Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/06/20 12:0 a.m.136 views

Redis 5.0 - Denial of Service Vulnerability

Exploit for linux platform in category dos / poc Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the...

7.8AI score0.24182EPSS
Exploits5
0day.today
0day.today
added 2018/06/19 12:0 a.m.35 views

Redatam Web Server < 7 - Directory Traversal Vulnerability

Exploit for windows platform in category web applications Exploit Title: Redatam Web Server R+SP WebUtilities Exception Error Number 401 Error Message File not found in folder C:\wamp\apps\redatam\redbin...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/06/19 12:0 a.m.942 views

Redis-cli < 5.0 - Buffer Overflow Exploit

Exploit for linux platform in category local exploits Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow ...

7.5AI score0.02678EPSS
Exploits5
0day.today
0day.today
added 2018/06/19 12:0 a.m.82 views

Microsoft COM for Windows - Privilege Escalation Exploit

Exploit for windows platform in category local exploits Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exis...

5.1CVSS0.73469EPSS
Exploits6
0day.today
0day.today
added 2018/06/19 12:0 a.m.5164 views

phpMyAdmin 4.x Remote Code Execution Exploit

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

7.5CVSS1.1AI score0.81373EPSS
Exploits8
0day.today
0day.today
added 2018/06/18 12:0 a.m.28 views

Audiograbber 1.83 - Local Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: Audiograbber 1.83 - Local Buffer Overflow SEH Exploit Author: Dennis 'dhn' Herrmann Vendor Homepage: https://www.audiograbber.org/ Version: 1.83 Tested on: Windows 7 SP1 x86 !/usr/bin/env python $Id: exploit.py,v 1.0 2018/06/1...

Exploits0
0day.today
0day.today
added 2018/06/18 12:0 a.m.79 views

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit 0day.today 2018-06-18...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/18 12:0 a.m.60 views

Joomla jomres 9.11.2 Component - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla!Component jomres 9.11.2 - Cross site request forgery Date: 2018-06-15 Exploit Author: L0RD Vendor Homepage: https://www.jomres.net/ Software link: https://extensions.joomla.org/extension/jomres/ Software Download:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/18 12:0 a.m.79 views

Nikto 2.1.6 - CSV Injection Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on:...

9.3AI score0.24727EPSS
Exploits5
0day.today
0day.today
added 2018/06/18 12:0 a.m.37 views

Pale Moon Browser < 27.9.3 - Use After Free Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList'; 0day.today 2018-06-18...

9.4AI score0.09182EPSS
Exploits5
0day.today
0day.today
added 2018/06/16 12:0 a.m.63 views

Dimofinf CMS 3.0.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS"...

0.0175EPSS
Exploits5
0day.today
0day.today
added 2018/06/16 12:0 a.m.73 views

OEcms 3.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1"...

0.2AI score0.05103EPSS
Exploits5
0day.today
0day.today
added 2018/06/15 12:0 a.m.43 views

WordPress Redirection 2.7.1 Deserialization Code Execution Vulnerability

Exploit for php platform in category web applications Details ================ Software: Redirection Version: 2.7.1 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/unserialization-redirection/ CVE: Awaiting assignment CVSS: 9 High;...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/06/15 12:0 a.m.128 views

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Vulnerability

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway suffer from a privilege escalation vulnerability. Rockwell Automation RSLinx Classic versions 3.90.01, 3.73.00, 3.72.00, and 2.58.00 are susceptible. Rockwell Automation FactoryTalk Linx Gateway version 3.90.00 is susceptible. Rockwe...

0.8AI score0.02755EPSS
Exploits7
0day.today
0day.today
added 2018/06/15 12:0 a.m.38 views

Easy Chat Server 3.1 Add User Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/env python ---------------------------------------------------------------------------------------------------------- Exploit Title : Easy Chat Server 3.1 - 'Add user' Local Buffer Overflow Exploit Author : Hashim Jawad -...

Exploits0
0day.today
0day.today
added 2018/06/15 12:0 a.m.34 views

Soroush IM Desktop app 0.15 - Authentication Bypass Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 180...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/15 12:0 a.m.72 views

rtorrent 0.9.6 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Exploit Title: rtorrent 0.9.6 - Denial of Service Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/06/15 12:0 a.m.53 views

Joomla Ek rishta 2.10 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...

0.2AI score0.02616EPSS
Exploits5
0day.today
0day.today
added 2018/06/13 12:0 a.m.98 views

OX App Suite 7.8.4 - Multiple Vulnerabilities

Exploit for multiple platform in category web applications Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution...

5.7AI score0.09234EPSS
Exploits11
0day.today
0day.today
added 2018/06/13 12:0 a.m.65 views

Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Exploit Author: email protected Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMi...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/06/13 12:0 a.m.256 views

DHCP Client - Command Injection (DynoRoot) Exploit

Exploit for linux platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the...

0.1AI score0.94457EPSS
Exploits14
0day.today
0day.today
added 2018/06/13 12:0 a.m.26 views

Canon PrintMe EFI - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Title: Canon PrintMe EFI - Cross-Site Scripting Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

0.3AI score0.02469EPSS
Exploits5
0day.today
0day.today
added 2018/06/13 12:0 a.m.32 views

Canon LBP7110Cw - Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Canon LBP7110Cw - Authentication Bypass Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP7110Cw CVE: CVE-2018-12049 Severity: High Leads to full System Manager Mode account take-over Description ...

0.1AI score0.05182EPSS
Exploits6
0day.today
0day.today
added 2018/06/13 12:0 a.m.24 views

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Exploit

Exploit for linux platform in category local exploits Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/06/13 12:0 a.m.24 views

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/06/13 12:0 a.m.15 views

WordPress Google Map Plugin < 4.0.4 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/13 12:0 a.m.72 views

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01...

6.8AI score0.02755EPSS
Exploits7
0day.today
0day.today
added 2018/06/13 12:0 a.m.54 views

MACCMS 10 - Cross-Site Request Forgery (Add User) Vulnerability

Exploit for php platform in category web applications Exploit Title: MACCMSV10 CSRF vulnerability add admin account Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSR...

0.3AI score0.02975EPSS
Exploits5
0day.today
0day.today
added 2018/06/13 12:0 a.m.228 views

glibc - realpath() Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...

4.3CVSS6.3AI score0.13614EPSS
Exploits17
0day.today
0day.today
added 2018/06/13 12:0 a.m.44 views

Canon LBP6030w - Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Canon LBP6030w - Authentication Bypass Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP6030w Severity: High Leads to full System Manager Mode account take-over CVE: CVE-2018-12049 Description : ...

0.2AI score0.05182EPSS
Exploits6
0day.today
0day.today
added 2018/06/12 12:0 a.m.41 views

Siaberry 1.2.2 - Command Injection Vulnerability

Exploit for hardware platform in category web applications Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying a...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/06/12 12:0 a.m.37 views

Joomla EkRishta 2.10 Component - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win ...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.42 views

WordPress Pie Register Plugin < 3.0.9 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET...

0.6AI score0.0533EPSS
Exploits5
0day.today
0day.today
added 2018/06/11 12:0 a.m.24 views

Event Manager Admin panel - events_new.php SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.27 views

userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting Exploit

Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.24 views

userSpice 4.3.24 - Username Enumeration Exploit

Exploit for php platform in category web applications Exploit Title: userSpice 4.3.24 - Username Enumeration Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if...

Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.27 views

Schools Alert Management Script - SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - SQL Injection Vulnerabilities Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application...

0.3AI score0.04695EPSS
Exploits9
0day.today
0day.today
added 2018/06/11 12:0 a.m.24 views

Joomla EkRishta 2.10 Component - cid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection Dork: N/A Date: 08.06.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extension/ek-rishta/ Version: 2.10 Tested on: WiN7x64/...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.58 views

WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit

Exploit for linux platform in category dos / poc Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. ,...

0.2AI score0.69016EPSS
Exploits10
0day.today
0day.today
added 2018/06/11 12:0 a.m.40 views

Chrome V8 PromiseAllResolveElementClosure Element Confusion Vulnerability

Exploit for multiple platform in category dos / poc Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion The Promise.all method internally uses PromiseAllResolveElementClosure...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/11 12:0 a.m.34 views

Schools Alert Management Script - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit...

0.11037EPSS
Exploits5
0day.today
0day.today
added 2018/06/09 12:0 a.m.73 views

WebKit - Use-After-Free when Resuming Generator Exploit

Exploit for multiple platform in category dos / poc !-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state = email protected...

8.3AI score0.09077EPSS
Exploits3
0day.today
0day.today
added 2018/06/09 12:0 a.m.63 views

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access Exploit

Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporali...

0.2AI score0.02746EPSS
Exploits1
0day.today
0day.today
added 2018/06/09 12:0 a.m.54 views

Google Chrome - Integer Overflow when Processing WebAssembly Locals Exploit

Exploit for multiple platform in category dos / poc / When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an...

0.3AI score0.09186EPSS
Exploits2
0day.today
0day.today
added 2018/06/09 12:0 a.m.1234 views

XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit

Exploit for hardware platform in category web applications Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...

0.1AI score0.40386EPSS
Exploits8
0day.today
0day.today
added 2018/06/09 12:0 a.m.67 views

WebKit - WebAssembly Compilation Info Leak Exploit

Exploit for multiple platform in category dos / poc arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, th...

8.3AI score0.10508EPSS
Exploits3
0day.today
0day.today
added 2018/06/09 12:0 a.m.125 views

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access Exploit

Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed from the...

0.02954EPSS
Exploits1
0day.today
0day.today
added 2018/06/09 12:0 a.m.69 views

Splunk < 7.0.1 - Information Disclosure Vulnerability

Exploit for linux platform in category web applications Exploit Title: Splunk 7.0.1 - Information Disclosure Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows...

5.3AI score0.98371EPSS
Exploits7
0day.today
0day.today
added 2018/06/08 12:0 a.m.32 views

Ftp Server 1.32 - Credential Disclosure Vulnerability

Exploit for Android platform in category local exploits Exploit Title: Ftp Server 1.32 - Credential Disclosure Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobile...

7.2AI score
Exploits0
0day.today
0day.today
added 2018/06/08 12:0 a.m.27 views

WordPress Form Maker Plugin 1.12.24 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update released The...

0.6AI score
Exploits0
Total number of security vulnerabilities39001