Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/10/29 12:0 a.m.200 views

Paramiko 2.4.1 - Authentication Bypass Exploit

Exploit Title: Paramiko 2.4.1 - Authentication Bypass Exploit Author: Adam Brown Vendor Homepage: https://www.paramiko.org Software Link: https://github.com/paramiko/paramiko/tree/v1.15.2 Version: 1.17.6, 1.18.x 1.18.5, 2.0.x 2.0.8, 2.1.x 2.1.5, 2.2.x 2.2.3, 2.3.x 2.3.2, and 2.4.x 2.4.1 Tested on...

9.8CVSS0.2AI score0.27065EPSS
Exploits10
0day.today
0day.today
added 2018/10/29 12:0 a.m.41 views

Modbus Slave PLC 7 - .msw Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kağan Çapar Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS:...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/10/28 12:0 a.m.95 views

Veterinary Clinic Management 00.02 - editpetnum SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://vetclinic.sourceforge.io/ Software Link: https://sourceforge.net/projects/vetclinic/files/latest/download...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/28 12:0 a.m.105 views

Joomla Responsive eXtro jQuery Gallery 2.1.0 Component - filter_category SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla Component Responsive eXtro jQuery Gallery 2.1.0 - 'filtercategory' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://extro.media/ Software Link:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/10/28 12:0 a.m.365 views

ASRock Drivers Privilege Escalation / Code Execution Exploit

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were...

0.6AI score0.01545EPSS
Exploits8
0day.today
0day.today
added 2018/10/28 12:0 a.m.118 views

WordPress Arforms 3.5.1 Arbitrary File Delete Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux &...

0.02049EPSS
Exploits3
0day.today
0day.today
added 2018/10/28 12:0 a.m.94 views

HID ActivID ActivClient 7.1.0.202 Heap Spray / Denial Of Service Vulnerability

HID ActivID ActivClient version 7.1.0.202 may not enforce upper bounds on the size of data received from a smart card, which can lead to attacks such as memory exhaustion, or serve as a heap spraying primitive for other attacks against the software, albeit slowly. HID ActivID ActivClient 7.1.0.20...

0.6AI score
Exploits0
0day.today
0day.today
added 2018/10/28 12:0 a.m.484 views

Shell In A Box 2.2.0 Denial Of Service Exploit

Exploit for linux platform in category dos / poc Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser a...

7.6AI score0.05986EPSS
Exploits3
0day.today
0day.today
added 2018/10/28 12:0 a.m.290 views

Webiness Inventory 2.9 Shell Upload Exploit

Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName =...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/28 12:0 a.m.275 views

Joomla Com_Ajax Component Jsnextfw Plugin Jform_Article Incorrect Default Permission Vulnerability

Exploit for php platform in category web applications Exploit Title : Joomla ComAjax Component Jsnextfw Plugin JformArticle Incorrect Default Permission Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 24/10/2018 Vendor Homepage : joomla.org Tested On...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/26 12:0 a.m.76 views

Linux systemd Symlink Dereference Via chown_one() Exploit

Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...

0.2AI score0.01058EPSS
Exploits4
0day.today
0day.today
added 2018/10/26 12:0 a.m.122 views

Delta Sql 1.8.2 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Delta Sql 1.8.2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/26 12:0 a.m.26 views

Veterinary Clinic Management 00.02 - editpetnum SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://vetclinic.sourceforge.io/ Software Link: https://sourceforge.net/projects/vetclinic/files/latest/download...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/26 12:0 a.m.46 views

Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting Exploit Author: Hasan Alqawzai Vendor Homepage: https://www.oracle.com Software Link:...

3.5CVSS6.2AI score0.01309EPSS
Exploits2
0day.today
0day.today
added 2018/10/26 12:0 a.m.35 views

Quick Count 2.0 - txtInstID SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Quick Count 2.0 - 'txtInstID' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://quickcount.sourceforge.io/ Software Link: https://sourceforge.net/projects/quickcount/files/latest/download Version: 2.0 Category:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/26 12:0 a.m.20 views

MPS Box 0.1.8.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested...

Exploits0
0day.today
0day.today
added 2018/10/26 12:0 a.m.750 views

xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit

Exploit for multiple platform in category local exploits xorg-x11-server Local Privilege Escalation CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. B...

0.2704EPSS
Exploits39
0day.today
0day.today
added 2018/10/26 12:0 a.m.87 views

xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit (2)

Exploit for multiple platform in category local exploits xorg-x11-server Local Privilege Escalation 2 !/bin/bash x0rg - Xorg Local Root Exploit Released under the Snitches Get Stitches Public Licence. props to prdelka / fantastic for the shadow vector. Gr33tz to everyone in lizardhq and elsewhere...

0.2AI score0.2704EPSS
Exploits39
0day.today
0day.today
added 2018/10/26 12:0 a.m.95 views

Linux systemd Line Splitting Exploit

Linux has an issue with systemd where overlong input to fgets during reexec state injection can lead to line splitting. systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as...

7.7AI score0.02279EPSS
Exploits4
0day.today
0day.today
added 2018/10/25 12:0 a.m.61 views

Open STA Manager 2.3 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Open STA Manager 2.3 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: http://www.openstamanager.com/ Software Link: https://sourceforge.net/projects/openstamanager/files/latest/download Version: 2.3...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.74 views

WebExec Authenticated User Code Execution Exploit

This Metasploit module uses a valid username and password of any level or password hash to execute an arbitrary payload. This Metasploit module is similar to the "psexec" module, except allows any non-guest account by default. This module requires Metasploit: https://metasploit.com/download Curre...

7.8CVSS8AI score0.1602EPSS
Exploits14
0day.today
0day.today
added 2018/10/25 12:0 a.m.40 views

WordPress Pie Register 3.0.17 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications =============================================================================================== Pie Register v3.0.17 WordPress Plugin - Cross-Site Scripting Vulnerability in Forgot-Password...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.93 views

jQuery-File-Upload < v9.22.1 (ImageMagick / Ghostscript) - Remote Code Execution Exploit

Exploit for php platform in category web applications jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. The project was recently reported to have a three-year-old arbitrary file upload vulnerability that was fixed in the release of v9.22.2,...

Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.14 views

ClipBucket 2.8 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapps Teste...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.29 views

PHPTPoint Pharmacy Management System 1.0 - username SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.101 views

AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle Vulnerability

Exploit for hardware platform in category local exploits AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle Vulnerability Product: 440HD / 450HD IP Phone Manufacturer: AudioCodes Affected Versions: = 3.1.2.89 Tested Versions: VC3.1.1.43.1, VC3.1.2.89 Vulnerability Type: X.509 validation...

6AI score0.0118EPSS
Exploits3
0day.today
0day.today
added 2018/10/25 12:0 a.m.103 views

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.41 views

Delta Sql 1.8.2 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Delta Sql 1.8.2 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.59 views

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes

/ Linux/x86 - execve/bin/cat /etc/ssh/sshdconfig Shellcode 44 Bytes Author: Goutham Madhwaraj Tested on: i686 GNU/Linux Shellcode Length: 44 ShoutOut - BarrierSec gcc -fno-stack-protector -z execstack loader-bind.c -o Disassembly of section .text: 08048080 : 8048080: 31 c0 xor eax,eax 8048082: 50...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.33 views

BORGChat 1.0.0 build 438 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://borgchat.10n.ro Software Link: http://borgchat.10n.ro/download.php Version: 1.0.0 build 438 Category: Dos Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.18 views

Simple Chat System 1.0 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Chat System 1.0 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/11610/simple-chat-system.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.93 views

AiOPMSD Final 1.0.0 - q SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: AiOPMSD Final 1.0.0 - 'q' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://aiopmsd.sourceforge.io/ Software Link: https://sourceforge.net/projects/aiopmsd/files/latest/download Version: 1.0.0 Category: Webapps...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.74 views

WebEx Local Service Permissions Code Execution Exploit

This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...

7.9AI score0.1602EPSS
Exploits14
0day.today
0day.today
added 2018/10/25 12:0 a.m.45 views

Apache OFBiz 16.11.04 - XML External Entity Injection Exploit

Exploit for java platform in category web applications Exploit Title: Apache OFBiz 16.11.04 - XML External Entity Injection Exploit Author: Jamie Parfet Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://archive.apache.org/dist/ofbiz/ Version: xXx xXx """ if lensys.argv = 1: print'...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.34 views

WordPress Question Answer 1.2.30 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ========================================================================================== Question Answer v1.2.30 WordPress Plugin - Multiple Cross-Site Scripting Vulnerabilities...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.52 views

Fifa Master XLS 2.3.2 - usw SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Fifa Master XLS 2.3.2 - 'usw' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/fifamasterxls/files/latest/download Version: 2.3.2 Category: Webapp...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.78 views

MPS Box 0.1.8.0 - uuid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested o...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.1866 views

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Exploit

Exploit for linux platform in category dos / poc / libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTIFF tif, uint8 buffe...

8.9AI score0.1496EPSS
Exploits3
0day.today
0day.today
added 2018/10/25 12:0 a.m.139 views

Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability

Exploit for hardware platform in category local exploits Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: OWNIP=192.168.100.102 if -z "$1" then echo "Please enter an IPv4 address as target" exit else...

0.1AI score0.0275EPSS
Exploits3
0day.today
0day.today
added 2018/10/25 12:0 a.m.120 views

D-Link Routers - Command Injection Vulnerability

Exploit for hardware platform in category web applications Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,...

0.4AI score0.78191EPSS
Exploits5
0day.today
0day.today
added 2018/10/25 12:0 a.m.96 views

Adult Filter 1.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: ADULT FILTER 1.0 - Denial of Service PoC Exploit Author: Beren Kuday GÖRÜN Vendor Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Build 2007-Mar-12 Test...

7AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.38 views

Simple POS and Inventory 1.0 - cat SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple POS and Inventory 1.0 - 'cat' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/11625/simple-pos-and-inventory-system.html Software Link:...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.46 views

PHPTPoint Hospital Management System 1 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: phptpoint hospital management system Multiple SQL injection Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.79 views

D-Link Routers - Directory Traversal Vulnerability

Exploit for hardware platform in category web applications Directory Traversal CVE: CVE-2018-10822 CVSS v3: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Description: Directory traversal vulnerability in the web interface on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through...

0.3AI score0.39268EPSS
Exploits12
0day.today
0day.today
added 2018/10/25 12:0 a.m.148 views

D-Link Routers - Plaintext Password Vulnerability

Exploit for hardware platform in category web applications Password stored in plaintext CVE: CVE-2018-10824 Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,...

0.2AI score0.39268EPSS
Exploits9
0day.today
0day.today
added 2018/10/25 12:0 a.m.130 views

Axioscloud Sissiweb Registro Elettronico 7.0.0 - Error_desc Cross-Site Scripting Vulnerability

Exploit for asp platform in category web applications Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Errordesc' Cross-Site Scripting Exploit Author: Dino Barlattani Vendor Homepage: http://axiositalia.it/ Software Link: http://axiositalia.it/?pageid=1907 Version: 1.7.0/7.0.0...

0.1AI score0.02273EPSS
Exploits3
0day.today
0day.today
added 2018/10/25 12:0 a.m.84 views

Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle Vulnerability

Exploit for hardware platform in category local exploits Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: = 5.8.0.12848 Tested Versions: 5.4.0.10182, 5.8.0.12848 Vulnerability Type: X.509 validation -...

0.1AI score0.00734EPSS
Exploits3
0day.today
0day.today
added 2018/10/25 12:0 a.m.35 views

SG ERP 1.0 - info SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SG ERP 1.0 - 'info' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/sgerp/files/latest/download Version: 1.0 Category: Webapps Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.53 views

Microsoft Data Sharing - Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits Microsoft Data Sharing - Local Privilege Escalation Exploit Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/25 12:0 a.m.147 views

AjentiCP 1.2.23.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker c...

6.3AI score0.0356EPSS
Exploits5
Total number of security vulnerabilities39001