Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/10/17 12:0 a.m.85 views

Acunetix Web Vulnerability Scanner 10 *.slg Buffer Overflow (PoC) Exploit

Exploit for windows platform in category dos / poc Exploit Title: Acunetix Web Vulnerability Scanner 10 ".slg" Buffer Overflow PoC Author: Kağan Çapar Software Link: https://s3.amazonaws.com/a280ccaaf904330a389db759e6275285/acunetixtrial.exe Vendor Homepage : https://www.acunetix.com Tested...

Exploits0
0day.today
0day.today
added 2018/10/17 12:0 a.m.34 views

ManageEngine OPManager 12.3 Cross Site Scripting Vulnerability

ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability...

2.3AI score0.01953EPSS
Exploits1
0day.today
0day.today
added 2018/10/16 12:0 a.m.30 views

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Exploit

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.30 views

Library CMS 2.1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.70 views

Rukovoditel Project Management CRM 2.3 - path SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: 2.3 Category: Webapps Test...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.23 views

HotelDruid 2.2.4 - anno SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.38 views

Wordpress Support Board 1.2.3 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And Help Desk Version :...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.68 views

VLC Media Player - MKV Use-After-Free Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VLC Media Player MKV Use After Free', 'Description' = %q This module exploits a use after...

6.8CVSS0.5AI score0.40612EPSS
Exploits10
0day.today
0day.today
added 2018/10/16 12:0 a.m.29 views

MV Video Sharing Software 1.2 - searchname SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MV Video Sharing Software 1.2 - 'searchname' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://melerovideo.com/software/ Software Link: https://sourceforge.net/projects/mvvideosharingsoftware/ Version: 1.2...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.38 views

Kados R10 GreenBee - release_id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapps Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.64 views

Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure Exploit

Exploit for windows platform in category dos / poc Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory leading to...

8.2AI score0.0307EPSS
Exploits2
0day.today
0day.today
added 2018/10/16 12:0 a.m.54 views

HighPortal 12.5 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Vulnerable Product: HighPortal Affected version: 12.5 Vulnerability Type: XSS CVE: CVE-2018-17964 CWE: CWE-79 Credit: Ali Abdollahi Remote: Yes Description:XSS vulnerability on Aryanic HighPortal version 12.5 via an Add Tags action.Contact:...

0.3AI score0.03855EPSS
Exploits2
0day.today
0day.today
added 2018/10/16 12:0 a.m.23 views

Vishesh Auto Index 3.1 - fid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Vishesh Auto Index 3.1 - 'fid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.vishesh.cf/ Software Link: https://sourceforge.net/projects/vishesh-wap-auto-index/files/latest/download Version: 3.1 Category...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.29 views

GIU Gallery Image Upload 0.3.1 - category SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://tradesouthwest.com Software Link: https://sourceforge.net/projects/giugalleryimageupload/ Version: 0.3.1 Category:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/16 12:0 a.m.226 views

Navigate CMS 2.8.5 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link: http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip Version...

Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.47 views

FLIR Brickstream 3D+ - RTSP Stream Disclosure Vulnerability

Exploit for hardware platform in category web applications FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: Th...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.27 views

Advanced HRM 1.6 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1.6...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.30 views

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Vulnerability

Exploit for hardware platform in category web applications...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.28 views

College Notes Management System 1.0 - user SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: College Notes Management System 1.0 - 'user' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://anirbandutta.ml/ Software Link: https://sourceforge.net/projects/college-notes-management/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.16 views

AlchemyCMS 4.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications...

1.3AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.20 views

BigTree CMS 4.2.23 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: BigTree CMS 4.2.23 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.bigtreecms.org/ Software Link : https://github.com/bigtreecms/BigTree-CMS/ Software : BigTree CMS Version : 4.2.23...

6.4AI score0.03648EPSS
Exploits4
0day.today
0day.today
added 2018/10/15 12:0 a.m.56 views

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.20 views

Academic Timetable Final Build 7.0a-7.0b - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.16 views

Academic Timetable Final Build 7.0 - Information Disclosure Exploit

Exploit for php platform in category web applications \n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.102 views

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.17 views

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.91 views

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.18 views

Snes9K 0.0.9z - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Snes9K 0.0.9z - Buffer Overflow SEH Exploit Author: Abdullah Alıç Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.24 views

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/15 12:0 a.m.106 views

Solaris RSH Stack Clash Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit modul...

7.2CVSS0.4AI score0.05989EPSS
Exploits16
0day.today
0day.today
added 2018/10/15 12:0 a.m.20 views

KORA 2.7.0 - cid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/10/13 12:0 a.m.849 views

D-Link DSL-2640T Cross Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Multiple XSS Vulnerabilities in D-Link DSL-2640T Exploit Author: Anas Falhi/m0ti0nl3ss ,https://anasfalhi.blogspot.com. Tested on: D-Link DSL-2640T Tags: xss, cross site scripting, D-Link DSL-2640T router POC: a!XSS via GET...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.124 views

Phoenix Contact WebVisit 2985725 - Authentication Bypass Exploit

Exploit for windows platform in category web applications Exploit Title: Phoenix Contact WebVisit 2985725 - Authentication Bypass Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link:...

7.5CVSS7.1AI score0.11199EPSS
Exploits4
0day.today
0day.today
added 2018/10/12 12:0 a.m.59 views

gsview -dSAFER Not Used Vulnerability

Exploit for windows platform in category dos / poc gsview: -dSAFER not used I was planning to test the exploit for bug 1640 against gsview, the official ghostscript viewer, but it turns out systemdict /SAFER get returns false. That means opening a file in gsview is equivalent to running arbitrary...

7AI score
Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.29 views

LUYA CMS 1.0.12 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications...

1.3AI score
Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.75 views

NoMachine 5.3.26 Remote Code Execution Exploit

NoMachine versions 5.3.26 and below suffer from a remote code execution vulnerability when opening a malicious .nxs file. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt...

7.8CVSS0.6AI score0.04554EPSS
Exploits5
0day.today
0day.today
added 2018/10/12 12:0 a.m.272 views

Teltonika RUT9XX Unauthenticated OS Command Injection Exploit

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...

1.2AI score0.71328EPSS
Exploits3
0day.today
0day.today
added 2018/10/12 12:0 a.m.51 views

Teltonika RUT9XX Reflected Cross Site Scripting Vulnerability

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. Teltonika RUT9XX Reflected Cross-Site Scripting XSS Link:...

6.4AI score0.01958EPSS
Exploits3
0day.today
0day.today
added 2018/10/12 12:0 a.m.87 views

Teltonika RUT9XX Missing Access Control To UART Root Terminal Vulnerability

Exploit for cgi platform in category web applications Teltonika RUT9XX Missing Access Control to UART Root Terminal Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02TeltonikaIncorrectAccessControl Vulnerability Overview Teltonika RUT9XX routers with firmware...

0.3AI score0.00724EPSS
Exploits3
0day.today
0day.today
added 2018/10/12 12:0 a.m.53 views

Cockpit CMS CSRF / XSS / Path Traversal Vulnerabilities

Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities. Version 0.6.2 should address these issues. 1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "../" to traverse to other folders via reques...

0.2AI score0.02259EPSS
Exploits3
0day.today
0day.today
added 2018/10/12 12:0 a.m.31 views

HaPe PKH 1.1 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.20 views

HaPe PKH 1.1 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...

Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.26 views

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for perl platform in category web applications Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/10/12 12:0 a.m.47 views

FluxBB < 1.5.6 - SQL Injection Exploit

Exploit for multiple platform in category web applications !/usr/bin/env python Friday, November 21, 2014 - secthrowaway safe-mail net FluxBB 80: sys.exit'SQL too long, max 80 chars' print "1st stage: %s %d chars" % sql, lensql r = urlopenRequest'%sprofile.php?action=changeemail&id=%s' % url, uid...

7.5CVSS0.0257EPSS
Exploits2
0day.today
0day.today
added 2018/10/12 12:0 a.m.49 views

CAMALEON CMS 2.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability...

6.3AI score0.01049EPSS
Exploits2
0day.today
0day.today
added 2018/10/12 12:0 a.m.55 views

SugarCRM 6.5.26 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...

0.1AI score0.04353EPSS
Exploits5
0day.today
0day.today
added 2018/10/11 12:0 a.m.63 views

VLC Media Player 2.2.8 MKV Use-After-Free Exploit

This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main...

6.8CVSS2AI score0.40612EPSS
Exploits10
0day.today
0day.today
added 2018/10/11 12:0 a.m.77 views

DELL EMC OneFS Storage Administration 8.1.2.0 .zshrc Overwrite Exploit

!/usr/bin/env python Exploit name : isilon-onefs-brute.py Created date : 9/21/18 Submit Date : 10/10/18 Author : wetw0rk Python version : 2.7 Brute Force Script:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/10/11 12:0 a.m.60 views

Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Vulnerability

Exploit for windows platform in category web applications Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and...

5.8AI score0.23373EPSS
Exploits5
0day.today
0day.today
added 2018/10/11 12:0 a.m.61 views

Phoenix Contact WebVisit 6.40.00 - Password Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link:...

5CVSS7.2AI score0.05845EPSS
Exploits4
Total number of security vulnerabilities39001