Lucene search
K

39001 matches found

0day.today
0day.today
added 2019/05/21 12:0 a.m.128 views

Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.258 views

macOS < 10.14.5 / iOS < 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free Exploit

macOS soflags & SOFPCBCLEARING struct ipmoptions imo; struct ip6moptions im6o; inp-inpvflag = 0; if inp-in6poptions != NULL mfreeminp-in6poptions; inp-in6poptions = NULL; // in6poutputopts; // in6proute; // free IPv4 related resources in case of mapped addr if inp-inpoptions != NULL void...

7.8CVSS8.1AI score0.17438EPSS
Exploits6
0day.today
0day.today
added 2019/05/21 12:0 a.m.187 views

Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications I. VULNERABILITY ------------------------- httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. II. CVE REFERENCE ------------------------- CVE-2019-12167 III. VENDOR...

6.4AI score0.01137EPSS
Exploits2
0day.today
0day.today
added 2019/05/21 12:0 a.m.277 views

Freelance Cockpit CRM 3.3.1 SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Freelance Cockpit CRM - SQL Inj. Dork: N/A Date: 17-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.478 views

phpKF 1.10 XSS / CSRF / SQL Injection Vulnerabilities

phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Exploit Title: phpKF - Multi Vulnerabilities XSS , SQLi , CSRF Google Dork: Yazılım: phpKF © 2007-2019 Exploit Author: Ahmethan GULTEKIN @inject0r16 b4 Vendor Homepage:...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.164 views

Oracle CTI Web Service - (EBS_ASSET_HISTORY_OPERATIONS) XML Entity Injection Exploit

Exploit for java platform in category web applications Exploit Title: Oracle CTI Web Service XML Entity Exp. Exploit Author: omurugur Author Web: https://www.justsecnow.com Author Social: @omurugurrr URL : http://10.248.68.188/EBSASSETHISTORYOPERATIONS As can be seen in the following request /...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.131 views

Deluge 1.3.15 - (URL) Denial of Service Exploit

Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7 Service Pack 1 x64 Steps t...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.123 views

TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TL-WR840N v5 00000005 Exploit Author: purnendu ghosh Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Category: Hardware Firmware...

5.2AI score0.01789EPSS
Exploits4
0day.today
0day.today
added 2019/05/21 12:0 a.m.233 views

GAT-Ship Web Module 1.30 Information Disclosure Vulnerability

Exploit for multiple platform in category web applications GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/21 12:0 a.m.279 views

Cisco Expressway Gateway 11.5.1 Directory Traversal Vulnerability

Exploit for hardware platform in category web applications Cisco Expressway Gateway 11.5.1 Directory Traversal Vulnerability Details ======= Product: Cisco Expressway Gateway Affected Versions: 11.5.1, possibly others Fixed Versions: See Cisco Bug ID CSCvo47769 1 Vulnerability Type: Directory...

4CVSS0.5AI score0.03818EPSS
Exploits2
0day.today
0day.today
added 2019/05/21 12:0 a.m.143 views

WordPress WPGraphQL 0.2.3 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications...

7.5AI score0.46614EPSS
Exploits5
0day.today
0day.today
added 2019/05/21 12:0 a.m.225 views

Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

0.2AI score0.01536EPSS
Exploits7
0day.today
0day.today
added 2019/05/21 12:0 a.m.115 views

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit

macOS 10.14.5 / iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its...

8.8CVSS0.3AI score0.08287EPSS
Exploits2
0day.today
0day.today
added 2019/05/21 12:0 a.m.112 views

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment

macOS 10.14.5 / iOS 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds...

8.8CVSS8.3AI score0.07714EPSS
Exploits1
0day.today
0day.today
added 2019/05/21 12:0 a.m.216 views

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT

macOS 13.37; stackspray = ; for let v15 = 0; v15 100; v15++ function v19v23 // This weird loop form might be required to prevent loop unrolling... for let v30 = 0; v30 3; v30 = v30 + "asdf" // Generates the specific CFG necessary to trigger the bug. const v33 = Error != Error; if v33 else // Forc...

8.8CVSS0.1AI score0.08287EPSS
Exploits1
0day.today
0day.today
added 2019/05/21 12:0 a.m.768 views

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution Exploit

Exploit for java platform in category web applications / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X....

4.3CVSS8.1AI score0.07395EPSS
Exploits4
0day.today
0day.today
added 2019/05/20 12:0 a.m.122 views

Solaris 10 1/13 (#Intel) - (dtprintinfo) Local Privilege Escalation Exploit

Exploit for solaris platform in category local exploits / raptordtprintnameintel.c - dtprintinfo 0day, Solaris/Intel Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.69 views

docPrint Pro 8.0 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: Document Converter docPrint Pro v8.0 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.45 views

PCL Converter 2.7 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: VeryPDF PCL Converter v2.7 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/pcltools/pcl-converter.exe Version: 2.7 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.144 views

Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (2) Exploit

Exploit for solaris platform in category local exploits / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability a...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.67 views

BulletProof FTP Server 2019.0.0.50 - (Storage-Path) Denial of Service Exploit

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.44 views

AbsoluteTelnet 10.16 - (License name) Denial of Service Exploit

Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet10.16.exe Tested Version: 10.16 Tested on: Windows 7 Service Pack 1 x...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.204 views

BulletProof FTP Server 2019.0.0.50 - (DNS Address) Denial of Service Exploit

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...

Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.224 views

Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (1) Exploit

Exploit for solaris platform in category local exploits / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.55 views

Encrypt PDF 2.3 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: Encrypt PDF v2.3 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/encryptpdf/encryptpdf.exe Version: 2.3 Tested on: Windows 10 Proof of Concept: 1.- Run the python script "EncryptPDF.py", ...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/20 12:0 a.m.819 views

GetSimpleCMS - Unauthenticated Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GetSimpleCMS Unauthenticated RCE", 'Description' = %q This module exploits a vulnerability found in GetSimpleCMS, which allows unauthenticated...

9.8CVSS0.2AI score0.71598EPSS
Exploits5
0day.today
0day.today
added 2019/05/20 12:0 a.m.678 views

eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8....

9CVSS8.7AI score0.18106EPSS
Exploits3
0day.today
0day.today
added 2019/05/19 12:0 a.m.158 views

Linux/x86-64 - Delete File Shellcode (28 bytes)

;Title: Linux/x8664 - delete ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 28 bytes This shellcode deletes file declared in "fname" ==================ASSEMBLY ======================================== global start section .text start: jmp short file delete: push 87...

Exploits0
0day.today
0day.today
added 2019/05/19 12:0 a.m.79 views

Huawei eSpace 1.1.11.103 - DLL Hijacking Exploit

Exploit for windows platform in category local exploits / Huawei eSpace Desktop DLL Hijacking Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create...

4.4CVSS0.5AI score0.0083EPSS
Exploits4
0day.today
0day.today
added 2019/05/18 12:0 a.m.82 views

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Exploit

Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced...

2.1CVSS6.6AI score0.00641EPSS
Exploits3
0day.today
0day.today
added 2019/05/18 12:0 a.m.232 views

Huawei eSpace Meeting 1.1.11.103 - (cenwpoll.dll) SEH Buffer Overflow (Unicode) Exploit

!/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected application: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpac...

1.9CVSS6.6AI score0.00566EPSS
Exploits4
0day.today
0day.today
added 2019/05/18 12:0 a.m.100 views

Huawei eSpace 1.1.11.103 - (ContactsCtrl.dll) / (eSpaceStatusCtrl.dll) ActiveX Heap Overflow Exploit

Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC eSpace UC V200R002C02 Summary: Create...

2.1CVSS6.6AI score0.00668EPSS
Exploits4
0day.today
0day.today
added 2019/05/17 12:0 a.m.45 views

Sandboxie 5.30 - (Programs Alerts) Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: Sandboxie 5.30 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.sandboxie.com Software https://www.sandboxie.com/SandboxieInstall.exe Version: 5.30 Tested on: Windows 10 Proof of Concept: 1.- Run the python script 'Sandboxie.py', it...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/17 12:0 a.m.42 views

CEWE Photoshow 6.4.3 - (Password) Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: CEWE PHOTO SHOW 6.4.3 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of Concept: 1.- Run the pytho...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/17 12:0 a.m.49 views

CEWE Photo Importer 6.4.3 - (.jpg) Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: CEWE PHOTO IMPORTER 6.4.3 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of Concept: 1.- Run the...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/17 12:0 a.m.199 views

Iperius Backup 6.1.0 - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/05/17 12:0 a.m.88 views

Interspire Email Marketer 6.20 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach...

6.5CVSS8.7AI score0.05993EPSS
Exploits4
0day.today
0day.today
added 2019/05/16 12:0 a.m.36 views

ZOC Terminal v7.23.4 - (Private key file) Denial of Service Exploit

Exploit Title: ZOC Terminal v7.23.4 - 'Private key file' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/05/16 12:0 a.m.28 views

ZOC Terminal v7.23.4 - (Shell) Denial of Service Exploit

Exploit Title: ZOC Terminal v7.23.4 - 'Shell' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.-...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/05/16 12:0 a.m.229 views

SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service Exploit

!/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD package version: 2.38.0 Summary: Substation communications networks...

7.5CVSS7.6AI score0.07819EPSS
Exploits2
0day.today
0day.today
added 2019/05/16 12:0 a.m.93 views

Axessh 4.2 - (Log file name) Denial of Service Exploit

Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on: Windows 7 Service Pack 1 x32 Steps to produce the crash: 1.- Run python code:...

Exploits0
0day.today
0day.today
added 2019/05/16 12:0 a.m.170 views

JetAudio jetCast Server 2.0 - (Log Directory) Local SEH Alphanumeric Encoded Buffer Overflow Exploit

Exploit for windows platform in category local exploits Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...

7.2AI score
Exploits0
0day.today
0day.today
added 2019/05/16 12:0 a.m.45 views

ZOC Terminal 7.23.4 - (Script) Denial of Service Exploit

Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1....

0.3AI score
Exploits0
0day.today
0day.today
added 2019/05/16 12:0 a.m.146 views

WeChat for Android 7.0.4 - vcodec2_hls_filter Denial of Service Exploit

Exploit Title: DoS Wechat with an emoji Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0.4 Tested on: Android 9.0 CVE : CVE-2019-11419 Description: vcodec2hlsfilter in...

5.5CVSS5.6AI score0.04025EPSS
Exploits4
0day.today
0day.today
added 2019/05/16 12:0 a.m.180 views

VMware Workstation 15.1.0 - DLL Hijacking Exploit

Exploit for windows platform in category local exploits --------------------------------------------------------- Title: VMware Workstation DLL hijacking DLLIMPORT void SHGetFolderPathW MessageBox0, "s1kr10s", "VMWare-Poc", MBICONINFORMATION; exit0; --------------------------...

9.3CVSS0.5AI score0.0903EPSS
Exploits4
0day.today
0day.today
added 2019/05/16 12:0 a.m.168 views

DeepSound 1.0.4 - SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: DeepSound 1.0.4 - SQL Inj. Dork: N/A Date: 15-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/05/15 12:0 a.m.174 views

Schneider Electric U.Motion Builder 1.3.4 Command Injection Vulnerability

Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in trackimportexport.php. 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injectio...

0.4AI score0.72486EPSS
Exploits6
0day.today
0day.today
added 2019/05/15 12:0 a.m.304 views

PHP-Fusion 9.03.00 Remote Code Execution Exploit

This Metasploit module exploits a command execution vulnerability in PHP-Fusion versions 9.03.00 and below. It is possible to execute commands in the system with ordinary user authority. This module requires Metasploit: https://metasploit.com/download Current source:...

0.7AI score
Exploits0
0day.today
0day.today
added 2019/05/15 12:0 a.m.279 views

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit for php platform in category web applications input type="hidden" name="password2" value="newpass1...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/05/15 12:0 a.m.99 views

CommSy 8.6.5 - SQL injection Vulnerability

Exploit for php platform in category web applications Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security...

7.5AI score0.02031EPSS
Exploits4
Total number of security vulnerabilities39001