Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/07/12 12:0 a.m.60 views

Microsoft Edge Chakra JIT - Out-of-Bounds Reads/Writes Exploit

Exploit for windows platform in category dos / poc / It seems that this issue is similar to the issue 1429 MSRC 42111. It might need to refresh the page several times to observe a crash. PoC: / let arr = new Uint32Array1000; for let i = 0; i 0x1000000; i++ for let j = 0; j 1; j++ i--; i++; arri =...

7.6CVSS7.8AI score0.67233EPSS
Exploits3
0day.today
0day.today
added 2018/07/11 12:0 a.m.65 views

Instagram-Clone Script 2.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting Exploit Author: L0RD Vendor Homepage: https://github.com/yTakkar/Instagram-clone Version: 2.0 CVE: CVE-2018-13849 Tested on: Kali linux POC : Persistent Cross site scripting :...

0.1AI score0.02273EPSS
Exploits5
0day.today
0day.today
added 2018/07/11 12:0 a.m.160 views

IBM QRadar SIEM - Unauthenticated Remote Code Execution Exploit

Exploit for unix platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'IBM QRadar SIEM Unauthenticated Remote Code Execution', 'Description...

7.5CVSS0.56952EPSS
Exploits7
0day.today
0day.today
added 2018/07/10 12:0 a.m.297 views

Oracle WebLogic 12.1.2.0 RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

Exploit for multiple platform in category web applications !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' --------------------------------------------------------------------------------------...

7.5CVSS9.2AI score0.97301EPSS
Exploits15
0day.today
0day.today
added 2018/07/10 12:0 a.m.43 views

Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website : https://soetemansoftware.nl/seo-checker Description...

Exploits0
0day.today
0day.today
added 2018/07/10 12:0 a.m.34 views

D-Link DIR601 2.02 - Credential Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit title: D-Link DIR601 2.02NA - Credential disclosure Exploit Author: Richard Rogerson Vendor Homepage: http://ca.dlink.com/ Software Link: http://support.dlink.ca/ProductInfo.aspx?m=DIR-601 Version: = 2.02NA Tested on: D-Link DIR60...

Exploits0
0day.today
0day.today
added 2018/07/10 12:0 a.m.77 views

OpenSSH < 6.6 SFTP (x64) - Command Execution Exploit

Exploit for linux platform in category remote exploits define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include...

Exploits0
0day.today
0day.today
added 2018/07/10 12:0 a.m.57 views

Elektronischer Leitz-Ordner 10 - SQL Injection Vulnerability

Exploit for linux platform in category web applications Title: Elektronischer Leitz-Ordner 10 - SQL Injection Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Software: https://www.elo.com/en-de/ CVE: N/A Affected Products: ELOenterprise 10 ELO Access Manager = 10.17.120...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/07/10 12:0 a.m.46 views

OpenSSH < 6.6 SFTP - Command Execution Exploit

Exploit for linux platform in category remote exploits OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16...

Exploits0
0day.today
0day.today
added 2018/07/10 12:0 a.m.74 views

Tor Browser < 0.3.2.10 - Use After Free (PoC ) Exploit

Tor Browser versions 0.3.2.x before 0.3.2.10 suffer from a use-after-free vulnerability that can result in a denial of service condition. Exploit Title: Tor Browser - Use After Free PoC Exploit Author: t4rkd3vilz Vendor Homepage: https://www.torproject.org/ Software Link:...

5CVSS7.4AI score0.15591EPSS
Exploits4
0day.today
0day.today
added 2018/07/10 12:0 a.m.33 views

WolfSight CMS 3.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WolfSight CMS 3.2 - SQL Injection Exploit Author: Berk Dusunur & Zehra Karabiber Vendor Homepage: http://www.wolfsight.com Software Link: http://www.wolfsight.com Version: v3.2 Tested on: Parrot OS / WinApp Server CVE : N/A PoC...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/07/09 12:0 a.m.21 views

Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Boxoft wav-wma Converter - Local Buffer Overflow SEH Software Link: http://www.boxoft.com/wav-to-wma/ Software Version:1.0 Exploit Author: Achilles Target: Windows 7 x64 CVE: Description: A malicious .wav file cause this...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/07/09 12:0 a.m.25 views

Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Date : 01/07/2018 Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website : https://soetemansoftware.nl/seo-checker...

Exploits0
0day.today
0day.today
added 2018/07/09 12:0 a.m.52 views

Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits Exploit Title: Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 Exploit Author: Maurice Heumann Contact: https://twitter.com/momo5502?lang=en Website: https://momo5502.com/ CVE: CVE-2018-10718 Category:...

10CVSS0.1AI score0.31569EPSS
Exploits4
0day.today
0day.today
added 2018/07/09 12:0 a.m.17 views

Linux/x86 - Kill Process Shellcode (20 bytes)

/ Exploit Title: Kill PID shellcode Date: 07/09/2018 Exploit Author: Nathu Nandwani Platform: Linux/x86 Size: 20 bytes Compile: gcc -fno-stack-protector -z execstack killproc.c -o killproc / include include int main unsigned short pid = 2801; char shellcode = "\x31\xc0" / xor eax, eax / "\xb0\x25...

0.7AI score
Exploits0
0day.today
0day.today
added 2018/07/08 12:0 a.m.66 views

GitList 0.6.0 Argument Injection Exploit

This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'. This module requires Metasploit: https://metasploit.com/download Current source:...

0.7AI score
Exploits0
0day.today
0day.today
added 2018/07/08 12:0 a.m.39 views

HID discoveryd command_blink_on Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. This Metasploit module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 Build 04/23/2012. This modul...

0.7AI score
Exploits0
0day.today
0day.today
added 2018/07/08 12:0 a.m.40 views

HP VAN SDN Controller Root Command Injection Exploit

This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege...

0.7AI score
Exploits0
0day.today
0day.today
added 2018/07/06 12:0 a.m.53 views

PolarisOffice 2017 8 - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ============= www.polarisoffice.com Product: =========== PolarisOffice 2017 v8 Polaris Document Solution is an integrated solution for corporate document life cycle from document creation, use,...

0.20311EPSS
Exploits6
0day.today
0day.today
added 2018/07/06 12:0 a.m.45 views

Airties AIR5444TT - Cross-Site Scripting Vulnerability

Exploit for windows platform in category web applications Exploit Title: Airties AIR5444TT - Cross-Site Scripting Exploit Author: Raif Berkay Dincel Vendor Homepage: airties.com Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 CVE-ID: CVE-2018-8738 Tested on: MacOS High Sierr...

6.4AI score0.02273EPSS
Exploits5
0day.today
0day.today
added 2018/07/05 12:0 a.m.52 views

SoftExpert Excellence Suite 2.0 - cddocument SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAILS A...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/07/05 12:0 a.m.86 views

ADB Broadband Gateways / Routers - Authorization Bypass Vulnerability

Exploit for hardware platform in category web applications ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N, DV2210, VV2220,...

0.4AI score0.35862EPSS
Exploits5
0day.today
0day.today
added 2018/07/05 12:0 a.m.41 views

Intel Processor Diagnostic Tool (IPDT) Privilege Escalation Vulnerability

Intel Processor Diagnostic Tool IPDT versions prior to 4.1.0.27 suffer from three code execution and privilege escalation vulnerabilities. Hi @ll, the executable installers of Intel's Processor Diagnostic Tool IPDT before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow...

1.1AI score
Exploits0
0day.today
0day.today
added 2018/07/05 12:0 a.m.98 views

ADB Broadband Gateways / Routers - Local Root Jailbreak Vulnerability

Exploit for hardware platform in category local exploits title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N, DV2210, VV2220, VV5522, etc. fixed version: see "Solution"...

0.1AI score0.01583EPSS
Exploits5
0day.today
0day.today
added 2018/07/05 12:0 a.m.71 views

ADB Broadband Gateways / Routers - Privilege Escalation Vulnerability

Exploit for hardware platform in category local exploits title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N, DV2210, VV2220, VV5522, etc. fixed version: see "Solution"...

0.6AI score0.06489EPSS
Exploits5
0day.today
0day.today
added 2018/07/04 12:0 a.m.79 views

CMSMadeSimple 2.2.5 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE:...

4.3CVSS6.5AI score0.40548EPSS
Exploits15
0day.today
0day.today
added 2018/07/04 12:0 a.m.56 views

Apache PDFBox 1.8.14 / 2.0.10 Denial Of Service Vulnerability

Exploit for windows platform in category dos / poc CVE-2018-8036 DoS OOM Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions...

6.3AI score0.04834EPSS
Exploits1
0day.today
0day.today
added 2018/07/04 12:0 a.m.61 views

Online Trade - Information Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on:...

0.1AI score0.10662EPSS
Exploits5
0day.today
0day.today
added 2018/07/04 12:0 a.m.59 views

ShopNx - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload Exploit Author: L0RD Email: email protected Vendor Homepage: http://codenx.com/ Version: 1 CVE: CVE-2018-12519 Tested on: Win 10...

0.2AI score0.07864EPSS
Exploits5
0day.today
0day.today
added 2018/07/04 12:0 a.m.70 views

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution Exploit

ManageEngine Exchange Reporter Plus versions 5310 and below suffer from a remote code execution vulnerability. Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacp...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.182 views

NuCom NC-WR644GACV Unauthenticated Configuration File Download Vulnerability

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials. Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the confi...

9.7AI score0.01082EPSS
Exploits2
0day.today
0day.today
added 2018/07/03 12:0 a.m.48 views

Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction Vulnerability

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the origurl parameter, possibly causing a traffic amplification and/or SSRF outcome...

6.9AI score0.30274EPSS
Exploits3
0day.today
0day.today
added 2018/07/03 12:0 a.m.154 views

Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)

/ Linux/x86 - execve /bin/cat /etc//passwd shellcode 37 bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 37 Greetz - Manish Kishan Tanwar,Kishan Sharma,Vardan,Himanshu,Ravi and Spirited w0lf Disassembly of section .text: 08048060 : 8048060: 29 c9 sub ecx,ecx 8048062: 51...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.84 views

Geutebruck 5.02024 G-Cam/EFD-2250 - simple_loglistjs.cgi Remote Command Execution Exploit

This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simpleloglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware 'Geutebruck simpleloglistjs.cgi Remote Command...

7.5CVSS9.7AI score0.01598EPSS
Exploits4
0day.today
0day.today
added 2018/07/03 12:0 a.m.30 views

Microsoft Windows Kernel (win32k.sys) Local Denial Of Service Vulnerability

Microsoft Windows Kernel win32k.sys suffers from a local denial of service null pointer vulnerability in NtUserConsoleControl. It is possible to trigger a BSOD caused by a Null pointer deference when calling the system call NtUserConsoleControl with the following arguments: -...

7AI score
Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.162 views

Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.64 views

WeChat Pay SDK XXE Injection Vulnerability

Exploit for java platform in category web applications Title XXE in WeChat Pay Sdk WeChat leave a backdoor on merchant websites ------------------------------------------ Background aMobile payments surge to $9 trillion a year, changing how people shop, borrowaeven panhandlea, as WSJ.com once...

Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.39 views

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications...

1.9AI score
Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.57 views

VMware NSX SD-WAN Edge < 3.1.2 - Command Injection Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start Vendor...

0.2AI score0.86431EPSS
Exploits6
0day.today
0day.today
added 2018/07/03 12:0 a.m.60 views

ModSecurity 3.0.0 - Cross-Site Scripting Vulnerability

Exploit for linux platform in category web applications Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description:...

6.4AI score0.01353EPSS
Exploits3
0day.today
0day.today
added 2018/07/03 12:0 a.m.59 views

Core FTP LE 2.2 - Buffer Overflow Exploit

Exploit for windows platform in category web applications Exploit Title: Core FTP LE 2.2 - Buffer Overflow PoC Exploit Author: Berk Cem Göksel Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download Version: Core FTP Client LE v2.2 Build 1921 Tested on: Windows 10...

0.06954EPSS
Exploits5
0day.today
0day.today
added 2018/07/03 12:0 a.m.35 views

SIPp 3.6 - Local Buffer Overflow Vulnerability

Exploit for linux platform in category dos / poc Exploit Title: SIPp 3.6 - Local Buffer Overflow PoC Exploit Author: Fakhri Zulkifli Vendor Homepage: http://sipp.sourceforge.net/ Software Link: https://github.com/SIPp/sipp/releases Version: 3.6-dev and earlier Tested on: 3.6-dev $ ./sipp -3pcc...

Exploits0
0day.today
0day.today
added 2018/07/03 12:0 a.m.55 views

openslp 2.0.0 - Double-Free Exploit

Exploit for linux platform in category dos / poc ''' | | | | | | | || | | | | -| | . | . | | . | . | | | . | | -| | | | -| -| ||| || ||||||| || || ||| || 2018-06-28 SLPD DOUBLE FREE ================ CVE-2018-12938 An issue was found in openslp-2.0.0 that can be used to induce a double free bug or...

0.1AI score
Exploits3
0day.today
0day.today
added 2018/07/03 12:0 a.m.79 views

Boxoft WAV To MP3 Converter 1.1 Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter versions 1.0 and 1.1. By constructing a specially crafted WAV file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. This module requir...

7.5CVSS0.1AI score0.58272EPSS
Exploits6
0day.today
0day.today
added 2018/07/03 12:0 a.m.92 views

OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure Vulnerabilities

OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: 58055 Bug ID Vulnerability type: XEE CWE-611 Vulnerable version: 7.8.4 Vulnerable component:...

6.3AI score0.01867EPSS
Exploits3
0day.today
0day.today
added 2018/07/03 12:0 a.m.152 views

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow Exploit

Exploit for hardware platform in category dos / poc Exploit Title: Delta Electronics Delta Industrial Automation COMMGR - Remote STACK-BASED BUFFER OVERFLOW Exploit Author: t4rkd3vilz Vendor Homepage: http://www.deltaww.com/ Software Link:...

0.3AI score0.68957EPSS
Exploits10
0day.today
0day.today
added 2018/07/03 12:0 a.m.118 views

extjs getTip() Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications A XSS vulnerability exists in the getTip method of Action Columns. The Ext JS framework brings no built-in XSS protection, meaning that developers are responsible for sanitizing their output. However. the method above takes HTML-escaped data a...

6.4AI score0.67014EPSS
Exploits1
0day.today
0day.today
added 2018/07/03 12:0 a.m.68 views

ntop-ng Authentication Bypass Vulnerability

Exploit for linux platform in category remote exploits Vulnerability title: ntop-ng 3.4.180617 - Authentication Bypass Author: Ioannis Profetis Contact: me at x86.re Vulnerable versions: 3.4.180617-4560 Fixed version: 3.4.180617 Link: ntop.org Date: 2.07.2018 CVE-2018-12520 Product Details ntopng...

0.1AI score0.10675EPSS
Exploits5
0day.today
0day.today
added 2018/07/01 12:0 a.m.33 views

Enhanced Mitigation Experience Toolkit (EMET) XML Injection Vulnerability

Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ================ www.microsoft.com Product: =========== Enhanced Mitigation Experience Toolkit EMET Enhanced Mitigation Experience Toolkit is a freeware security toolkit for Microsoft Windows,...

7.5AI score
Exploits0
0day.today
0day.today
added 2018/06/30 12:0 a.m.66 views

TP-Link TL-WR841N V13 Cross Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Vulnerability: Cross-Site Request Forgery Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Overview The web interface of the router is vulnerable to CSRF. An...

0.3AI score0.00465EPSS
Exploits2
Total number of security vulnerabilities39001