39001 matches found
Prima Access Control 2.3.35 - (HwName) Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Optergy 2.3.0a - Username Disclosure Vulnerability
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee...
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 5708.4564: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
Atlassian Confluence 6.15.1 - Directory Traversal Vulnerability
Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on:...
Wondershare Application Framework Service 2.4.3.231 - (WsAppService) Unquote Service Path
Exploit Title: Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path Exploit Author: chuyreds Vendor Homepage: https://www.wondershare.com/ Software Link: https://www.wondershare.com/drfone/ Version: 2.4.3.231 Tested on: Windows 10 Home Single Language CVE : N/...
CBAS-Web 19.0.0 - (id) Boolean-based Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Optergy 2.3.0a - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...
CBAS-Web 19.0.0 - Information Disclosure Vulnerability
Exploit Title: CBAS-Web 19.0.0 - Information Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested on: NA CVE : CVE-2019-10849 Advisory:...
Wondershare Application Framework Service - (WsAppService) Unquote Service Path Vulnerability
Exploit Title: Wondershare Application Framework Service - "WsAppService" Unquote Service Path Exploit Author: chuyreds Vendor Homepage: https://www.wondershare.com/ Software Link: https://www.wondershare.com/drfone/ Version: 2.4.3.231 Tested on: Windows 10 Home Single Language CVE : N/A Service...
FlexAir Access Control 2.3.35 - Authentication Bypass Exploit
Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Bematech Printer MP-4200 - Denial of Service Vulnerability
Exploit Title: Bematech Printer MP-4200 - Denial of Service Exploit Author: Jonatas Fil Vendor Homepage: https://www.bematech.com.br/ Software Link: https://www.bematech.com.br/produto/mp-4200-th/ Version: MP-4200 TH Tested on: Windows and Linux CVE : N/A DoS Poc:...
Acronis True Image OEM 19.0.5128 - (afcdpsrv) Unquoted Service Path Vulnerability
Exploit Title: Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Author: Alejandra Sánchez Vendor Homepage: https://www.acronis.com Software: ftp://supportdownload:email protected/AcronisTrueImageOEM5128.exe Version: 19.0.5128 Tested on: Windows 10 Description: Acronis True Imag...
CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Cross-Site Request Forgery Add Super Admin Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
CBAS-Web 19.0.0 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0...
eMerge E3 1.00-06 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested...
Optergy 2.3.0a - Remote Code Execution (Backdoor) Exploit
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl =...
eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit
Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE : CVE-2019-7265 Advisory:...
Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/' input type="hidden" name...
Prima Access Control 2.3.35 - Arbitrary File Upload Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Prima Access Control 2.3.35 - Arbitrary File Upload Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Adrenalin Core HCM 5.4.0 - (ReportID) Reflected Cross-Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting Exploit Author: Rishu Ranjan Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version: 5.4.0 REQUIRED Tested...
eMerge E3 1.00-06 - Privilege Escalation Vulnerability
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested o...
eMerge E3 1.00-06 - Unauthenticated Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Unauthenticated Directory Traversal Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...
eMerge E3 1.00-06 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06...
iOS IOUSBDeviceFamily 12.4.1 - (IOInterruptEventSource) Heap Corruption Exploit
Exploit Title: iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption PoC Date: 2019-10-29 Exploit Author: Sem Voigtlander, Joshua Hill and Raz Mashat Vendor Homepage: https://apple.com/ Software Link: https://support.apple.com/en-hk/HT210606 Version: iOS 13 Tested on: iOS 12.4.1...
FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
RTK IIS Codec Service 6.4.10041.133 - (RtkI2SCodec) Unquote Service Path Vulnerability
Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Exploit Author: chuyreds Vendor Homepage:https://www.realtek.com/en/ Software Link: https://support.hp.com/mx-es/drivers/selfservice/hp-spectre-13-4000-x360-convertible-pc/7527520/model/7835502?sku=K8N38LA...
Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH) Exploit
Exploit Title: Control Center PRO 6.2.9 - Local Stack Based BufferOverflow SEH Exploit Author: Samir sanchez garnica @sasaga92 Vendor Homepage: http://www.webgateinc.com/wgi/eng/products/list.php?ecidx1=P610 Software Link:...
eMerge E3 1.00-06 - (layout) Reflected Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Versio...
Alps Pointing-device Controller 8.1202.1711.04 - (ApHidMonitorService) Unquoted Service Path
Exploit Title: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path Date: 2019-11-12 Exploit Author: Mario Rodriguez Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1202.1711.04 Tested on: Windows 10 Home x64 Spani...
Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link: https://primasystems.eu/flexair-access-control/ Version: 2.3.38 Tested on: ...
Computrols CBAS-Web 19.0.0 - (username) Reflected Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Atlassian Confluence 6.15.1 - Directory Traversal Exploit
Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows ...
Microsoft Edge 44.18362.449.0 - Denial Of Service Exploit
function blah var buff = '\x41'; var buffer = buff.repeat600000000; document.writebuffer;...
Joomla 3.9.13 - (Host) Header Injection Exploit
Exploit for php platform in category web applications 0day.today 2019-12-04...
eMerge E3 1.00-06 - Arbitrary File Upload Exploit
Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested...
Alps HID Monitor Service 8.1.0.10 - (ApHidMonitorService) Unquote Service Path Vulnerability
Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single Language x64 Esp Ste...
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Str
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 88e4.30f4: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API. One of the classes that is allowed to be decoded from the incoming data is NSDictionary. However, due to the logic of NSUnarchiver, all subclasses of NSDictionary that also implement secu...
XML Notepad 2.8.0.4 - XML External Entity Injection Exploit
Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4 Tested on: Windows 10 Pro CVE : N/A Step 1 File - Open - .xml Exploi...
_GCafé 3.0 - (gbClienService) Unquoted Service Path Vulnerability
Exploit Title: GCafé 3.0 - 'gbClienService' Unquoted Service Path Exploit Author: Doan Nguyen 4ll4u Vendor Homepage: https://gcafe.vn/ Software Link: https://gcafe.vn/post/view?slug=gcafe-3.0 Version: v3.0 Tested on: Windows 7, Win 10, WinXP CVE : N/A Description: GCafé 3.0 - Internet Cafe is a...
Getsup 3.1.46 XSS Vulnerability
Exploit for php platform in category web applications Title: Getsup 3.1.46 Version 3.1 patch 46 All vers affected Author: @Eawhitehat - Eren Arslan Vendor: https://gestsup.fr/ Demo available : https://demo.gestsup.fr/ User: admin Password: admin Software Link:...
rConfig - install Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig install Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in rConfig version...
Nextcloud 17 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...
Android Janus - APK Signature Bypass Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...
Jenkins build-metrics plugin 1.3 - (label) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 and below Tested on: Debi...
Adive Framework 2.0.7 - Privilege Escalation Exploit
Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.7 - Privilege Escalation Exploit Author: Pablo Santiago Vendor Homepage: https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Windows 10 CVE :...
SolarWinds Kiwi Syslog Server 8.3.52 - (Kiwi Syslog Server) Unquoted Service Path Vulnerability
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional Service Pack 3...
Adaware Web Companion version 4.8.2078.3950 - (WCAssistantService) Unquoted Service Path
Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/ Software Link: https://webcompanion.com/en/ Version: Adaware Web Companion version 4.8.2078.3950 Tested on:...
Getsup 3.1.45 - Multiple XSS Vulnerability
Usage Info Multiple XSS - Getsup ticketing - XSS 1 : Connect to panel Getsup, Go to yours tickets - All states - Paste your payload on "Number" or "Title" form and press Enter for execute - XSS 2 : Connect to panel Getsup, Go to All tickets - All states - Paste your payload on "Number" or "Title"...
Blue Stacks App Player 2.4.44.62.57 - (BstHdLogRotatorSvc) Unquote Service Path Vulnerability
Exploit Title: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path Exploit Author: Diego Armando Buztamante Rico Vendor Homepage: www.bluestacks.com Software Link: www.bluestacks.com Version: 2.4.44.62.57 Tested on: Windows 8.1 Pro CVE: NA Description Blue Stacks is an...