Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/11/14 12:0 a.m.274 views

Bosch Video Management System 8.0 - Configuration Client Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service Poc Discovery by: Daniel Software Name: Bosch Video Management System Software Version: 8.0 Vendor Homepage:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.299 views

SwitchVPN For MacOS 2.1012.03 Privilege Escalation Exploit

Exploit for macOS platform in category local exploits ======================================================================= Title: Privilege Escalation Vulnerability Product: SwitchVPN for MacOS Vulnerable version: 2.1012.03 CVE ID: CVE-2018-18860 Impact: Critical Homepage: https://switchvpn.ne...

0.01183EPSS
Exploits5
0day.today
0day.today
added 2018/11/14 12:0 a.m.276 views

ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: ABC ERP 0.6.4 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://www.abc-erp.com/ Software Link: https://netcologne.dl.sourceforge.net/project/abc-erp/abcv064.zip Version: 0.6.4...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.259 views

AMPPS 2.7 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: AMPPS 2.7 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.ampps.com/ Software Link: https://kent.dl.sourceforge.net/project/ampps/2.7/Ampps-2.7-setup.exe Version: 2.7 Category: Dos Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.55 views

CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest;...

7.6AI score0.04751EPSS
Exploits8
0day.today
0day.today
added 2018/11/14 12:0 a.m.124 views

ntpd 4.2.8p10 - Out-of-Bounds Read Exploit

Exploit for linux platform in category local exploits Exploit Title: ntpd 4.2.8p10 - Out-of-Bounds Read PoC Bug Discovery: Yihan Lian, a security researcher of Qihoo 360 GearTeam Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/blog/cve-2018-7182 Vendor Homepage:...

5CVSS7.6AI score0.2985EPSS
Exploits5
0day.today
0day.today
added 2018/11/14 12:0 a.m.126 views

Musicco 2.0.0 - Arbitrary Directory Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.269 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.257 views

Webiness Inventory 2.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.3 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://github.com/webiness/webinessinventory Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.263 views

EdTv 2 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: EdTv 2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://edtv.edsup.org/ Software Link: https://ayera.dl.sourceforge.net/project/edtv/beta/edtv2go.zip Version: 2 Category: Webapps Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/11/13 12:0 a.m.174 views

Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc / + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CISCO-IMMUNET-AND-CISCO-AMP-FOR-ENDPOINTS-SYSTEM-SCAN-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Greetz: indoushka |...

5.8AI score0.00966EPSS
Exploits6
0day.today
0day.today
added 2018/11/13 12:0 a.m.188 views

Evince 3.24.0 - Command Injection Exploit

Exploit for linux platform in category dos / poc Exploit Title: evince command line injection Exploit Author: Matlink Vendor Homepage: https://wiki.gnome.org/Apps/Evince Software Link: https://wiki.gnome.org/Apps/Evince Version: 3.24.0 Tested on: Debian sid CVE : CVE-2017-1000083 Can be tested on...

4CVSS7.8AI score0.50826EPSS
Exploits10
0day.today
0day.today
added 2018/11/13 12:0 a.m.162 views

CuteFTP Mac 3.1 - Denial of Service Exploit

Exploit for macOS platform in category dos / poc Exploit Title: CuteFTP Mac 3.1 Denial of Service PoC Exploit Author: Yair Rodríguez Aparicio Vendor Homepage: https://www.globalscape.com/cuteftp Software Link: http://go.globalscape.com/download/cuteftp-macosx Version: 3.1 Tested on: macOS High...

Exploits0
0day.today
0day.today
added 2018/11/13 12:0 a.m.147 views

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode 58 bytes

/ Exploit Title: Linux/x86 - execve /bin/nc -lp99999 -e /bin/bash shellcode 58 bytes Exploit Description: Binds a TCP bash shell at port 99999 using netcat. Note: This shellcode uses netcat-traditional package. Otherwise, it will not work. Date: 04/11/2018 Exploit Author: Javier Tello Version: 1....

0.3AI score
Exploits0
0day.today
0day.today
added 2018/11/13 12:0 a.m.222 views

Android RSSI Broadcast Information Disclosure Vulnerability

Android OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts. Android RSSI Broadcast Information Disclosure Blog post here: https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-9581/ NOTE: This bug is part of a series of three related Android bugs with the same...

7.5CVSS5.5AI score0.02032EPSS
Exploits6
0day.today
0day.today
added 2018/11/13 12:0 a.m.190 views

XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) Exploit

Exploit for windows platform in category local exploits Exploit Title: XAMPP Control Panel 3.2.2 - Buffer Overflow SEH Unicode Exploit Author: Gionathan "John" Reale 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit. Shellcode Author: Giuseppe D'Amore EDB:28996 Software:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/13 12:0 a.m.227 views

Android 5.0 Battery Information Broadcast Information Disclosure Vulnerability

Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts. Android 5.0 Battery Information Broadcast Information Disclosure NOTE: This bug is part of a series of three related Android bugs with the same root cause: CVE-2018-9489, CVE-2018-95...

7.5CVSS5.4AI score0.02032EPSS
Exploits6
0day.today
0day.today
added 2018/11/13 12:0 a.m.185 views

xorg-x11-server < 1.20.1 - Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits Exploit Title: xorg-x11-server bolo console opened Building root shell wait 2 minutes crontab overwritten ... cut Xorg output ... Xorg killed II Server terminated successfully 0. Closing log file. Don't forget to cleanup /etc/crontab and /tmp...

0.2AI score0.2704EPSS
Exploits39
0day.today
0day.today
added 2018/11/13 12:0 a.m.210 views

Cisco Prime Infrastructure Unauthenticated Remote Code Execution Exploit

Cisco Prime Infrastructure CPI contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege...

9.8CVSS0.4AI score0.86221EPSS
Exploits5
0day.today
0day.today
added 2018/11/12 12:0 a.m.221 views

WordPress WP User Manager 2.0.8 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WP User Manager v2.0.8 WordPress Plugin - Time-Based SQL Injection Author: Socket0x03 Alvaro J. Gene Software Link: https://wordpress.org/plugins/wp-user-manager Plugin: WP User Manager Version: v2.0.8 last version File: login...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.210 views

Netscape Enterprise 3.63 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications alert"XSS" The server response: Request URL: http://X.X.X.X/servlet/SnoopServlet Request information: Request method: GET Request URI: /servlet/SnoopServlet Request protocol: HTTP/1.1 Servlet path: /servlet/SnoopServlet Path info: Path...

6.4AI score0.01416EPSS
Exploits3
0day.today
0day.today
added 2018/11/12 12:0 a.m.213 views

TP-Link Archer C50 Wireless Router 171227 - CSRF (Configuration File Disclosure) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.226 views

WordPress PeepSo 1.11.2 XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications WordPress PeepSo 1.11.2 XSS / SQL Injection Vulnerabilities Author: Socket0x03 Alvaro J. Gene Software Link: https://wordpress.org/plugins/peepso-core/ Plugin: PeepSo Version: 1.11.2 File: Members Parameter: query Language: This application is...

Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.201 views

Vignette Content Management 6 Security Bypass Vulnerability

Exploit for php platform in category web applications 0day.today 2018-11-12...

9.7AI score0.02325EPSS
Exploits3
0day.today
0day.today
added 2018/11/12 12:0 a.m.209 views

Mongoose Web Server 6.9 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Mongoose Web Server 6.9 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: https://cesanta.com/binary.html Software Link: https://backend.cesanta.com/cgi-bin/api.cgi?act=dl&os=win Version: 6.9 Category: Dos Teste...

7AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.308 views

Advanced Comment System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications 0day.today 2018-11-12...

0.2AI score0.04185EPSS
Exploits5
0day.today
0day.today
added 2018/11/12 12:0 a.m.195 views

Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.186 views

Data Center Audit 2.6.2 - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Data Center Audit 2.6.2 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/datacenteraudit/ Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.175 views

Nominas 0.27 - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Nominas 0.27 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://arixolab.com/proyecto.html Software Link: https://netix.dl.sourceforge.net/project/nominascrm/Nominas%20v0.27.tar.gz Version: 0.27...

Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.179 views

HeidiSQL 9.5.0.5196 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: HeidiSQL 9.5.0.5196 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/download.php Tested Version: 9.5.0.5196 Tested on: Windows 10 Single...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.184 views

Wordpress Media File Manager 1.4.2 Plugin - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://wordpress.org/plugins/media-file-manager/ Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.185 views

The Don 1.0.1 - login SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: The Don 1.0.1 - 'login' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://thedon.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/thedon/thedon-1.0b.rar Version: 1.0.1 Category: Webapps...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.170 views

Facturation System 1.0 - modid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Facturation System 1.0 - 'modid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/simple-invoice/ Software Link: https://kent.dl.sourceforge.net/project/simple-invoice/simple-invoice-master.zip...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.177 views

ServerZilla 1.0 - email SQL Injection Vulnerability

Exploit for php platform in category web applications...

1.7AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.182 views

TufinOS 2.17 Build 1193 - XML External Entity Injection Vulnerability

Exploit for linux platform in category web applications Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.184 views

GPS Tracking System 2.12 - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: GPS Tracking System 2.12 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/gpstracking/ Software Link: https://kent.dl.sourceforge.net/project/gpstracking/gps.zip Version:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.189 views

Paroiciel 11.20 - tRecIdListe SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Paroiciel 11.20 - 'tRecIdListe' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.paroiciel.com/ Software Link: https://datapacket.dl.sourceforge.net/project/paroiciel/version%2011/par6lus1120160225.exe...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.252 views

CuteFTP 9.3.0.3 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: CuteFTP 9.3.0.3 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://www.globalscape.com/cuteftp Software Link: https://www.globalscape.com/cuteftp Version: 9.3.0.3 Tested on: Windows 10 Home x64 CVE : n/a...

Exploits0
0day.today
0day.today
added 2018/11/11 12:0 a.m.942 views

Windows/x86 - Messagebox Shellcode 358 bytes

// Exploit Title : win32 Messagebox shellcode 358 bytes // Exploit Author : Febriyanto Nugroho email protected // Tested on : Windows 7 x86 Ultimate include include char shellcode= "\x31\xdb\xb3\x30\x29\xdc\x64\x8b\x03\x8b\x40\x0c\x8b" "\x58\x1c\x8b\x1b\x8b\x1b\x8b\x73\x08\x89\xf7\x89\x3c"...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/11/09 12:0 a.m.262 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery Vulnerability

Using a web browser or script server-side request forgery SSRF can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a...

8.7AI score0.44101EPSS
Exploits3
0day.today
0day.today
added 2018/11/09 12:0 a.m.243 views

OpenSLP 2.0.0 - Multiple Vulnerabilities

Exploit for linux platform in category local exploits OpenSLP 2.0.0 - Multiple Vulnerabilities ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June dumpco.re/blog/openslp-2.0.0-double-free, and today I'm disclosing two more. BUG...

7.5CVSS0.12364EPSS
Exploits4
0day.today
0day.today
added 2018/11/09 12:0 a.m.252 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Man-In-The-Middle Vulnerability

The FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks. This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning. Victims will then think these scans are...

5.8CVSS0.5AI score0.02034EPSS
Exploits3
0day.today
0day.today
added 2018/11/09 12:0 a.m.251 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking Exploit

D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

0.3AI score0.01675EPSS
Exploits3
0day.today
0day.today
added 2018/11/09 12:0 a.m.344 views

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass) Exploit

Exploit for windows platform in category local exploits Microsoft Windows 10 Build 17134 - Local Privilege Escalation UAC Bypass Exploit include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res =...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/09 12:0 a.m.236 views

Cisco Immunet / Cisco AMP For Endpoints Scanning Denial Of Service Exploit

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection AMP for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system...

0.4AI score0.00966EPSS
Exploits6
0day.today
0day.today
added 2018/11/08 12:0 a.m.410 views

Cradlepoint Router Password Disclosure Vulnerability

Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...

Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.325 views

Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation Exploit

Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account. Dell OpenManage Network...

9CVSS1.1AI score0.12324EPSS
Exploits7
0day.today
0day.today
added 2018/11/07 12:0 a.m.283 views

Grocery crud 1.6.1 - search_field SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Grocery crud 1.6.1 - 'searchfield' SQL Injection Exploit Author: Loading Kura Kura Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: 1.6.1 Tested on: Win10/Kali Linux CVE...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.270 views

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.272 views

PlayJoom 0.10.1 - catid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PlayJoom 0.10.1 - 'catid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://playjoom.telgo.info/ Software Link: https://ayera.dl.sourceforge.net/project/playjoom/0.10.1/playjoom-0.10.1-installpackage.zip Version...

0.2AI score
Exploits0
Total number of security vulnerabilities39001