3 import sys import re import requests import argparse de...

9.8CVSS9.7AI score0.30036EPSS
Exploits3
0day.today
0day.todayadded 2024/03/11 12:0 a.m.286 views

TP-Link TL-WR740N - Buffer Overflow DOS Exploit

Exploit Title: TP-Link TL-WR740N - Buffer Overflow 'DOS' Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N Description: There exist a buffer overflow vulnerability in TP-Link TL-WR74...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/11 12:0 a.m.348 views

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 IDOR Exploit

!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...

7.6CVSS7AI score0.00544EPSS
Exploits5
0day.today
0day.todayadded 2024/03/11 12:0 a.m.359 views

WordPress Hide My WP < 6.2.9 - Unauthenticated SQL injection Vulnerability

Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior Tested on: Hide My WP v6.2.7...

9.8CVSS9.6AI score0.03824EPSS
Exploits5
0day.today
0day.todayadded 2024/03/11 12:0 a.m.373 views

WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

7.5CVSS7.7AI score0.30894EPSS
Exploits5
0day.today
0day.todayadded 2024/03/11 12:0 a.m.329 views

Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit

Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0 Version: Adobe ColdFusion version...

8.6CVSS8.8AI score0.97115EPSS
Exploits13
0day.today
0day.todayadded 2024/03/06 12:0 a.m.385 views

elFinder Web file manager Version - 2.1.53 Remote Command Execution Vulnerability

Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zip Version: 2.1.53...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/06 12:0 a.m.391 views

Artica Proxy 4.50 Unauthenticated PHP Deserialization Vulnerability

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected. Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID:...

9.8CVSS7.9AI score0.8126EPSS
Exploits9
0day.today
0day.todayadded 2024/03/06 12:0 a.m.442 views

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...

7.5CVSS7.2AI score0.44579EPSS
Exploits4
0day.today
0day.todayadded 2024/03/06 12:0 a.m.571 views

Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation Vulnerability

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to...

9.8CVSS7.5AI score0.00933EPSS
Exploits3
0day.today
0day.todayadded 2024/03/06 12:0 a.m.456 views

GL.iNet - Router Authentication Bypass Exploit

DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...

7.2AI score0.00764EPSS
Exploits3
0day.today
0day.todayadded 2024/03/06 12:0 a.m.423 views

Customer Support System 1.0 SQL Injection Vulnerability

Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customersupport/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020. Exploit Title: Customer Support System 1.0 - Multiple SQL injection...

8.8CVSS9AI score0.13754EPSS
Exploits6
0day.today
0day.todayadded 2024/03/06 12:0 a.m.372 views

CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution Exploit

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/06 12:0 a.m.574 views

Artica Proxy 4.50 Loopback Service Disclosure Vulnerability

Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service,...

9.8CVSS7.1AI score0.16711EPSS
Exploits3
0day.today
0day.todayadded 2024/03/06 12:0 a.m.367 views

Customer Support System 1.0 - Multiple SQL injection Vulnerability

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

8.8CVSS8.9AI score0.13754EPSS
Exploits6
0day.today
0day.todayadded 2024/03/05 12:0 a.m.1270 views

XAMPP 5.6.40 SQL Injection Vulnerability

Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/05 12:0 a.m.344 views

Multilaser RE160 Cookie Manipulation Access Bypass Vulnerability

Multilaser RE160 versions 5.07.51ptMTL01 and 5.07.52ptMTL01 suffer from an access control bypass vulnerability through cookie manipulation. =====Tempest Security Intelligence - Security Advisory - CVE-2023-38946======= Access Control Bypass in Multilaser router's Web Management Interface Author:...

9.8CVSS9.4AI score0.00962EPSS
Exploits6
0day.today
0day.todayadded 2024/03/05 12:0 a.m.342 views

Wallos Shell Upload Vulnerability

Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: email protected Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: -----------------------------2925144213...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/05 12:0 a.m.309 views

Saflok System 6000 Key Derivation Exploit

// Exploit Title: Saflok KDF // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGTH 4 int mainint argc, char argv if argc != 2 printf"Usage: %s \n", argv0...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/05 12:0 a.m.318 views

Wordpress Neontext Plugin - Stored XSS Vulnerability

Exploit Title: Wordpress Plugin Neon Text = 1.1 - Stored Cross Site Scripting XSS Exploit Author: Eren Car Vendor Homepage: https://www.eralion.com/ Software Link: https://downloads.wordpress.org/plugin/neon-text.zip Category: Web Application Version: 1.0 Tested on: Debian / WordPress 6.4.1 CVE :...

6.4CVSS5.8AI score0.00524EPSS
Exploits4
0day.today
0day.todayadded 2024/03/05 12:0 a.m.545 views

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition Vulnerability

Exploit Title: kk Star Ratings Extensions Turbo Intruder Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header e.g. "Connection: close %s". 7- Use the code examples/race.py. 8- Click "Attack" at th...

5.9CVSS5.8AI score0.00414EPSS
Exploits5
0day.today
0day.todayadded 2024/03/05 12:0 a.m.288 views

Multilaser RE160V Header Manipulation Access Bypass Vulnerability

Multilaser RE160V web management interface versions 12.03.01.09pt and 12.03.01.10pt suffer from an access control bypass vulnerability through header manipulation. email protected Status: RO Content-Length: 5433 Lines: 153 =====Tempest Security Intelligence - Security Advisory -...

9.8CVSS7.2AI score0.15528EPSS
Exploits3
0day.today
0day.todayadded 2024/03/05 12:0 a.m.478 views

Multilaser RE160V / RE160 URL Manipulation Access Bypass Vulnerability

Multilaser RE160V web management interface versions 12.03.01.08pt and 12.03.01.09pt along with RE160 versions 5.07.51ptMTL01 and 5.07.52ptMTL01 suffer from an access control bypass vulnerability through URL manipulation. =====Tempest Security Intelligence - Security Advisory - CVE-2023-38945=====...

9.8CVSS9.2AI score0.03753EPSS
Exploits8
0day.today
0day.todayadded 2024/03/05 12:0 a.m.443 views

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation Vulnerability

Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...

8.8CVSS7.2AI score0.01137EPSS
Exploits2
0day.today
0day.todayadded 2024/03/05 12:0 a.m.354 views

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

5.4CVSS5.5AI score0.00557EPSS
Exploits4
0day.today
0day.todayadded 2024/03/05 12:0 a.m.324 views

RAD SecFlow-2 Path Traversal Vulnerability

RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 suffer from a directory traversal vulnerability. Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63 CVE: CVE-2019-6268 Exploit Author: Branko Milicevic RAD SecFlow-2 devices with Hardware...

7.5CVSS7.4AI score0.00827EPSS
Exploits2
0day.today
0day.todayadded 2024/03/04 12:0 a.m.280 views

Magento ver. 2.4.6 - XSLT Server Side Injection Vulnerability

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL: https://magento2demo.firebearstudio.com...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.293 views

GL.iNet AR300M v4.3.7 Arbitrary File Read Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

7.5CVSS7.4AI score0.46966EPSS
Exploits4
0day.today
0day.todayadded 2024/03/04 12:0 a.m.334 views

Petrol Pump Management Software v1.0 - (Address) Stored Cross Site Scripting Vulnerability

Exploit Title: Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0 Tested...

6.1CVSS6.3AI score0.01307EPSS
Exploits4
0day.today
0day.todayadded 2024/03/04 12:0 a.m.288 views

Easywall 0.3.1 - Authenticated Remote Command Execution Exploit

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3 urllib3.disablewarnin...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.218 views

Enrollment System v1.0 - SQL Injection Exploit

Exploit Title: Enrollment System v1.0 - SQL Injection Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: Obi08 Vendor Homepage: https://github.com/Obi08/EnrollmentSystem Software Link: https://github.com/Obi08/EnrollmentSystem Version: v1.0 Tested on: Mac OSX, XAMPP, Apache, MySQL...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.263 views

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc Exploit

!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.219 views

TPC-110W - Missing Authentication for Critical Function Exploit

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.361 views

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated) Vulnerability

Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Exploit Author: Alok kumar email protected, Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware Version: v1.0 486A Tested...

4.3CVSS4.7AI score0.00511EPSS
Exploits4
0day.today
0day.todayadded 2024/03/04 12:0 a.m.306 views

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file Vulnerability

Exploit Title: Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0...

6.1CVSS6.3AI score0.01335EPSS
Exploits4
0day.today
0day.todayadded 2024/03/04 12:0 a.m.329 views

Simple Student Attendance System v1.0 Time Based Blind & Union Based SQL Injection Vulnerability

Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html Software Link...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.234 views

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution Exploit

!/usr/bin/env python -- coding: utf-8 -- TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution Vendor: AAF Digital HD Forum | Atelmo GmbH Product web page: http://www.aaf-digital.info | https://www.atemio.de Affected version: Firmware =2.01 Summary: The Atemio AM 520 HD Full HD...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.242 views

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection Vulnerability

Exploit Title: Simple Student Attendance System - Time Based Blind SQL Injection Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.203 views

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure Vulnerability

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.369 views

Real Estate Management System v1.0 - Remote Code Execution via File Upload Vulnerability

Exploit Title: Real Estate Management System v1.0 - Remote Code Execution via File Upload Exploit Author: Diyar Saadi Vendor Homepage: https://codeastro.com Version: V1.0 Tested on: Windows 11 + XAMPP 8.0.30 + Burp Suite Professional v2023.12.1.3 Description This Vulnerability allow the attacker ...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.347 views

Boss Mini 1.4.0 - local file inclusion Exploit

Exploit Title: Boss Mini 1.4.0 - local file inclusion Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import post from...

9.8CVSS7.4AI score0.75206EPSS
Exploits6
0day.today
0day.todayadded 2024/03/04 12:0 a.m.149 views

Windows PowerShell - Event Log Bypass Single Quote Code Execution Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...

7.4AI score
Exploits0
0day.today
0day.todayadded 2024/03/04 12:0 a.m.163 views

Petrol Pump Management Software v.1.0 - SQL Injection Vulnerability

Exploit Title: Petrol Pump Management Software v.1.0 - SQL Injection Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0 Tested on: Windows, Linux CVE...

9.8CVSS7.4AI score0.12946EPSS
Exploits4
Total number of security vulnerabilities39001