Lucene search
K

39001 matches found

0day.today
0day.today
added 2019/01/09 12:0 a.m.41 views

Ampache 3.8.6 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6 Information -------------------- Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting in Ampache 3.8.6 Affected Software: Ampache Affected Versions: 3.8.6...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/09 12:0 a.m.40 views

MDwiki < 0.6.2 - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications MDwiki 0.6.2 - Cross-Site Scripting Vulnerability Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwi...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/09 12:0 a.m.43 views

polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork Exploit

/ When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt being shown to the user, asking the user to confirm the action by enteri...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/01/09 12:0 a.m.55 views

BlogEngine 3.3 - XML External Entity Injection Vulnerability

Exploit for windows platform in category web applications XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3...

9.2AI score0.16287EPSS
Exploits2
0day.today
0day.today
added 2019/01/09 12:0 a.m.84 views

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...

4.3CVSS0.01897EPSS
Exploits4
0day.today
0day.today
added 2019/01/09 12:0 a.m.25 views

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service Exploit

function main var vArr = new Array; var bigArray = new Array0x20000000; vArr0 = String.prototype.toLowerCase.callbigArray; vArr1 = String.prototype.toLowerCase.callbigArray; vArr2 = String.prototype.toLowerCase.callbigArray;...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/01/09 12:0 a.m.28 views

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/01/08 12:0 a.m.32 views

Wireshark - (get_t61_string) Heap Out-of-Bounds Read Exploit

The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file". --- cut --- ================================================================= ==16936==ERROR: AddressSanitizer:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/08 12:0 a.m.52 views

CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation Exploit

Exploit for php platform in category web applications !/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage: https://davidtavarez.github.io/ Software...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/01/08 12:0 a.m.45 views

Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Versio...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.49 views

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ Vendor: ChinaMobile Category: Hardware Version...

4.3CVSS6.3AI score0.04822EPSS
Exploits7
0day.today
0day.today
added 2019/01/07 12:0 a.m.73 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection Vulnerability

Exploit for hardware platform in category web applications body...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.104 views

Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal Vulnerability

Exploit for php platform in category web applications ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...

8.5AI score0.73663EPSS
Exploits7
0day.today
0day.today
added 2019/01/07 12:0 a.m.91 views

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference Exploit

function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...

Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.27 views

phpMoAdmin #MongoDB GUI 1.1.5 - CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpMoAdmin 1.1.5 - MongoDB GUI | Multiple Vulnerabilities Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmoadmin.com Software Link: http://www.phpmoadmin.com/file/phpmoadmin.zip Version: 1.1.5 Introduction phpMoAdmin ...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.20 views

Embed Video Scripts - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Embed Video Scripts - Cross-site Script stored Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/...

Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.18 views

All in One Video Downloader 1.2 - Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: All in One Video Downloader 1.2 - SQL Injection Google Dork: "developed by Niche Office" Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://nicheoffice.web.tr/...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.23 views

Wordpress UserPro < 4.9.21 Plugin - User Registration Privilege Escalation Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

0.7AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.26 views

BlueAuditor 1.7.2.0 - Key Denial of Service Exploit

Exploit Title: BlueAuditor 1.7.2.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/blueauditorsetup.exe Tested Version: 1.7.2.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10...

Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.38 views

LayerBB 1.1.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: LayerBB 1.1.1 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=26 Version: 1.1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-17997 1...

6.4AI score0.0358EPSS
Exploits5
0day.today
0day.today
added 2019/01/07 12:0 a.m.29 views

Mailcleaner - Authenticated Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.25 views

MyT Project Management 1.5.1 - Charge[group_total] SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MyT-PM 1.5.1 - 'Chargegrouptotal' SQL Injection Exploit Author: Mehmet Önder Key Vendor Homepage: https://manageyourteam.net/ Software Link: https://sourceforge.net/projects/myt/ Version: v1.5.1 Category: Webapps Tested on: WAMP...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.53 views

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Exploit for windows platform in category local exploits Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows Server 2016 Standard x64 CVE :...

0.01375EPSS
Exploits5
0day.today
0day.today
added 2019/01/07 12:0 a.m.28 views

SpotFTP Password Recover 2.4.2 - Name Denial of Service Exploit

Exploit Title: SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested Version: 2.4.2 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windo...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.38 views

Foscam Video Management System 1.1.4.9 - Username Denial of Service Exploit

Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.foscam.es/ Software Link : https://www.foscam.es/descarga/FoscamVMS1.1.4.9.zip Tested Version: 1.1.4.9 Vulnerability Type: Denial of Service DoS Local...

Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.49 views

Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data Exploit

Exploit for windows platform in category web applications Exploit Title: Ajera Timesheets = 9.10.16 - Deserialization of untrusted data Exploit Author: Anthony Cole Vendor Homepage: https://www.deltek.com/en/products/project-erp/ajera Version: = 9.10.16 Contact: http://twitter.com/acole76 Website...

8.9AI score0.10456EPSS
Exploits5
0day.today
0day.today
added 2019/01/07 12:0 a.m.24 views

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications input type="hidden" name="txtHelpPage" valu...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.58 views

MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on: Ubuntu 18.04 CVE:...

3.5CVSS0.02353EPSS
Exploits5
0day.today
0day.today
added 2019/01/07 12:0 a.m.48 views

Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS) Exploit

Exploit for hardware platform in category web applications Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version: 21.210.09.00.158 Tested on: Windo...

6.8CVSS0.1AI score0.00922EPSS
Exploits4
0day.today
0day.today
added 2019/01/04 12:0 a.m.27 views

Apache CouchDB 2.3.0 Cross Site Request Forgery Vulnerability

Apache CouchDB version 2.3.0 suffers from cross site request forgery vulnerabilities providing there's a loose CORs policy. Exploit Title: Apache CouchDB 2.3.0 Cross Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.20 views

SugarCRM addLabels PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels" method when saving labels through t...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.33 views

SugarCRM Web Logic Hooks Module Path Traversal Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhooktargetmodule" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.23 views

SugarCRM portal_get_related_notes SQL Injection Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portalgetrelatednotes" SOAP function. User input passed through the "orderby" parameter is not properly sanitized before being...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.37 views

SugarCRM Web Logic Hooks Module PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "triggerevent" parameter is not properly sanitized before being used to save PHP code into the 'logichooks.php' file through the Web Logic Hooks module. This can be...

Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.26 views

SugarCRM SaveDropDown PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'listvalue' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This ca...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.21 views

SugarCRM ConnectorsController Server-Side Request Forgery Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::actionCallRest" method. User input passed through the "url" request parameter is not properly sanitized before being used in a ca...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.23 views

SugarCRM WorkFlow PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $POST'basemodule' parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the...

8AI score
Exploits0
0day.today
0day.today
added 2019/01/03 12:0 a.m.58 views

Oracle Application Express AnyChart Flash-Based Cross Site Scripting Vulnerability

Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "externalobjid" GET parameter is not properly sanitized before being passed to the...

5.8CVSS6.7AI score0.01104EPSS
Exploits2
0day.today
0day.today
added 2019/01/02 12:0 a.m.42 views

Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit Author: Uday Mittal Vendor Homepage: http://www.ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/src/nftp-1.72.zip Version : below 2.0 Tested on: Microsoft Windows X...

7.5CVSS9.3AI score0.60328EPSS
Exploits16
0day.today
0day.today
added 2019/01/02 12:0 a.m.37 views

Frog CMS 0.9.5 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under...

3.5CVSS0.3AI score0.01677EPSS
Exploits5
0day.today
0day.today
added 2019/01/02 12:0 a.m.28 views

NetworkSleuth 3.0.0.0 - Key Denial of Service Exploit

Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested Version: 3.0.0.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/01/02 12:0 a.m.29 views

NBMonitor Network Bandwidth Monitor 1.6.5.0 - Name Denial of Service Exploit

Exploit Title: NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service PoC Author: Luis Martinez Vendor Homepage: www.nsauditor.com Software Link : http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Tested Version: 1.6.5.0 Vulnerability Type: Denial of Service DoS Local Tested o...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/01/02 12:0 a.m.64 views

Vtiger CRM 7.1.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/01/02 12:0 a.m.23 views

WordPress Adicon Server 1.2 Plugin - selectedPlace SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Software Link: https://wordpress.org/plugins/adicons/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.2 Category: webapps SQL Injection File:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/12/30 12:0 a.m.26 views

EZ CD Audio Converter 8.0.7 - Denial of Service Exploit

Exploit Title: EZ CD Audio Converter Date: 30-12-2018 Vendor Homepage: https://www.poikosoft.com/ Software Link : https://download.poikosoft.com/ezcdaudioconvertersetupx64.exe Exploit Author: Achilles Tested Version: 8.0.7 64-bit Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/12/29 12:0 a.m.79 views

WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write Exploit

WebKit: JSC: A bug in JSArray::shiftCountWithArrayStorage CVE-2018-4441 bool JSArray::shiftCountWithArrayStorageVM& vm, unsigned startIndex, unsigned count, ArrayStorage storage unsigned oldLength = storage-length; RELEASEASSERTcount hasHoles && this-structurevm-holesMustForwardToPrototypevm, thi...

8.8CVSS0.3AI score0.12808EPSS
Exploits7
0day.today
0day.today
added 2018/12/29 12:0 a.m.76 views

WebKit JSC AbstractValue::set Use-After-Free Exploit

WebKit: JSC: A bug in AbstractValue::set CVE-2018-4443 void AbstractValue::setGraph& graph, RegisteredStructure structure RELEASEASSERTstructure; mstructure = structure; marrayModes = asArrayModesstructure-indexingType; mtype = speculationFromStructurestructure.get; mvalue = JSValue;...

8.8CVSS0.2AI score0.05853EPSS
Exploits3
0day.today
0day.today
added 2018/12/29 12:0 a.m.33 views

Hashicorp Consul Services API Remote Command Execution Exploit

This Metasploit module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command...

0.6AI score
Exploits0
0day.today
0day.today
added 2018/12/29 12:0 a.m.47 views

Hashicorp Consul Rexec Remote Command Execution Exploit

This Metasploit module exploits a feature of Hashicorp Consul named rexec. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = ...

Exploits0
0day.today
0day.today
added 2018/12/27 12:0 a.m.40 views

Iperius Backup 5.8.1 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Iperius Backup 5.8.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: Iperius Backup 5.8.1 Vendor Homepage: https://www.iperiusbackup.com Version: 5.8.1 Local Buffer Overflow SEH Unicode Software...

0.3AI score
Exploits0
Total number of security vulnerabilities39001