Lucene search
K

39001 matches found

0day.today
0day.today
added 2019/12/17 12:0 a.m.94 views

Bash Profile Persistence Exploit

This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callbac...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/12/17 12:0 a.m.165 views

Serv-U FTP Server 15.1.7 CSV Injection Vulnerability

Exploit for windows platform in category web applications Issue: Serv-U FTP Server 15.1.7 CSV Injection Vulnerability CVE: CVE-2019-13181 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv-U 15.1.7 Hotfix 2...

6.6AI score0.03233EPSS
Exploits2
0day.today
0day.today
added 2019/12/17 12:0 a.m.138 views

Metasploit Sample Webapp Exploit

Exploit for python platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit module could be written to exploit a bug in an arbitrary web server cla...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/17 12:0 a.m.134 views

Netgear R6400 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Netgear R6400 - Remote Code Execution Exploit Author: Kevin Randall CVE: CVE-2016-6277 Vendor Homepage: https://www.netgear.com/ Category: Hardware Version: V1.0.7.21.1.93 PoC !/usr/bin/python import urllib2 IPADDR =...

9.3CVSS8.7AI score0.99781EPSS
Exploits8
0day.today
0day.today
added 2019/12/17 12:0 a.m.166 views

Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure Vulnerabilities

Exploit for php platform in category web applications Introduction ============ ZX Security identified several vulnerabilities the Squiz Matrix CMS that can be chained together to gain pre-authenticated remote code execution in some circumstances. Affected Versions ================= The issues in...

8AI score0.048EPSS
Exploits4
0day.today
0day.today
added 2019/12/17 12:0 a.m.229 views

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel

Linux 5.3 - Privilege Escalation via iouring Offload of sendmsg onto Kernel Thread with Kernel Creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG...

7.8CVSS1AI score0.01087EPSS
Exploits2
0day.today
0day.today
added 2019/12/17 12:0 a.m.127 views

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title : CWP Control Web Panel phpMyAdmin password access Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only...

6.6AI score0.01411EPSS
Exploits4
0day.today
0day.today
added 2019/12/16 12:0 a.m.234 views

D-Link DIR-615 - Privilege Escalation Vulnerability

Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 - Privilege Escalation Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmwa...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/12/14 12:0 a.m.250 views

FTP Commander Pro 8.03 - Local Stack Overflow Exploit

Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/14 12:0 a.m.363 views

Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing Vulnerability

David Haintz ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact: High homepage:...

Exploits0
0day.today
0day.today
added 2019/12/14 12:0 a.m.1857 views

NVMS 1000 - Directory Traversal Vulnerability

Exploit for hardware platform in category web applications Title: NVMS-1000 - Directory Traversal Author: Numan Türle Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html POC --------- GET /../../../../../../../../../../../../windows/win.ini...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/14 12:0 a.m.453 views

Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability

Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...

0.2AI score0.11617EPSS
Exploits5
0day.today
0day.today
added 2019/12/12 12:0 a.m.332 views

Bullwark Momentum Series JAWS 1.0 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link :...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/12 12:0 a.m.7001 views

OpenNetAdmin 18.1.1 - Command Injection Exploit #RCE

Exploit for php platform in category web applications class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit modul...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/12/12 12:0 a.m.745 views

Lenovo Power Management Driver 1.67.17.48 - (pmdrvs.sys) Denial of Service Exploit

Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service PoC Exploit Author: Nassim Asrir CVE: CVE-2019-6192 Tested On: Windows 1064bit | ThinkPad T470p Vendor : https://www.lenovo.com/us/en/ Ref : https://support.lenovo.com/us/fr/solutions/len-29334 Description A...

4.4CVSS0.01742EPSS
Exploits5
0day.today
0day.today
added 2019/12/11 12:0 a.m.257 views

Product Key Explorer 4.2.0.0 - (Key) Denial of Service Exploit

Exploit Title: Product Key Explorer 4.2.0.0 - 'Key' Denial of Service POC Discovery by: SajjadBnd Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service DoS Local Tested ...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/12/11 12:0 a.m.238 views

Product Key Explorer 4.2.0.0 - (Name) Denial of Service Exploit

Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service POC Discovery by: SajjadBnd Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service DoS Local Tested...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/11 12:0 a.m.262 views

Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Author: LiquidWorm Product web page: https://www.inim.biz Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/11 12:0 a.m.348 views

vBulletin 5.5.4 Remote Command Execution Exploit #RCE

This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfigcode parameter in an ajax/render/widgetphp routestring POST request. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS0.7AI score0.99728EPSS
Exploits27
0day.today
0day.today
added 2019/12/11 12:0 a.m.438 views

Apache Olingo OData 4.0 - XML External Entity Injection Exploit

Exploit for java platform in category web applications Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock email protected Date:...

5.5AI score0.12245EPSS
Exploits5
0day.today
0day.today
added 2019/12/11 12:0 a.m.294 views

Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Vulnerabilit

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Product web page: https://www.inim.biz Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/11 12:0 a.m.680 views

Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font Exploit

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=707779e0...

9.8CVSS9.6AI score0.34676EPSS
Exploits3
0day.today
0day.today
added 2019/12/11 12:0 a.m.291 views

Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Product web page: https://www.inim.biz Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.248 views

Alcatel-Lucent Omnivista 8770 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Alcatel-Lucent Omnivista 8770 - Remote Code Execution Google Dork: inurl:php-bin/webclient.php Author: 0x1911 Vendor Homepage: https://www.al-enterprise.com/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.212 views

Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title : Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Exploit Author : omurugur Software link: https://www.oracle.com/tr/applications/siebel/ Effective version : Oracle Siebel Sales 8.1 CVE: N/A Examples Request; POST...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.247 views

Microsoft Windows - Multiple UAC Protection Bypass Exploit

Windows 10 UAC bypass for all executable files which are autoelevate true. https://heynowyouseeme.blogspot.com/2019/08/windows-10-lpe-uac-bypass-in-windows.html Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47753.zip...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.230 views

PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.websitem.biz/hazir-site/pro-7070-hazir-mobil-tablet-uyumlu-web-sitesi Tested on: Kali Linux Version...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.454 views

Microsoft Windows - WSReset UAC Protection Bypass (Registry) Exploit

Fileless UAC bypass WSReset.exe @404death base on : https://www.activecyber.us/activelabs/windows-uac-bypass EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47754.zip import sys, os from ctypes import import winreg CMD =...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.334 views

Omron PLC 1.0.0 - Denial of Service Exploit

Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE : n/a !usr/bin/python...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.2176 views

Microsoft Windows 10 - WSReset UAC Protection Bypass (propsys.dll) Exploit

// ref : https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e include // uac bypass via wsreset.exe // @404death // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47755.zip int main printf"\n+ Run First...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.207 views

SpotAuditor 5.3.2 - Base64 Local Buffer Overflow (SEH) Exploit

Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested Windows 7 SP1 x86...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.224 views

Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/09 12:0 a.m.568 views

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13...

10CVSS0.3AI score0.55874EPSS
Exploits15
0day.today
0day.today
added 2019/12/08 12:0 a.m.430 views

SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability #ByPass

SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are...

0.9AI score0.06039EPSS
Exploits6
0day.today
0day.today
added 2019/12/08 12:0 a.m.362 views

SiteVision 4.x / 5.x Remote Code Execution Exploit #RCE

Exploit for jsp platform in category web applications SiteVision Remote Code Execution CVE-2019-12733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12733 https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/ Summary Attackers may...

8.7AI score0.06039EPSS
Exploits6
0day.today
0day.today
added 2019/12/08 12:0 a.m.2530 views

OkayCMS 2.3.4 Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications Unauthenticated remote code execution in OkayCMS Overview Target: OkayCMS Vendor: OkayCMS Version: all versions including 2.3.4 CVE: CVE-2019-16885 Accessibility: Local Severity: Critical Author: Wolfgang Hotwagner AIT Austrian Institute of...

9.2AI score0.046EPSS
Exploits3
0day.today
0day.today
added 2019/12/06 12:0 a.m.395 views

Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit

Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro 2.2.0.9026 / Home 2.0.0.9021 Tested on: Windows XP / Win7 / Win10 CVE:...

9.8CVSS0.6AI score0.10746EPSS
Exploits5
0day.today
0day.today
added 2019/12/06 12:0 a.m.367 views

Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit

Exploit Title: Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Author : Peter Lapp Vendor Homepage : https://www.trendmicro.com/enus/business.html Link Software : https://help.deepsecurity.trendmicro.com/software.html?regs=NABU&prodid=1716 Tested on OS: v11.0.582 and...

7.1CVSS0.01311EPSS
Exploits4
0day.today
0day.today
added 2019/12/06 12:0 a.m.268 views

BeeGFS 7.1.3 Privilege Escalation Vulnerability

============================================ BeeGFS Privilege Escalation CVE-2019-15897 ============================================ Software: BeeGFS Affected Versions: All versions upto and including 7.1.3 Vendor: ThinkparQ CVE: CVE-2019-15897 Severity: CVSS 9.6 Critical...

9.6CVSS0.7AI score0.03045EPSS
Exploits1
0day.today
0day.today
added 2019/12/06 12:0 a.m.852 views

Verot 2.0.3 - Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85";...

0.1AI score0.26184EPSS
Exploits7
0day.today
0day.today
added 2019/12/06 12:0 a.m.418 views

Yachtcontrol 2019-10-06 Remote Code Execution Exploit #RCE

Exploit for windows platform in category remote exploits Exploit Title: Yachtcontrol Webapplication - Unauthenticated Remote Code Execution Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Software Link: http://download.yachtcontrol.nl/klant/Software/ &...

9.7AI score0.58879EPSS
Exploits3
0day.today
0day.today
added 2019/12/05 12:0 a.m.361 views

Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Exploit #RCE

Exploit for windows platform in category web applications Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Author: Peter Lapp Vendor:...

7.5CVSS0.5AI score0.20391EPSS
Exploits6
0day.today
0day.today
added 2019/12/05 12:0 a.m.714 views

YouPHPTube 7.7 SQL Injection Vulnerability

Exploit for php platform in category web applications ---------------------------------------------------------------- YouPHPTube = 7.7 getChat.json.php SQL Injection Vulnerability ---------------------------------------------------------------- - Software Link: https://www.youphptube.com -...

7.5CVSS0.02314EPSS
Exploits2
0day.today
0day.today
added 2019/12/04 12:0 a.m.267 views

OwnCloud 8.1.8 - Username Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: OwnCloud 8.1.8 - Username Disclosure Exploit Author : Daniel Moreno Vendor Homepage : https://owncloud.org/ Link Software : https://ftp.icm.edu.pl/packages/owncloud/ old version. Download at your own risk Tested on OS: CentOS Po...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/12/04 12:0 a.m.248 views

Online Clinic Management System 2.2 - HTML Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Clinic Management System 2.2 - HTML Injection Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/12/04 12:0 a.m.288 views

Cisco WLC 2504 8.9 - Denial of Service Exploit

Exploit Title: Cisco WLC 2504 8.9 - Denial of Service PoC Exploit Author: SecuNinja Vendor Homepage: cisco.com Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos Version: 8.4 to 8.9 Tested on: not applicable, works independent from OS CV...

6.5CVSS6.6AI score0.46305EPSS
Exploits5
0day.today
0day.today
added 2019/12/04 12:0 a.m.1023 views

SSDWLAB 6.1 - Authentication #Bypass Vulnerability

Exploit for asp platform in category web applications Exploit Title: SSDWLAB 6.1 - Authentication Bypass Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/12/04 12:0 a.m.195 views

Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit

Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/12/03 12:0 a.m.202 views

Ajenti 2.1.31 Command Injection Exploit

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned. This module requires Metasploit: https://metasploit.com/download Current source:...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/12/03 12:0 a.m.159 views

Online Invoicing System 2.6 - (description) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link :...

7.1AI score
Exploits0
Total number of security vulnerabilities39001