Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/11/07 12:0 a.m.271 views

LibreHealth 2.0.0 - Arbitrary File Actions Vulnerability

Exploit for php platform in category web applications Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP, LibreHealth 2.0.0...

Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.268 views

Arm Whois 3.11 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Arm Whois 3.11 - Buffer Overflow SEH Exploit Author: Yair Rodríguez Aparicio 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit Vendor Homepage: http://www.armcode.com/ Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.302 views

libiec61850 1.3 - Stack Based Buffer Overflow

Exploit for linux platform in category local exploits Exploit Title: libiec61850 1.3 - Stack Based Buffer Overflow Exploit Author: Dhiraj Mishra Vendor Homepage: http://libiec61850.com/libiec61850/ Software Link: https://github.com/mz-automation/libiec61850 Version: 1.3 Tested on: Linux...

9.4AI score0.11573EPSS
Exploits4
0day.today
0day.today
added 2018/11/07 12:0 a.m.312 views

OOP CMS BLOG 1.0 - search SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.275 views

VSAXESS V2.6.2.70 build20171226_053 - organization Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'organization' Denial of Service PoC Discovery by: Diego Santamaria Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link:...

7AI score
Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.281 views

OpenBiz Cubi Lite 3.0.8 - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/07 12:0 a.m.270 views

eToolz 3.4.8.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: eToolz 3.4.8.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: https://www.gaijin.at Software Link: https://www.gaijin.at/de/software/etoolz Version: 3.4.8.0 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/06 12:0 a.m.347 views

FaceTime - RTP Video Processing Heap Corruption Exploit

Exploit for iOS platform in category dos / poc FaceTime - RTP Video Processing Heap Corruption Exploit There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if ...

0.02759EPSS
Exploits1
0day.today
0day.today
added 2018/11/06 12:0 a.m.273 views

Blue Server 1.1 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Blue Server 1.1 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mafiatic.org/ Software Link: https://master.dl.sourceforge.net/project/blueserver/Blue-Server-1.1.exe Version: 1.1 Category: Dos Teste...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/06 12:0 a.m.364 views

FaceTime - VCPDecompressionDecodeFrame Memory Corruption Exploit

Exploit for macOS platform in category dos / poc FaceTime - VCPDecompressionDecodeFrame Memory Corruption Exploit There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue...

0.5AI score0.06448EPSS
Exploits1
0day.today
0day.today
added 2018/11/06 12:0 a.m.175 views

FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit

Exploit for macOS platform in category dos / poc FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root...

0.2AI score0.06498EPSS
Exploits1
0day.today
0day.today
added 2018/11/06 12:0 a.m.386 views

XNU Kernel iOS / macOS heap buffer overflow Exploit

The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel. XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected. My exploit PoC just overwrites the heap with garbage, which causes an immediate kernel crash and...

9.2AI score0.2201EPSS
Exploits11
0day.today
0day.today
added 2018/11/05 12:0 a.m.474 views

blueimp jQuery Arbitrary File Upload Exploit

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability...

0.1AI score0.97107EPSS
Exploits15
0day.today
0day.today
added 2018/11/05 12:0 a.m.199 views

Royal TSX Information Disclosure Vulnerability

Exploit for jsp platform in category web applications Title: Royal TS/X - Information Disclosure Author: Jakub Palaczynski CVE: CVE-2018-18865 Affected product: ============= Royal TS/X RoyalTS/X Exploit var wsUri = "ws://127.0.0.1:54890/"; var output; function init output =...

8.2AI score0.07997EPSS
Exploits5
0day.today
0day.today
added 2018/11/05 12:0 a.m.159 views

Softros LAN Messenger 9.2 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Softros LAN Messenger 9.2 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://messenger.softros.com/ Software Link: https://messenger.softros.com/downloads/ Tested Version: 9.2 Tested on: Windows 10 Sing...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.360 views

PHP Proxy 3.0.3 - Local File Inclusion Exploit

Exploit for php platform in category web applications Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.223 views

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit

Exploit for asp platform in category web applications Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link:...

6AI score0.12236EPSS
Exploits6
0day.today
0day.today
added 2018/11/05 12:0 a.m.285 views

Intel (Skylake / Kaby Lake) - PortSmash CPU SMT Side-Channel Exploit

Exploit for hardware platform in category local exploits Intel Skylake / Kaby Lake - PortSmash CPU SMT Side-Channel Exploit Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading ...

0.1AI score0.03418EPSS
Exploits4
0day.today
0day.today
added 2018/11/05 12:0 a.m.202 views

Easy File Sharing Web Server 7.2 - author Remote Buffer Overflow (SEH) Exploit

An issue was discovered in Easy File Sharing EFS Web Server 7.2, A stack-based buffer overflow vulnerability occurs when an authenticated user sends a malicious POST request to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. Exploit Titl...

9.8CVSS0.6AI score0.03497EPSS
Exploits2
0day.today
0day.today
added 2018/11/05 12:0 a.m.150 views

Microsoft Internet Explorer 11 - Null Pointer Dereference Exploit

Exploit for windows platform in category local exploits Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0...

6.8AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.194 views

WebVet 0.1a - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WebVet 0.1a - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps Tested...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.139 views

Virgin Media Hub 3.0 Router - Denial of Service Exploit

Exploit for hardware platform in category dos / poc Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service PoC Exploit Author: Ross Inman Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers Software Link: N/A Version: Virgin Media Hub 3.0...

Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.184 views

LiquidVPN For macOS 1.3.7 Privilege Escalation Vulnerability

LiquidVPN for macOS versions 1.3.7 and below suffer from privilege escalation vulnerabilities. ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE...

1.2AI score0.0161EPSS
Exploits8
0day.today
0day.today
added 2018/11/05 12:0 a.m.177 views

QBee Camera / iSmartAlarm Credential Disclosure Vulnerability

Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamerapreferences.xml in the QBee Ca...

6.2AI score0.06594EPSS
Exploits1
0day.today
0day.today
added 2018/11/05 12:0 a.m.251 views

CMS Made Simple 2.2.7 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

6.5CVSS7.3AI score0.12178EPSS
Exploits5
0day.today
0day.today
added 2018/11/05 12:0 a.m.142 views

SiAdmin 1.1 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SiAdmin 1.1 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.bubul.net/ Software Link: https://kent.dl.sourceforge.net/project/siadmin/SiAdmin%201.1/SiAdmin%201.1.zip Version: 1.1 Category: Webapps...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.179 views

CentOS Web Panel Root Account Takeover <= v0.9.8.740 Remote Command Execution Exploit

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution. + Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url =...

8.8CVSS0.4AI score0.04751EPSS
Exploits8
0day.today
0day.today
added 2018/11/05 12:0 a.m.142 views

Mongo Web Admin 6.0 - Information Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.184 views

Morris Worm sendmail Debug Mode Shell Escape Exploit

This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.159 views

Poppy Web Interface Generator 0.8 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Poppy Web Interface Generator 0.8 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://poppy.dc-development.de/ Software Link: https://master.dl.sourceforge.net/project/poppy-beta-rc/poppy0.8betarc.zip...

Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.206 views

Morris Worm fingerd Stack Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. This module requires Metasploit: https://metasploit.com/download Current source:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/11/05 12:0 a.m.156 views

Voovi Social Networking Script 1.0 - user SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Voovi Social Networking Script 1.0 - 'user' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.adminspoint.com/voovi/index.php Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.109 views

Zint Barcode Generator 2.6 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Zint Barcode Generator 2.6 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.zint.org.uk Software Link: https://sourceforge.net/projects/zint/files/latest/download Version: 2.6 Category: Dos Tested on...

Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.115 views

CdCatalog 2.3.1 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: CdCatalog 2.3.1 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://cdcat.sourceforge.net Software Link: https://netcologne.dl.sourceforge.net/project/cdcat/cdcat/cdcat-2.3.1/cdcat-2.3.1.tar.bz2 Version:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.201 views

Fantastic Blog CMS 1.0 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.122 views

WinMTR 0.91 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: WinMTR 0.91 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://winmtr.net Software Link: http://winmtr.net/winmtrdownload/ Version: 0.91 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 Host:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.127 views

Yot CMS 3.3.1 - aid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Yot CMS 3.3.1 - 'aid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://yot.sourceforge.io/ Software Link: https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip Version: 3.3.1 Category: Webapps Tested on...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.184 views

Jelastic 5.4 - host SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Jelastic 5.4 - 'host' SQL injection Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.173 views

qdPM 9.1 - filter_by SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/02 12:0 a.m.245 views

Gate Pass Management System 2.1 - login SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpmsUpdate.zip Version: 2.1...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/01 12:0 a.m.105 views

WebDrive 18.00.5057 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: WebDrive 18.00.5057 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://webdrive.com/ Software Link: https://webdrive.com/download/ Tested Version: 18.00.5057 Tested on: Windows 10 Single Language x64...

Exploits0
0day.today
0day.today
added 2018/11/01 12:0 a.m.104 views

Arm #Whois 3.11 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Arm Whois 3.11 - Denial of Service PoC Exploit Author: Yair Rodríguez Aparicio Vendor Homepage: http://www.armcode.com/ Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows XP Profesional...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/01 12:0 a.m.99 views

Artha The Open Thesaurus 1.0.3.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Artha The Open Thesaurus 1.0.3.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://artha.sourceforge.net Software Link: https://netcologne.dl.sourceforge.net/project/artha/artha/1.0.3/artha1.0.3.0.exe...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/11/01 12:0 a.m.128 views

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection Vulnerability

CSV XLS Injection Excel Macro Injection or Formula Injection exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Na...

7.9AI score
Exploits0
0day.today
0day.today
added 2018/11/01 12:0 a.m.140 views

Sourcetree Git Arbitrary Code Execution Vulnerability

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version...

9CVSS0.6AI score0.02112EPSS
Exploits1
0day.today
0day.today
added 2018/10/31 12:0 a.m.23 views

Expense Management 1.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Expense Management 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/expense-management Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/31 12:0 a.m.29 views

gVisor runsc Guest -> Host Breakout Via Filesystem Cache Desync

Exploit for linux platform in category dos / poc gVisor runsc guest-host breakout via filesystem cache desync The following writeup describes an attack that can be used to overwrite files in the host filesystem /etc/crontab in my PoC from inside a Docker container that uses gVisor's runsc. I test...

7AI score
Exploits0
0day.today
0day.today
added 2018/10/31 12:0 a.m.39 views

School Attendance Monitoring System 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: School Attendance Monitoring System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

0.1AI score0.03213EPSS
Exploits5
0day.today
0day.today
added 2018/10/31 12:0 a.m.35 views

Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery

Exploit for php platform in category web applications Exploit Title: Aplaya Beach Resort Online Reservation System 1.0 - Multiple Vulnerabilities Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/31 12:0 a.m.28 views

Notes Manager 1.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link:...

7.4AI score
Exploits0
Total number of security vulnerabilities39001