Lucene search
K

39001 matches found

0day.today
0day.today
added 2019/03/05 12:0 a.m.1835 views

Snapchat takeover any account 0day Exploit

Exploit can reset any Snapchat account...

1.8AI score
Exploits0
0day.today
0day.today
added 2019/03/04 12:0 a.m.37 views

Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Exploit

Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...

Exploits0
0day.today
0day.today
added 2019/03/04 12:0 a.m.48 views

Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications...

1.7AI score0.01122EPSS
Exploits5
0day.today
0day.today
added 2019/03/04 12:0 a.m.128 views

Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Remote code execution in Raisecom xpon Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: https://www.raisecom.com Software Link: https://www.raisecom.com/products/xpon Version:...

7.7AI score0.12168EPSS
Exploits7
0day.today
0day.today
added 2019/03/04 12:0 a.m.57 views

MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal Exploit

Exploit for windows platform in category web applications !/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By defaul...

7.6AI score0.14215EPSS
Exploits3
0day.today
0day.today
added 2019/03/04 12:0 a.m.102 views

Apache UNO API Remote Code Execution Vulnerability

When Apache OpenOffice and LibreOffice are spawn as an office server, they bind an Apache UNO API that allows for remote code execution. Dear reader, I am not sure if I am contacting through the right email address but someone said I should e-mail you guys. I found an RCE functionality in the...

0.5AI score
Exploits0
0day.today
0day.today
added 2019/03/04 12:0 a.m.27 views

WordPress Cerber Security Antispam & Malware Scan 8.0 Plugin - Multiple Bypass Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son...

Exploits0
0day.today
0day.today
added 2019/03/04 12:0 a.m.66 views

Craft CMS 3.1.12 Pro - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro Vulernabilit...

0.02591EPSS
Exploits5
0day.today
0day.today
added 2019/03/04 12:0 a.m.247 views

Booked Scheduler 2.7.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Booked Scheduler v2.7.5 - Remote Command Execution', 'Description' = %q This module exploits...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/03/04 12:0 a.m.94 views

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

/ Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 / / author @0x4142 = Fahad Aid Alharbi cve-2019-0539 Getting Read ...

7.5CVSS0.5AI score0.82902EPSS
Exploits8
0day.today
0day.today
added 2019/03/04 12:0 a.m.48 views

Bolt CMS 3.6.4 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-si...

0.1AI score0.01751EPSS
Exploits5
0day.today
0day.today
added 2019/03/04 12:0 a.m.318 views

elFinder 2.1.47 - Command Injection vulnerability in the PHP connector Exploit

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data =...

7.5CVSS0.96633EPSS
Exploits11
0day.today
0day.today
added 2019/03/04 12:0 a.m.103 views

zzzphp CMS 1.6.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link:...

10CVSS0.97419EPSS
Exploits13
0day.today
0day.today
added 2019/03/02 12:0 a.m.30 views

macOS XNU - Copy-on-Write Behavior #Bypass via Mount of User-Owned Filesystem Image Exploit

XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.89 views

Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation Exploit

Exploit for windows platform in category local exploits Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisory ID: CORE-2018-0012 Advisory URL:...

8.2AI score0.10759EPSS
Exploits5
0day.today
0day.today
added 2019/03/02 12:0 a.m.54 views

FileZilla 3.40.0 Denial Of Service Exploit

Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service PoC Discovery by: Mr Winst0n Vendor Homepage: https://filezilla-project.org Software Link : https://filezilla-project.org/download.php?type=client&showall=1 Tested Version: 3.40.0 Tested on: Kali linux x8664 Vulnerability Type:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.19 views

tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Exploit

tcpdump 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Exploit Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump sourc...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.58 views

Google Chrome < M72 - FileWriterImpl Use-After-Free Exploit

Google Chrome GetBlobDataFromBlobPtr std::moveblob, base::BindOnce&FileWriterImpl::DoWrite, base::Unretainedthis, std::movecallback, position; Note that the last argument to GetBlobDataFromBlobPtr is a callback object bound to base::Unretainedthis. And the implementation of GetBlobDataFromBlobPtr...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.74 views

Google Chrome < M72 - PaymentRequest Service Use-After-Free Exploit

Google Chrome M72 - PaymentRequest Service Use-After-Free Exploit There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the ca...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.28 views

CMSsite 1.0 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link :...

Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.37 views

OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: http://zsoft.com.bd/ Software Link :...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.87 views

Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module Exploit

Linux 1 return -ENOTSUPP; return 1; int snmphelpervoid context, sizet hdrlen, unsigned char tag, const void data, sizet datalen struct snmpctx ctx = struct snmpctx context; be32 pdata = be32 data; if pdata == ctx-from prdebug"%s: %pI4 to %pI4\n", func, void &ctx-from, void &ctx-to; if ctx-check...

7.8CVSS7.8AI score0.01092EPSS
Exploits2
0day.today
0day.today
added 2019/03/02 12:0 a.m.75 views

Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.62 views

Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost

Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.45 views

Usermin 1.750 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.80 views

WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service Exploit

Exploit Title: Buffer overflow Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375 References: https://nvd.nist.gov/vuln/detail/CVE-2019-8375...

9.8CVSS9.5AI score0.16113EPSS
Exploits4
0day.today
0day.today
added 2019/02/28 12:0 a.m.21 views

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.22 views

TransMac 12.3 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.acutesystems.com/ Software Link: https://www.acutesystems.com/tmac/tmsetup.exe Version: 12.3 Tested on: Windows 10 Proof of Concept: 1.- Run the python...

0.5AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.67 views

Feng Office 3.7.0.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.28 views

Simple Online Hotel Reservation System - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.48 views

FTP Server 1.32 - Denial of Service Exploit

!/usr/bin/env python coding: utf-8 Author: Marcelo Vázquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo Vázquez aka s4vitar Vendor: The Olive Tree Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.29 views

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...

Exploits0
0day.today
0day.today
added 2019/02/28 12:0 a.m.71 views

Joomla J2Store < 3.3.7 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: J2Store Plugin for Joomla! 3.3.6 - SQL Injection Author: Andrei Conache Twitter: @andreiconache Contact: andrei.conacheatprotonmail.com Software Link: https://www.j2store.org Version: 3.x-3.3.6 Tested on: Linux CVE: CVE-2019-918...

7.5CVSS0.1AI score0.0898EPSS
Exploits5
0day.today
0day.today
added 2019/02/26 12:0 a.m.66 views

Linux SNMP NAT Module Out-Of-Bounds Read/Write Exploit

Linux: out-of-bounds read and write in SNMP NAT module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/02/26 12:0 a.m.57 views

RavenDB 4.1.4 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: RavenDB 4.1.4 | Multiple Vulnerabilities Exploit Author: Ozer Goker Vendor Homepage: https://ravendb.net Software Link: https://ravendb.net/download Version: 4.1.4 Introduction Hibernating Rhinos, a global provider of database...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/02/25 12:0 a.m.96 views

Drupal < 8.6.9 - REST Module Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...

6.8CVSS8.3AI score0.91919EPSS
Exploits22
0day.today
0day.today
added 2019/02/25 12:0 a.m.99 views

Xlight FTP Server 3.9.1 - Buffer Overflow Exploit

Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1 Tested on: Windows XP CVE : N/A POC:!/usr/bin/python Vulnerable Software: Xlight F...

Exploits0
0day.today
0day.today
added 2019/02/25 12:0 a.m.118 views

zzzphp CMS 1.6.1 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zi...

7.5CVSS0.1AI score0.31421EPSS
Exploits8
0day.today
0day.today
added 2019/02/25 12:0 a.m.27 views

PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Lin...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/02/25 12:0 a.m.85 views

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution Exploit

Exploit for java platform in category web applications !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49,...

9AI score0.98428EPSS
Exploits18
0day.today
0day.today
added 2019/02/24 12:0 a.m.140 views

News Website Script 2.0.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/02/24 12:0 a.m.25 views

Advance Gift Shop Pro Script 2.0.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 21, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...

0.7AI score
Exploits0
0day.today
0day.today
added 2019/02/24 12:0 a.m.192 views

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution Vulnerability

Exploit for php platform in category web applications Drupal FALSE; instead of the standard unserialize$values'options';. As for all FieldItemBase subclasses, LinkItem references a property type. Shortcut uses this property type, for a property named link. Triggering the unserialize Having all...

6.8CVSS0.1AI score0.91919EPSS
Exploits22
0day.today
0day.today
added 2019/02/22 12:0 a.m.62 views

Quest NetVault Backup Server < 11.4.5 - SQL Injection / Remote Code Execution Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 C...

7.5CVSS9.3AI score0.10001EPSS
Exploits5
0day.today
0day.today
added 2019/02/21 12:0 a.m.34 views

Memu Play 6.0.7 - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7...

7.2AI score
Exploits0
0day.today
0day.today
added 2019/02/21 12:0 a.m.358 views

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

MikroTik RouterOS 6.43.12 stable / 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack ca...

7.5CVSS0.5AI score0.15697EPSS
Exploits4
0day.today
0day.today
added 2019/02/21 12:0 a.m.63 views

Nuuo Central Management SQL Injection Exploit

The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xpcmdshell can be enabled and abused to achieve code execution. This module will...

8.8CVSS0.6AI score0.60791EPSS
Exploits5
0day.today
0day.today
added 2019/02/21 12:0 a.m.38 views

Advanced Comment System 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 0day.today 2019-03-09...

0.1AI score0.01416EPSS
Exploits3
0day.today
0day.today
added 2019/02/21 12:0 a.m.15 views

EI-Tube 3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP EI-Tube Script - Sql Injection Exploit Author: Meisam Monsef - email protected Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks :...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/02/21 12:0 a.m.50 views

VertrigoServ 2.17 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications alert1 3. Solution: The product is discontinued. Update last version -- 0day.today 2019-03-09...

6.4AI score0.01516EPSS
Exploits3
Total number of security vulnerabilities39001