Lucene search
K

39001 matches found

0day.today
0day.today
added 2019/11/06 12:0 a.m.54 views

rimbalinux AhadPOS 1.11 - (alamatCustomer) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/rimbalinux/AhadPOS Software Link: https://github.com/rimbalinux/AhadPOS.git Version: 1.11 Tested on: CentOS 7 CVE...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.69 views

WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive Exploit

VULNERABILITY DETAILS bool JSObject::putInlineSlowExecState exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot ASSERT!isThisValueAlteredslot, this; VM& vm = exec-vm; auto scope = DECLARETHROWSCOPEvm; JSObject obj = this; for ;; unsigned attributes; PropertyOffset offset =...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.84 views

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Exploit

On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....

0.7AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.78 views

html5_snmp 1.11 - (Router_ID) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.62 views

html5_snmp 1.11 - (Remark) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: html5snmp 1.11 - 'Remark' Persistent Cross-Site Scripting Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.109 views

SD.NET RIM 4.7.3c - (idtyp) SQL Injection Vulnerability

Exploit for asp platform in category web applications Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlich...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.87 views

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Vulnerability

Exploit for hardware platform in category web applications Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541 Advisory URL:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.133 views

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects Exploit

The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std::removepointer::type::info ../../So...

8.8CVSS8.4AI score0.09621EPSS
Exploits2
0day.today
0day.today
added 2019/11/06 12:0 a.m.186 views

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.59 views

FileOptimizer 14.00.2524 - Denial of Service Exploit

Exploit Title: FileOptimizer 14.00.2524 - Denial of Service PoC Exploit Author: Chase Hatch SYANiDE Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/ Software Link: https://sourceforge.net/projects/nikkhokkho/files/FileOptimizer/14.00.2524/FileOptimizerSetup.exe/download Version:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.77 views

thejshen Globitek CMS 1.4 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.155 views

QNAP NetBak Replicator 4.5.6.0607 - (QVssService) Unquoted Service Path Vulnerability

Exploit Title: QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path Exploit Author: Ivan Marmolejo Vendor Homepage: https://www.qnap.com/en/ Software Link: https://www.qnap.com/en/download Version: 4.5.6.0607 Vulnerability Type: Local Tested on: Windows XP Profesional Español S...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.60 views

thrsrossi Millhouse-Project 1.414 - (content) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting Exploit Author: Cakes Vendor Homepage: https://github.com/thrsrossi/Millhouse-Project Software Link: https://github.com/thrsrossi/Millhouse-Project.gi...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.74 views

Wacom WTabletService 6.6.7-3 - (WTabletServicePro) Unquoted Service Path Vulnerability

Exploit Title: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path Discovery by: Marcos Antonio León psk Discovery Date: 2019-11-04 Vendor Homepage: https://www.wacom.com Software Link : http://cdn.wacom.com/U/drivers/IBMPC/pro/WacomTablet637-3.exe Tested Version: 6.3.7.3...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.56 views

Network Inventory Advisor 5.0.26.0 - (niaservice) Unquoted Service Path Vulnerability

Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path Exploit Author: Samuel DiazL Vendor Homepage: https://www.network-inventory-advisor.com/ Software Link: https://www.network-inventory-advisor.com/download.html Version: 5.0.26.0 Tested on: Microsoft Windows 10...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/11/04 12:0 a.m.112 views

Aida64 6.10.5200 - Buffer Overflow (SEH) Exploit

Exploit Title: Aida64 6.10.5200 - Buffer Overflow SEH Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.aida64.com Software Link: https://www.aida64.com/downloads/OTAwMmVmNTE= Version: AIDA64 Enginner 6.10.5200 Tested on: Windows 7 Home Basic SP1 CVE : N/A Step 1 File - Preferences -...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/11/04 12:0 a.m.182 views

Ayukov NFTP client 1.71 - (SYST) Buffer Overflow Exploit

Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...

9.8CVSS9.5AI score0.60328EPSS
Exploits16
0day.today
0day.today
added 2019/11/04 12:0 a.m.157 views

Launch Manager 6.1.7600.16385 - (DsiWMIService) Unquoted Service Path Vulnerability

Title: Launch Manager 6.1.7600.16385 'DsiWMIService' Unquoted Service Path Author: Gustavo Briseño Vendor Homepage: https://www.acer.com/ Software Link:...

0.8AI score
Exploits0
0day.today
0day.today
added 2019/11/04 12:0 a.m.141 views

OpenVPN Connect 3.0.0.272 - (agent_ovpnconnect) Unquoted Service Path Vulnerability

Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type: Unquoted Service Path Tested on...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/11/04 12:0 a.m.111 views

Apple macOS 10.15.1 - Denial of Service Exploit

Exploit Title: Apple macOS 10.15.1 - Denial of Service PoC Exploit Author: 08Tc3wBB Vendor Homepage: Apple Software Link: Version: Apple macOS msghlocalport, msg1.msghsize, msg4.msghreserved, unsigned intmsg4.msghid, QWORD &msg1.msghreserved, // inputmem1 msg2.msghsize 2, // inputmem1len QWORD...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/03 12:0 a.m.96 views

eIDAS-Node 2.3 Authentication Bypass Exploit

Exploit for multiple platform in category web applications ======================================================================= title: Authentication Bypass product: eIDAS-Node vulnerable version: =v2.3 v2.1 vulnerability 2 fixed version: v2.3.1 CVE number: - impact: critical homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/11/03 12:0 a.m.83 views

Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attack...

7.8CVSS0.6AI score0.07847EPSS
Exploits4
0day.today
0day.today
added 2019/11/02 12:0 a.m.115 views

Microsoft Office 365 / ProPlus 16.0.11929.202.88 docx2docm Protection Bypass Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/11/02 12:0 a.m.182 views

Microsoft Office 365 / ProPlus 16.0.11929.202.88 Remote Code Execution Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/11/01 12:0 a.m.67 views

ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...

Exploits0
0day.today
0day.today
added 2019/11/01 12:0 a.m.50 views

Apache Solr 8.2.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Title: Apache Solr 8.2.0 - Remote Code Execution Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github:...

Exploits0
0day.today
0day.today
added 2019/11/01 12:0 a.m.78 views

OpenVPN Private Tunnel 2.8.4 - (ovpnagent) Unquoted Service Path Vulnerability

Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Vendor Homepage: https://openvpn.net/ Software Link: https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe Version : PrivateTunnel v2.8.4 Tested on: Windows 10 64bitEN CVE : N/A...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/11/01 12:0 a.m.147 views

TheJshen contentManagementSystem 1.04 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Version: 1.04 Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/10/31 12:0 a.m.304 views

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit

Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS installs CVE :...

8.1CVSS7.9AI score0.10274EPSS
Exploits5
0day.today
0day.today
added 2019/10/31 12:0 a.m.73 views

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH) Exploit

Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Exploit Author: Doan Nguyen 4ll4u Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Version: v4.6.1217 Tested on: Windows XP SP3 CVE : N/A Reference from : 1...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/10/31 12:0 a.m.98 views

Wordpress Google Review Slider 6.1 Plugin - (tid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendo...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/10/31 12:0 a.m.202 views

Nostromo 1.9.6 Directory Traversal / Remote Command Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function httpverify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. This module...

9.8CVSS1.2AI score0.99057EPSS
Exploits24
0day.today
0day.today
added 2019/10/30 12:0 a.m.68 views

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)

Title: Linux/x86 NOT|ROT+8 Encoded execve/bin/sh null-free Shellcode 47 bytes Author: Daniel Ortiz Date: 2019-10-30 Tested on: Linux 4.18.0-25-generic 26 Ubuntu Size: 47 bytes SLAE ID: PA-9844 ----------------------- execve ------------------------------------------------ global start section .te...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/10/30 12:0 a.m.148 views

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation Exploit

The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter = whatever: 42; function v2v5 const v10 = Object; if v5 const v1...

8.8CVSS8.2AI score0.06983EPSS
Exploits2
0day.today
0day.today
added 2019/10/30 12:0 a.m.155 views

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version: v4.6.1217 Tested on: Windows 7 x64 Windows XP SP3 1.- Run python code :poc.py 2.-...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/10/30 12:0 a.m.62 views

Ajenti 2.1.31 - Remote Code Exection Exploit

Exploit for jsp platform in category web applications Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/10/30 12:0 a.m.136 views

Citrix StoreFront Server 7.15 - XML External Entity Injection Vulnerability

Exploit for xml platform in category web applications Exploit Title: Citrix StoreFront Server 7.15 - XML External Entity Injection Exploit Author: Vahagn Vardanya Vendor Homepage:https://www.citrix.com/downloads/storefront/ Software Link: https://support.citrix.com/article/CTX251988 Version: Citr...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/10/30 12:0 a.m.86 views

iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure Exploit

Exploit for hardware platform in category web applications Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor: iSeeQ Product web...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/10/29 12:0 a.m.163 views

Microsoft Windows Server 2012 - (Group Policy) Remote Code Execution Exploit

Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and...

8.3CVSS6.5AI score0.2858EPSS
Exploits4
0day.today
0day.today
added 2019/10/29 12:0 a.m.80 views

Intelligent Security System SecurOS Enterprise 10.2 - (SecurosCtrlService) Unquoted Service Path Exp

Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link: https://www.issivs.com/schedule-a-free-demo/trial version for...

0.5AI score
Exploits0
0day.today
0day.today
added 2019/10/29 12:0 a.m.78 views

Microsoft Windows Server 2012 - (Group Policy) Security Feature Bypass Exploit

Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, an...

3.3CVSS6.5AI score0.08074EPSS
Exploits4
0day.today
0day.today
added 2019/10/29 12:0 a.m.103 views

rConfig 3.9.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.2 - Remote Code Execution Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/pyth...

10CVSS9.6AI score0.97702EPSS
Exploits10
0day.today
0day.today
added 2019/10/29 12:0 a.m.115 views

Win10 MailCarrier 2.51 - (POP3 User) Remote Buffer Overflow Exploit

Exploit Title: Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow Author: Lance Biggerstaff Original Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Tested on: Windows 10 Note: Every version of Windows 10 has a different offset ¯\ツ...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/10/29 12:0 a.m.64 views

Wordpress 5.2.4 - Cross-Origin Resource Sharing Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-jso...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/10/29 12:0 a.m.1554 views

PHP-FPM + Nginx - Remote Code Execution Exploit

Exploit for php platform in category web applications PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have...

7.5CVSS0.1AI score0.9947EPSS
Exploits54
0day.today
0day.today
added 2019/10/28 12:0 a.m.125 views

delpino73 Blue-Smiley-Organizer 1.32 - (datetime) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link: https://github.com/delpino73/Blue-Smiley-Organizer.git...

Exploits0
0day.today
0day.today
added 2019/10/28 12:0 a.m.68 views

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - (start) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link:...

Exploits0
0day.today
0day.today
added 2019/10/28 12:0 a.m.60 views

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed Exploit

VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL const if document.page && document.page-subframeCount =...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/10/28 12:0 a.m.54 views

JumpStart 0.6.0.0 - (jswpbapi) Unquoted Service Path Vulnerability

Exploit Title: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path Exploit Author: Roberto Escamilla Vendor Homepage:https://www.inforprograma.net/ Software Link: https://www.inforprograma.net/ Version: = 0.6.0.0 wpspin.exe Tested on: Windows 10 Home CVE : N/A STEPS 1.- Install the JumpStart...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/10/28 12:0 a.m.96 views

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on...

7.1AI score
Exploits0
Total number of security vulnerabilities39001