Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/12/18 12:0 a.m.35 views

Excel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit

Exploit Title: Excel Password Recovery Professional Vendor Homepage:https://www.recoverlostpassword.com/ Software Link :https://www.recoverlostpassword.com/downloads/excelpasswordrecoveryprotrial.exe Exploit Author: Achilles Tested Version: 8.2.0.0 Tested on: Windows 7 64 Vulnerability Type: Deni...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/12/17 12:0 a.m.56 views

Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal Vulnerabilities

Transcend Wi-Fi SD Card 16GB with firmware 1.8 suffers from cross site request forgery and directory traversal vulnerabilities. There are Directory Traversal and Cross-Site Request Forgery vulnerabilities in Transcend Wi-Fi SD Card. ------------------------- Affected products:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/12/17 12:0 a.m.42 views

GNU inetutils < 1.9.4 - (telnet.c) Multiple Overflows Exploit

GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/12/17 12:0 a.m.45 views

Windows Persistent Service Installer Exploit

This Module will generate and upload an executable to a remote host and then makes it a persistent service. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required. This module requires Metasploit:...

0.9AI score
Exploits0
0day.today
0day.today
added 2018/12/17 12:0 a.m.47 views

Razer Cortex Debugger Remote Command Execution Vulnerability

Razer Cortex has a CEF debugger stub enabled by default allowing arbitrary remote command execution. Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on twitter that the software distributed by Razer for their gaming equipment migh...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/12/17 12:0 a.m.81 views

Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API. I. VULNERABILITY ------------------------- Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. II. CVE REFERENCE...

0.5AI score0.24498EPSS
Exploits3
0day.today
0day.today
added 2018/12/17 12:0 a.m.37 views

KARMA 6.0.0 SQL Injection Vulnerability

Exploit for php platform in category web applications CWE-89 Use CVE-2018-18399. Credit: Ali Abdollahi Description: SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via th...

0.2AI score0.0277EPSS
Exploits2
0day.today
0day.today
added 2018/12/16 12:0 a.m.96 views

Mikrotik RouterOS Telnet Arbitrary Root File Creation Vulnerability

An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem...

7.3AI score
Exploits0
0day.today
0day.today
added 2018/12/16 12:0 a.m.525 views

PassFab RAR Password Recovery SEH Local Exploit

Exploit for windows platform in category local exploits Exploit Title: PassFab RAR Password Recovery SEH Local Exploit Vendor Homepage:https://www.passfab.com/products/rar-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-rar-password-recovery.exe Exploit Author:...

Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.19 views

Excel Password Recovery Professional Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Excel Password Recovery Professional Vendor Homepage:https://www.recoverlostpassword.com/ Software Link :https://www.recoverlostpassword.com/downloads/excelpasswordrecoveryprotrial.exe Exploit Author: Achilles Tested Version: 8.2.0...

Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.37 views

Facebook And Google Reviews System For Businesses - CSRF (Change Admin Password)

Exploit for php platform in category web applications Exploit Title: Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559?srank=38 Version: v...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.24 views

Nsauditor Local SEH Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Nsauditor Local SEH Buffer Overflow Vendor Homepage:http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Exploit Author: Achilles Tested Version: 3.0.28.0 Tested on: Windows XP SP3 1.-...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.31 views

Double Your Bitcoin Script Automatic - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018 Version: v1 REQUIRED Test...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.22 views

AnyBurn Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: AnyBurn Date: 15-12-2018 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Author: Achilles Tested Version: 4.3 32-bit Tested on: Windows 7 x64 Vulnerability Type: Denial ...

6.8AI score
Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.18 views

MegaPing Denial of Service Exploit

Exploit Title: MegaPing Vendor Homepage: http://www.magnetosoft.com/ Software Link: http://www.magnetosoft.com/downloads/win32/megapingsetup.exe Exploit Author: Achilles Tested Version: Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps to Produce the...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.192 views

Huawei Router HG532e - Command Execution Exploit

Exploit for hardware platform in category web applications !/bin/python ''' Author : Rebellion Github : @rebe11ion Twitter : @rebellion ''' import urllib2,requests,os,sys from requests.auth import HTTPDigestAuth DEFAULTHEADERS = "User-Agent": "Mozilla", DEFAULTTIMEOUT = 5 def fetchurlurl: global...

5CVSS6.5AI score0.27528EPSS
Exploits2
0day.today
0day.today
added 2018/12/15 12:0 a.m.25 views

Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution

Exploit for php platform in category web applications Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Exploit Author: Ihsan Sencan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559 Version: 1.1...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/12/15 12:0 a.m.30 views

Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559 Version: 1.1 Category:...

Exploits0
0day.today
0day.today
added 2018/12/14 12:0 a.m.50 views

Cisco RV110W - Password Disclosure / Command Execution Exploit

!/usr/bin/env python2 Cisco RV110W Password Disclosure and OS Command Execute. Tested on version: 1.1.0.9 maybe useable on 1.2.0.9 and later. Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute Date: 2018-08 Exploit Author: RySh Vendor Homepage: https://www.cisco.com/ Version:...

10CVSS7.6AI score0.1043EPSS
Exploits3
0day.today
0day.today
added 2018/12/14 12:0 a.m.31 views

Responsive FileManager 9.13.4 - Multiple Vulnerabilities

Exploit for php platform in category web applications Responsive FileManager 9.13.4 - Multiple Vulnerabilities Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/12/14 12:0 a.m.23 views

Zortam MP3 Media Studio 24.15 - Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Zortam MP3 Media Studio Version 24.15 Exploit SEH Exploit Author: Manpreet Singh Kheberi Download Link: https://www.zortam.com/download.html Vendor Homepage: https://www.zortam.com Tested on: Windows Xp Sp3 x64 Type: Bind shel...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/12/14 12:0 a.m.42 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium;...

0.2AI score0.07234EPSS
Exploits4
0day.today
0day.today
added 2018/12/14 12:0 a.m.30 views

UltraISO 9.7.1.3519 - Output FileName Denial of Service

Exploit Title: UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service PoC and Pointer to next SEH and SE handler records overwrite Discovery by: Francisco Ramirez Vendor Homepage: https://www.ultraiso.com/ Software Link : https://www.ultraiso.com/download.html Tested Version: 9.7.1.3519 Tested...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/12/14 12:0 a.m.34 views

Angry IP Scanner 3.5.3 - Denial of Service Exploit

!/usr/bin/python -- coding: cp1252 -- Exploit Title: Angry IP Scanner 3.5.3 Denial of Service PoC Author: Fernando Cruz Vendor Homepage: https://angryip.org Tested Version: 3.11 Tested on Windows 10 Pro, 64-bit Steps to Produce the Crash: 1.- Run python code : python angryip.py 2.- Open angryip.t...

0.6AI score
Exploits0
0day.today
0day.today
added 2018/12/14 12:0 a.m.190 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium;...

6.6AI score0.07411EPSS
Exploits4
0day.today
0day.today
added 2018/12/14 12:0 a.m.117 views

Safari - Proxy Object Type Confusion Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Proxy Object Type Confusion', 'Description' = %q This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The D...

9.3CVSS0.5AI score0.53772EPSS
Exploits12
0day.today
0day.today
added 2018/12/13 12:0 a.m.104 views

WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit

didBecomePrototype; if structurevm-hasMonoProto DeferredStructureTransitionWatchpointFire deferredvm, structurevm; Structure newStructure = Structure::changePrototypeTransitionvm, structurevm, prototype, deferred; setStructurevm, newStructure; else putDirectvm, knownPolyProtoOffset, prototype; if...

8.8CVSS0.2AI score0.05827EPSS
Exploits2
0day.today
0day.today
added 2018/12/13 12:0 a.m.34 views

Windows UAC Protection Bypass Exploit

This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. This module requires Metasploit: https://metasploit.com/download Current source:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/12/13 12:0 a.m.62 views

CyberLink LabelPrint 2.5 - Stack Buffer Overflow Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CyberLink LabelPrint 2.5 Stack Buffer Overflow", 'Description' = %q This module exploits ...

6.8CVSS0.3AI score0.19194EPSS
Exploits9
0day.today
0day.today
added 2018/12/13 12:0 a.m.179 views

Linux - userfaultfd Bypasses tmpfs File Permissions Exploit

Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it is, for example, possible to register userfaulfd...

5.5CVSS6.4AI score0.0051EPSS
Exploits5
0day.today
0day.today
added 2018/12/13 12:0 a.m.38 views

MixPad v4.40 - Unicode Buffer Overflow Exploit

!/usr/bin/python Exploit Author: Gionathan "John" Reale Exploit Title: NCH Software MixPad v4.40 - Unicode Buffer Overflow Date: 2018-12-12 Vulnerable Software: NCH Software MixPad Vendor Homepage: http://www.nch.com.au/ Version: v4.40-v4.10 Tested On: Windows 7 PoC: generate crash.txt, options,...

0.6AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.635 views

PrestaShop 1.6.x/1.7.x - Remote Code Execution Exploit

Exploit for php platform in category web applications ?php / PrestaShop 1.6.x = 1.6.1.23 & 1.7.x = 1.7.4.4 - Back Office Remote Code Execution See https://github.com/farisv/PrestaShop-CVE-2018-19126 for explanation. Chaining multiple vulnerabilities to trigger deserialization via phar. Date:...

0.2AI score0.22535EPSS
Exploits6
0day.today
0day.today
added 2018/12/12 12:0 a.m.278 views

Adobe ColdFusion 2018 - Arbitrary File Upload Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Unrestricted file upload in Adobe ColdFusion 2018 Google Dork: ext:cfm Exploit Author: Pete Freitag of Foundeo Reversed: Vahagn vah13 Vardanian Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 CVE :...

10CVSS9.2AI score0.9995EPSS
Exploits11
0day.today
0day.today
added 2018/12/12 12:0 a.m.69 views

IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Disclaimer: This code is for Educational Purposes , I would Not be responsible for any misuse of this code Attack type : Remote Patch Status : Unpatched Exploitation : Author: Usman Saeed Company: Xc0re Security Research Group Website:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.64 views

PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Vulnerability

Exploit for multiple platform in category web applications Exploit Author: bzyo CVE: CVE-2018-19936 Twitter: @bzyo Exploit Title: PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Date: 12-07-18 Vulnerable Software: PrinterOn Enterprise 4.1.4 Vendor Homepage: https://www.printeron.com/ Version...

0.2AI score0.01066EPSS
Exploits5
0day.today
0day.today
added 2018/12/12 12:0 a.m.75 views

Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Add/Update Admin Exploit Author: Ihsan Sencan Vendor Homepage:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.54 views

SmartFTP Client 9.0.2623.0 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: SmartFTP 9.0 Build 2623 - Denial of Service PoC Exploit Author: Alejandra Sánchez Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/get/SFTPMSI64.exe Version: 9.0.2623.0 Tested on: Windows Server 2016 x64/ Windows 10 Single...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.93 views

WordPress AutoSuggest 0.24 Plugin - wpas_keys SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WP AutoSuggest 0.24 - SQL Injection Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.62 views

Tourism Website Blog - Remote Code Execution / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Tourism Website Blog - Remote Code Execution / SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/12819/tourism-website-blog-faces-negros-web-application.html Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.69 views

Apache OFBiz 16.11.05 - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Apache OFBiz v16.11.05 - Stored Cross-Site Scripting Vulnerability Exploit Author: DKM Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-16.11.05.zip Version:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.148 views

Huawei B315s-22 - Information Leak Vulnerability

Exploit for hardware platform in category web applications Product Family: LTE Model B315s – 22 Firmware version: 21.318.01.00.26 Author: Usman Saeed usman at xc0re.net 1. Unauthenticated access to sensitive files: It was observed that the web application running on the router, allows...

3.3CVSS0.2AI score0.13219EPSS
Exploits4
0day.today
0day.today
added 2018/12/12 12:0 a.m.53 views

WordPress Snap Creek Duplicator Code Injection Exploit

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters befo...

9.8CVSS9.7AI score0.57557EPSS
Exploits4
0day.today
0day.today
added 2018/12/12 12:0 a.m.77 views

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)

/ Linux/x86-execve/usr/bin/ncat -lvp 1337 -e/bin/bash+NULL-FREE Shellcode95 bytes Author : T3jv1l Contact: email protected Twitter:https://twitter.com/T3jv1l Shellcode len : 119 bytes Compilation: gcc shellcode.c -o shellcode Compilation for x64 : gcc -m32 shellcode.c -o shellcode Tested On: Ubun...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.58 views

HotelDruid 2.3.0 - id_utente_mod SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection in HotelDruid version 2.3 Google Dork: N/A Exploit Author: Sainadh Jamalpur Vendor Homepage: http://www.hoteldruid.com Software Link: https://sourceforge.net/projects/hoteldruid/ Version: 2.3 REQUIRED Tested on:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.101 views

ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.268 views

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the McAfee.TrueKey.Service...

0.2AI score0.01137EPSS
Exploits3
0day.today
0day.today
added 2018/12/12 12:0 a.m.78 views

TP-Link wireless router Archer C1200 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU · Impact: Client side attacks are very common and are the source of maximum number of user compromises. Wi...

Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.68 views

Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure Vulnerabilities

Exploit for asp platform in category web applications Exploit title: Sitecore CMS v8.2 multiple vulnerabilities Product: Sitecore Version: 8.2, Rev: 161221, Date: 21st December, 2016 Author: Usman Saeed Email: email protected Vendor Homepage: http://www.sitecore.net/ Disclaimer: Everything...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.65 views

LanSpy 2.0.1.159 - Local Buffer Overflow Exploit

Exploit Title: LanSpy 2.0.1.159 - Local BoF PoC Author: Gionathan "John" Reale Homepage: https://lizardsystems.com Software Link: https://lizardsystems.com/download/lanspysetup.exe Tested Version: 2.0.1.159 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/12/12 12:0 a.m.86 views

DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE :...

5.6AI score0.01762EPSS
Exploits5
Total number of security vulnerabilities39001