Zdt - Page 48 of Zdt Vulnerabilities List | Vulners.com

ZdtRecent

Recent Most viewed

39001 matches found

0day.today•added 2022/04/07 12:0 a.m.•298 views

WordPress WP Downgrade Plugin < 1.2.3 - Stored Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...

4.8CVSS5.2AI score0.04902EPSS

0day.today•added 2022/04/07 12:0 a.m.•302 views

WordPress UpdraftPlus Plugin < 1.22.9 - Reflected Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...

6.1CVSS0.6AI score0.07355EPSS

0day.today•added 2022/04/07 12:0 a.m.•282 views

Bakery Shop Management System 1.0 SQL Injection Vulnerability

Title: Bakery Shop Management System 1.0 - Blind Time SQLi To Rce Author: Hejap Zairy Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference: https://github.com/Matrix07ksa Tested on:...

0day.today•added 2022/04/07 12:0 a.m.•291 views

cmark-gfm Integer overflow Exploit

cmark-gfm, Github's markdown parsing library, is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count. cmark-gfm: Integer overflow in table extension cmark-gfm Github's markdown parsing library is vulnerable ...

9.8CVSS9.7AI score0.04192EPSS

0day.today•added 2022/04/06 12:0 a.m.•313 views

ALLMediaServer 1.6 Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 1.6. The vulnerability is caused due to a boundary error within the handling of HTTP request. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS9.8AI score0.68733EPSS

0day.today•added 2022/04/06 12:0 a.m.•347 views

Barco Control Room Management Suite Directory Traversal Vulnerability

I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...

8.8CVSS0.1AI score0.15028EPSS

0day.today•added 2022/04/06 12:0 a.m.•235 views

Multi Store Inventory Management System 1.0 Information Disclosure Vulnerability

Exploit Title: Multi Store Inventory Management System - Information Disclosure Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ Version: 1.0 Tested on: XAMPP,...

0day.today•added 2022/04/06 12:0 a.m.•238 views

Online Banquet Booking System 1.0 Cross Site Request Forgery Vulnerability

Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...

0day.today•added 2022/04/06 12:0 a.m.•240 views

Gadget Store Management System 1.0 Shell Upload Vulnerability

Exploit Title: Gadget Store Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.campcodes.com/ Software Link: https://www.campcodes.com/projects/php/gadget-store-management-system/ Version: 1.0 Tested on: XAMPP, Linux Contact...

0day.today•added 2022/04/06 12:0 a.m.•1028 views

Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit

Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability. Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor...

9.1CVSS0.21646EPSS

0day.today•added 2022/04/06 12:0 a.m.•261 views

Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path Vulnerability

Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE: CVE-2022-23909 Step t...

7.8CVSS0.4AI score0.01027EPSS

0day.today•added 2022/04/06 12:0 a.m.•215 views

Multi Store Inventory Management System 1.0 Account Takeover Vulnerability

Exploit Title: Multi Store Inventory Management System - Account Takeover Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ Version: 1.0 Tested...

0day.today•added 2022/04/03 12:0 a.m.•528 views

Payroll Management System v1.0 SQL injection Vulnerability

Title: Payroll Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14475/payroll-management-system-using-phpmysql-source-code.html Reference:...

0day.today•added 2022/04/01 12:0 a.m.•256 views

WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin uleak-security-dashboard 1.2.3 - Stored Cross-Site Scripting Authenticated Date: 31-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/uleak-security-dashboard/ Version: 1.2.3 Tested on: Firefox Contact me: h at...

0day.today•added 2022/03/31 12:0 a.m.•245 views

Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path Vulnerabilities

Exploit Title: Spoofer 1.4.6 – Local Privilege Escalation via Unquoted Service Path Exploit Author: Asim Sattar @MAsim1 Vendor Homepage: https://www.caida.org/projects/spoofer/ Software Link: https://www.caida.org/projects/spoofer/downloads/Spoofer-1.4.6-win32.exe Version: 1.4.6 Tested: Windows 1...

0day.today•added 2022/03/31 12:0 a.m.•209 views

EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path Vulnerabilities

Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path Local Privilege Escalation Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: http://www.egsoftweb.in/index.aspx Software Link: http://www.egsoftweb.in/OurProductReadmore.aspx?id=6 Version: 2020 Tested: Windows 10...

0day.today•added 2022/03/31 12:0 a.m.•329 views

Spring Cloud Function SpEL Injection Exploit

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...

9.8CVSS0.6AI score0.99939EPSS

0day.today•added 2022/03/31 12:0 a.m.•236 views

IdeaRE RefTree Shell Upload Vulnerability

=============================================================================== title: IdeaRE RefTree Remote Code Execution product: IdeaRE RefTree 2021.09.17 vulnerability type: Unrestricted File Upload CVE ID: CVE-2022-27249 severity: High CVSSv3 score: 8.8 CVSSv3 vector:...

9CVSS0.4AI score0.04628EPSS

0day.today•added 2022/03/31 12:0 a.m.•264 views

IdeaRE RefTree Path Traversal Vulnerability

=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...

6.5CVSS0.6AI score0.02823EPSS

0day.today•added 2022/03/31 12:0 a.m.•219 views

COMPIE CMS Leado Local File Include Vulnerability

Exploit Title: COMPIE CMS Leado Local File Include Google Dork: /index.php?pathAjax= Date: 3/30/2022 Exploit Author: iranhack Security Team Vendor Homepage: iranhack.com Software Link: http://www.compie.co.il/ Version: V.1.0 Tested on: KaliLinux,windows 10 Local File Include...

0day.today•added 2022/03/30 12:0 a.m.•247 views

WordPress cab-fare-calculator 1.0.3 Plugin - Local File Inclusion Vulnerability

Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/ Version: 1.0.3 Tested on: Firefox...

0day.today•added 2022/03/30 12:0 a.m.•277 views

WordPress video-synchro-pdf 1.7.4 Plugin - Local File Inclusion Vulnerability

Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ Version: 1.7.4 Tested on: Firefox Vulnerable...

0day.today•added 2022/03/30 12:0 a.m.•240 views

WordPress Easy Cookie Policy 1.6.2 Plugin - Broken Access Control to Stored XSS Vulnerability

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any authenticated use...

6.5CVSS0.4AI score0.10993EPSS

0day.today•added 2022/03/30 12:0 a.m.•234 views

WordPress Curtain 1.0.2 Plugin - Cross-site Request Forgery Vulnerability

Exploit Title: WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery CSRF Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Summary: Cross site forgery vulnerability has been identified in curtain...

0day.today•added 2022/03/30 12:0 a.m.•240 views

Medical Hub Directory Site 1.0 Shell Upload Vulnerability

Title: Medical Hub Directory Site 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

0day.today•added 2022/03/30 12:0 a.m.•181 views

Medical Hub Directory Site 1.0 Local File Inclusion Vulnerability

Title: Medical Hub Directory Site LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

0day.today•added 2022/03/30 12:0 a.m.•302 views

CSZ CMS 1.2.9 - Multiple Blind SQL injection (Authenticated) Vulnerability

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP 7.4.16, Apache...

6.5CVSS0.4AI score0.03345EPSS

0day.today•added 2022/03/30 12:0 a.m.•228 views

WordPress CleanTalk 5.173 Cross Site Scripting Vulnerability

Description: Reflected Cross-Site Scripting Affected Plugin: Spam protection, AntiSpam, FireWall by CleanTalk Plugin Slug: cleantalk-spam-protect Plugin Developer: CleanTalk Affected Versions: = 5.173 CVE ID: CVE-2022-28221 CVSS Score: 6.1 Medium CVSS Vector:...

6.1CVSS6.2AI score0.02959EPSS

0day.today•added 2022/03/30 12:0 a.m.•255 views

Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal Vulnerabilities

Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives. ------------------------------------------------- Joomla! getTarInfo$this-data; 114. 115. for $i = 0, $n = \count$this-metadata; $i...

7.5CVSS0.6AI score0.02007EPSS

0day.today•added 2022/03/30 12:0 a.m.•222 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...

0day.today•added 2022/03/30 12:0 a.m.•240 views

Fingerprint Attendance 1.0 SQL Injection Vulnerability

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...

0day.today•added 2022/03/30 12:0 a.m.•206 views

Sports Complex Booking System 1.0 Local File Inclusion Vulnerability

Title: Sports Complex Booking System 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...

0day.today•added 2022/03/30 12:0 a.m.•301 views

ImpressCMS 1.4.2 - Remote Code Execution Exploit

Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Exploit Author: Egidio Romano aka EgiX Version: = 1.4.2 Venor: https://www.impresscms.org CVE: CVE-2021-26599 ?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote Code Execution...

9.8CVSS0.19419EPSS

0day.today•added 2022/03/30 12:0 a.m.•219 views

Message System 1.0 Local File Inclusion Vulnerability

Title: Message System 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference: https://github.com/Matrix07ksa Tested on:...

0day.today•added 2022/03/30 12:0 a.m.•266 views

PostgreSQL 9.3-11.7 - Remote Code Execution (Authenticated) Exploit

Exploit Title: PostgreSQL 9.3-11.7 - Remote Code Execution RCE Authenticated Exploit Author: b4keSn4ke Github: https://github.com/b4keSn4ke Vendor Homepage: https://www.postgresql.org/ Software Link: https://www.postgresql.org/download/linux/debian/ Version: 9.3 - 11.7 Tested on: Linux x86-64 -...

7.2CVSS0.2AI score0.91877EPSS

0day.today•added 2022/03/30 12:0 a.m.•200 views

Fingerprint Attendance 1.0 Account Takeover Vulnerability

Title: Fingerprint Attendance 1.0 Account Takeover Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Fingerprint...

0day.today•added 2022/03/30 12:0 a.m.•302 views

Kramer VIAware 2.5.0719.1034 - Remote Code Execution Exploit

Exploit Title: Kramer VIAware 2.5.0719.1034 - Remote Code Execution RCE Exploit Author: sharkmoos & BallO Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: 2.5.0719.1034 Tested on: ViaWare Go Windows 10 CVE : CVE-2019-17124 import...

9.8CVSS0.2AI score0.23117EPSS

0day.today•added 2022/03/30 12:0 a.m.•286 views

Atom CMS 2.0 - Remote Code Execution Exploit

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script uploads...

9.8CVSS9.7AI score0.54766EPSS

0day.today•added 2022/03/30 12:0 a.m.•203 views

Medical Hub Directory Site 1.0 Cross Site Scripting Vulnerability

Title: Medical Hub Directory Site 1.0 XSS Stored Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

0day.today•added 2022/03/30 12:0 a.m.•291 views

PHP filter_var Bypass Patch Vulnerability

When the filtervar function is used in conjunction with the flags FILTERVALIDATEDOMAIN and FILTERFLAGHOSTNAME, there is a vulnerability in PHP that allows the filter to be bypassed. A patch has been included by the researcher as the PHP security team seems to have ignored this concern. When the...

0day.today•added 2022/03/30 12:0 a.m.•242 views

Fingerprint Attendance 1.0 Shell Upload Vulnerability

Title: Fingerprint Attendance 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache registered user can...

0day.today•added 2022/03/29 12:0 a.m.•222 views

Covid-19 Directory On Vaccination System 1.0 SQL Injection Vulnerability

Title: Covid-19 Directory on Vaccination System 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html Software:...

0day.today•added 2022/03/29 12:0 a.m.•208 views

Royale Event Management System 1.0 Privilege Escalation Vulnerability

Royale Event Management System version 1.0 suffers from a privilege escalation vulnerability by allowing an attacker to register an account as an administrator. Exploit Title: Royale Event Management System 1.0 - Authentication Bypass Date: 25/03/2022 Exploit Author: Mr Empy Software Link:...

0day.today•added 2022/03/29 12:0 a.m.•210 views

Royale Event Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Royale Event Management System 1.0 - Cross-site Scripting Stored unauthenticated Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ Royale...

0day.today•added 2022/03/29 12:0 a.m.•245 views

One Church Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: One Church Management System 1.0 - Multiple Cross-site Scripting Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One Church Management...

0day.today•added 2022/03/29 12:0 a.m.•251 views

Microfinance Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Microfinance Management System 1.0 - Cross-site scripting stored unauthenticated Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Version: 1.0 Tested on: Linux Title: ================ Microfinance Management System...

0day.today•added 2022/03/29 12:0 a.m.•201 views

PDF Generator Web App Using TCPDF 1.0 Local File Inclusion Vulnerability

PDF Generator Web App using TCPDF version 1.0 suffers from a local file inclusion vulnerability. Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...

0day.today•added 2022/03/29 12:0 a.m.•200 views

Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability

Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...

0day.today•added 2022/03/29 12:0 a.m.•232 views

FruityWifi Remote Code Execution Exploit

This is an exploit for FruityWifi that binds a shell to tcp port 4444 using a remote code execution vulnerability leveraged via a SOAP request. !/usr/bin/python3 -- coding: utf-8 -- usage: ./akhlutprowlingterror.py http://phishingsiteurl text=''' -o==============o- ████ ██████ ██████ ██ ██ ██████...

0day.today•added 2022/03/29 12:0 a.m.•234 views

WordPress admin-word-count-column 2.2 - Local File Read Vulnerability

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2 Contact me: h at...

Total number of security vulnerabilities39001