Lucene search
K

39001 matches found

0day.today
0day.today
•added 2018/07/30 12:0 a.m.•67 views

Charles Proxy 4.2 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the...

0.0076EPSS
Exploits3
0day.today
0day.today
•added 2018/07/30 12:0 a.m.•32 views

ipPulse 1.92 - IP Address/HostName-Comment Denial of Service #PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link : http://download.netscantools.com/ipls192.zip Tested...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/30 12:0 a.m.•27 views

Allok MOV Converter 4.6.1217 Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title : Allok MOV Converter 4.6.1217 - Remote Buffer Overflow Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Youtube Channel : www.youtube.com/c/Pentestingwithspirit Software Link :...

7.2AI score
Exploits0
0day.today
0day.today
•added 2018/07/30 12:0 a.m.•167 views

fusermount - user_allow_other Restriction Bypass and SELinux Label Control Exploit

Exploit for linux platform in category dos / poc / It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode:...

6.7AI score0.01414EPSS
Exploits3
0day.today
0day.today
•added 2018/07/30 12:0 a.m.•64 views

Responsive Filemanager 9.13.1 Server-Side Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Responsive filemanager - SSRF Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zi...

0.6AI score0.76511EPSS
Exploits5
0day.today
0day.today
•added 2018/07/30 12:0 a.m.•44 views

H2 Database 1.4.197 - Information Disclosure Exploit

Exploit for linux platform in category web applications Exploit Title: H2 Database 1.4.197 - Information Disclosure Exploit Author: owodelta Vendor Homepage: www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux CVE : CVE-2018-14335...

6.8AI score0.13389EPSS
Exploits5
0day.today
0day.today
•added 2018/07/30 12:0 a.m.•83 views

Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control Vulnerability

Exploit for windows platform in category remote exploits Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.835...

0.1AI score0.02884EPSS
Exploits2
0day.today
0day.today
•added 2018/07/29 12:0 a.m.•88 views

ProjectSend - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: ProjectSend - SQL Injection Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/241/ Version: R1053 Tested on: ProjectSend version: R1053, php...

0.3AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•27 views

FTPShell Client 5.22 Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title : FTPShell Client 5.22 - Remote Buffer Overflow Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : email protected Youtube Channel : www.youtube.com/c/Pentestingwithspirit...

7.5AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•33 views

NetScanTools Basic Edition 2.5 - Hostname Denial of Service (PoC) Exploit

Exploit for windows platform in category dos / poc Exploit Title: NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service PoC Discovery by: Luis Martínez Vendor Homepage: https://www.netscantools.com/ Software Link : http://download.netscantools.com/nstb250.zip Tested Version: 2.5...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•37 views

WordPress Gwolle Guestbook 2.5.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwolle Guestbook plugin Language: PHP Version: 2.5.3 and below Vendor Status: Vendor...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•23 views

WordPress Snazzy Maps 1.1.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Snazzy Maps plugin Language: PHP Version: 1.1.3 and below Vendor Status: Vendor contacted, no...

Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•60 views

WordPress Strong Testimonials 2.31.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Strong Testimonials plugin Language: PHP Version: 2.31.4 and below Vendor Status:...

Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•28 views

WordPress Responsive Thumbnail Slider Plugin - Arbitrary File Upload Exploit

Exploit for php platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "WordPress Responsive Thumbnail Slider Arbitrary File Upload", 'Description' = %q This module...

Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•63 views

Online Trade 1 - Information Disclosure Vulnerability

Exploit for linux platform in category web applications Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: Dhamotharan Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE : CVE-2018-14328 Version: 1...

9.7AI score0.10662EPSS
Exploits5
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•55 views

Super CMS Blog Pro PHP Script 1.0 SQL Injection / Shell Upload Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Super Cms Blog Pro PHP Script v1.0 - Upload shell & SQL Injection Google Dork: N/A Date: 2018/25/7 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://www.codester.com/Seunex Software Buy:...

0.1AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•23 views

QNap QVR Client 5.1.1.30070 - Password Denial of Service #PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service PoC Discovery by: Luis Martínez Vendor Homepage: https://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/QVRClient/Qmon5.1.1.30070.zip Test...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•23 views

CleanMyMac3 Local Privilege Escalation Exploit

Exploit for macOS platform in category local exploits CleanMyMac3 installs a rooted helper com.macpaw.CleanMyMac3.Agent, and its XPC interface does not validate anything. In CMPrivilegedOperationprotocol, there are actually more than one way to execute privileged code. The most straight forward o...

0.2AI score
Exploits0
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•51 views

Tracto ERC20 Integer Overflow Vulnerability

Exploit for multiple platform in category dos / poc Hello,I found an integer overflow in increaseApproval function.And it doesn't use the safe function to add value. code addresss: https://etherscan.io/address/0x30ceCB5461A449A90081F5a5F55db4e048397BAB vuln code: function increaseApproval address...

0.5AI score0.01205EPSS
Exploits1
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•116 views

Skia - Heap Overflow in SkScan::FillPath due to Precision Error Vulnerability

Exploit for multiple platform in category dos / poc There is a heap overflow in Skia when drawing paths with antialiasing turned off. This issue can be triggered in both Google Chrom and Mozilla Firefox by rendering a specially crafted SVG image. PoCs for both browsers are attached. Details: When...

0.07666EPSS
Exploits1
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•2048 views

Axis Network Camera Remote Command Execution Exploit

This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...

0.7AI score0.86682EPSS
Exploits6
0day.today
0day.today
•added 2018/07/27 12:0 a.m.•59 views

SoftNAS Cloud OS Command Injection Vulnerability

Exploit for php platform in category web applications SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date published: 2018-07-26...

0.89575EPSS
Exploits5
0day.today
0day.today
•added 2018/07/26 12:0 a.m.•44 views

Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware,...

0.2AI score0.17871EPSS
Exploits5
0day.today
0day.today
•added 2018/07/26 12:0 a.m.•78 views

Inteno IOPSYS - (Authenticated) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" re...

0.6AI score0.01491EPSS
Exploits2
0day.today
0day.today
•added 2018/07/26 12:0 a.m.•23 views

Core FTP 2.0 - XRMD Denial of Service PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: Core FTP 2.0 - 'XRMD' Denial of Service PoC Exploit Author: Erik David Martin Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/server/download/CoreFTPServer.exe Version: Version 2.0, build 653, 32-bit...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/25 12:0 a.m.•114 views

SMPlayer 18.6.0 Memory Corruption Exploit

Exploit for multiple platform in category dos / poc SMPlayer 18.6.0 - Memory Corruption DoS Vulnerability Product & Service Introduction: =============================== SMPlayer is a free multimedia player for Windows and Linux with built-in codecs that can play virtually any video and audio...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/25 12:0 a.m.•21 views

10-Strike LANState 8.8 - Local Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: 10-Strike LANState 8.8 - Local Buffer Overflow SEH Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/lanstate/download.shtml Version 8.8 Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
•added 2018/07/25 12:0 a.m.•167 views

Sourcetree Remote Code Execution Exploit

Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected. Sourcetree Remote Code Execution Exploit CVE ID: CVE-2018-11235. CVE-2018-13385...

6.8CVSS0.5AI score0.49188EPSS
Exploits10
0day.today
0day.today
•added 2018/07/25 12:0 a.m.•20 views

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Title: 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow SEH Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/bandwidth-monitor/download.shtml Run script, open ...

0.1AI score
Exploits0
0day.today
0day.today
•added 2018/07/25 12:0 a.m.•275 views

GeoVision GV-SNVR0811 Directory Traversal Vulnerability

Exploit for linux platform in category web applications Exploit Title: GeoVision GV-SNVR0811 Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Vendor Homepage: http://www.geovision.com.tw/product/GV-SNVR0811 Software Link:...

Exploits0
0day.today
0day.today
•added 2018/07/25 12:0 a.m.•56 views

GetGo Download Manager 6.2.1.3200 - Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow Denial of Service Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2017-17849 Tested On: Windows 7 x86, Windows 10 x64 Details The downloader feature of GetGo...

10CVSS0.1AI score0.19015EPSS
Exploits9
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•43 views

NUUO NVRmini - upgrade_handle.php Remote Command Execution Vulnerability

Exploit for hardware platform in category web applications Exploit Title: NUUO NVR Unauthenticated Remote Code Execution Exploit Author: Berk Dusunur Vendor Homepage: http://www.nuuo.com/ Software Link: http://www.nuuo.com/ Affected Version: v2016 Tested on: Parrot OS CVE : N/A Proof Of Concept G...

0.3AI score
Exploits0
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•40 views

Windows Speech Recognition - Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Title: Windows Speech Recognition- Buffer Overflow Author: Nassim Asrir Contact: email protected | https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.microsoft.com/ About Windows Speech Recognition:...

7AI score
Exploits0
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•55 views

Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) Exploit

Exploit for hardware platform in category web applications Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2015-5996 Description: The router is vulnerable to a cross-site request forge...

6.8CVSS8.7AI score0.01383EPSS
Exploits4
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•60 views

Network Manager VPNC 1.2.4 Privilege Escalation Vulnerability

Network Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability. Network Manager VPNC - Privilege Escalation CVE-2018-10900 Release URL: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc CVE: CVE-2018-10900 Author: Denis Andzakovic Source:...

0.7AI score0.05059EPSS
Exploits7
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•36 views

D-link DAP-1360 - Path Traversal / Cross-Site Scripting Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com...

0.2AI score
Exploits0
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•1066 views

Cisco Adaptive Security Appliance Path Traversal Exploit

This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal",...

5CVSS0.5AI score0.99903EPSS
Exploits18
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•17 views

Davolink DVW 3200 Router - Password Disclosure Exploit

Exploit for hardware platform in category web applications Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Autho...

7.4AI score
Exploits0
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•68 views

Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution Exploit

Exploit for php platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module...

0.80539EPSS
Exploits5
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•21 views

Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (100 bytes)

Title: Linux/x86 - Bind 4444/TCP Shell + IPv6 Shellcode 100 bytes Length : 100bytes Author: Kartik Durg Write-up Link: https://iamroot.blog/2018/07/17/0x1-shellbindtcpipv6-linux-x86/ Tested on: Ubuntu 16.0.4.1 i686 / global start section .text start: ;References: ;1http://syscalls.kernelgrok.com/...

0.1AI score
Exploits0
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•34 views

WordPress LimoLabs 1.0.0 Remote Password Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin LimoLabs-iCabbi Remote Password Disclosure Google Dork: inurl:"plugins/limolabs-icabbi" Exploit Author: Gabriel Lipski gabriel.lipskiATprotonmail.com Vendor Homepage: https://www.icabbi.com Tested on: Ubuntu...

Exploits0
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•85 views

Nagios Core 4.4.1 - Denial of Service Vulnerability

Exploit for linux platform in category dos / poc Exploit Title: Nagios Core Multiple Local Denial of Service Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.nagios.org/ Software Link: https://www.nagios.org/downloads/nagios-core/ Version: 4.4.1 and earlier Tested on: 4.4.1...

5.8AI score0.0451EPSS
Exploits7
0day.today
0day.today
•added 2018/07/24 12:0 a.m.•65 views

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Splinterware System Scheduler Pro 5.12 - Local Buffer Overflow SEH Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.12...

6.8AI score
Exploits0
0day.today
0day.today
•added 2018/07/23 12:0 a.m.•87 views

Poppler v0.62.0 Memory Corruption Vulnerability

Exploit for linux platform in category dos / poc Title: Poppler v0.62.0 Memory Corruption Vulnerability CVE: CVE-2018-13988 CWE: CWE-119 Exploit Author: Hosein Askari Vendor HomePage: https://poppler.freedesktop.org/ Version : version 0.62.0 and earlier versions Tested on: Ubuntu 18.04...

0.2AI score0.0315EPSS
Exploits1
0day.today
0day.today
•added 2018/07/23 12:0 a.m.•81 views

TP-Link Archer C2 v3.0 UnAuthenticated Remote Code Execution Vulnerability

Exploit for hardware platform in category web applications Exploit Title: UnAuthenticated Remote Code Execution at TP-Link Archer C2 Router Date: 17.07.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.tp-link.com/ Hardware Link :...

0.1AI score
Exploits0
0day.today
0day.today
•added 2018/07/23 12:0 a.m.•90 views

Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion Vulnerabilities

Exploit for php platform in category web applications This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applicationsmanager/issues.html ========================== Advisory: Zoho manageengine Applications Manager...

0.1AI score0.98463EPSS
Exploits7
0day.today
0day.today
•added 2018/07/21 12:0 a.m.•101 views

Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues Vulnerability

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML...

0.2AI score0.01019EPSS
Exploits2
0day.today
0day.today
•added 2018/07/21 12:0 a.m.•71 views

Microsoft DNS dnslint.exe Tool Forced Drive-By Download Vulnerability

Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name...

7.2AI score
Exploits0
0day.today
0day.today
•added 2018/07/21 12:0 a.m.•49 views

Linux Driver National Instruments Remote Code Injection Vulnerability

Exploit for linux platform in category remote exploits Hello , i've recently discovered a critical vulnerability in the National Instruments Linux driver package, which opens up an remote code injection software update vulnerability. Classification: CRITICAL / 0day - easily exploitable Impact:...

Exploits0
0day.today
0day.today
•added 2018/07/20 12:0 a.m.•630 views

CMS Made Simple 2.2.5 Authenticated Remote Command Execution Exploit

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory. This module requires Metasploit: https://metasploit.com/download Current source:...

4.3CVSS6.4AI score0.40548EPSS
Exploits15
Total number of security vulnerabilities39001