Lucene search
K

39001 matches found

0day.today
0day.today
added 2021/05/02 12:0 a.m.239 views

Shenzhen Skyworth RN510 Information Disclosure Vulnerability

Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested...

5.4CVSS5.6AI score0.01486EPSS
Exploits3
0day.today
0day.today
added 2021/05/02 12:0 a.m.92 views

Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...

6.5CVSS0.3AI score0.00899EPSS
Exploits3
0day.today
0day.today
added 2021/05/02 12:0 a.m.83 views

Shenzhen Skyworth RN510 Buffer Overflow Vulnerability

Title :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN620 with...

8.8CVSS0.1AI score0.03942EPSS
Exploits3
0day.today
0day.today
added 2021/04/30 12:0 a.m.136 views

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution Exploit (2)

Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...

8.8CVSS8.8AI score0.45935EPSS
Exploits8
0day.today
0day.today
added 2021/04/30 12:0 a.m.51 views

Piwigo 11.3.0 SQL Injection Exploit

Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Testing and Debugging: nu11secur1ty Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...

7.2CVSS0.5AI score0.11046EPSS
Exploits4
0day.today
0day.today
added 2021/04/30 12:0 a.m.157 views

Micro Focus Operations Bridge Reporter Unauthenticated Command Injection Exploit

This Metasploit module exploits a command injection vulnerability on login that affects Micro Focus Operations Bridge Reporter on Linux, versions 10.40 and below. It is a straight up command injection, with little escaping required, and it works before authentication. This module has been tested ...

9.8CVSS9.7AI score0.9674EPSS
Exploits4
0day.today
0day.today
added 2021/04/30 12:0 a.m.56 views

Moodle 3.6.1 - Persistent Cross-Site Scripting Vulnerability

Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE: CVE-2019-3810...

6.1CVSS5.6AI score0.13901EPSS
Exploits5
0day.today
0day.today
added 2021/04/30 12:0 a.m.53 views

Micro Focus Operations Bridge Reporter shrboadmin Default Password Exploit

This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations...

9.8CVSS9.6AI score0.15776EPSS
Exploits3
0day.today
0day.today
added 2021/04/30 12:0 a.m.37 views

Microsoft SAFER Bypass Vulnerability

Hi @ll, Microsoft introduced SAFER alias Software Restriction Policies SRP with Windows XP about 20 years ago. See for the API, plus the TechNet articles "How Software Restriction Policies Work" and "Using Software Restriction Policies to Protect Against Unauthorized Software" for the use case...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/30 12:0 a.m.33 views

Microsoft Windows UAC Privilege Escalation Vulnerability

Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/29 12:0 a.m.85 views

Cacti 1.2.12 - (filter) SQL Injection / Remote Code Execution Exploit

Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295 Credits: @M4yFly...

7.2CVSS0.1AI score0.8633EPSS
Exploits9
0day.today
0day.today
added 2021/04/29 12:0 a.m.23 views

FOGProject 1.5.9 - File Upload Remote Code Execution (Authenticated) Vulnerability

Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Exploit Author: email protected Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file. dd...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/04/29 12:0 a.m.36 views

NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME, 'password': PASSWOR...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/04/28 12:0 a.m.37 views

PFSense 2.5.0 Cross Site Scripting Vulnerability

I. VULNERABILITY ------------------------- Store XSS Attacks vulnerabilities in PFSense Version 2.5.0 II. BACKGROUND ------------------------- The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free...

Exploits0
0day.today
0day.today
added 2021/04/28 12:0 a.m.51 views

Kirby CMS 3.5.3.1 - (file) Cross-Site Scripting Vulnerability

Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host: User-Agent:...

7.6CVSS0.2AI score0.03174EPSS
Exploits4
0day.today
0day.today
added 2021/04/27 12:0 a.m.30 views

Montiorr 1.7.6m - File Upload to XSS Vulnerability

Exploit Title: Montiorr 1.7.6m - File Upload to XSS Exploit Author: Ahmad Shakla Software Link: https://github.com/Monitorr/Monitorr Tested on: Kali GNU/Linux 2020.2 Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html An attacker can preform ...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/27 12:0 a.m.70 views

Apache Druid 0.20.0 Remote Command Execution Exploit

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...

8.8CVSS9AI score0.99217EPSS
Exploits7
0day.today
0day.today
added 2021/04/27 12:0 a.m.129 views

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution Exploit

This Metasploit module exploits a pre-auth server-side request forgery CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983...

7.5CVSS0.2AI score0.78435EPSS
Exploits12
0day.today
0day.today
added 2021/04/27 12:0 a.m.45 views

Kimai 1.14 - CSV Injection Vulnerability

Exploit Title: Kimai 1.14 - CSV Injection Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel Macro Injection or...

Exploits0
0day.today
0day.today
added 2021/04/27 12:0 a.m.41 views

WordPress WPGraphQL 1.3.5 Plugin - Denial of Service Exploit

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/26 12:0 a.m.52 views

SEO Panel 4.8.0 - (order_col) Blind SQL Injection Exploit (2)

Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 2 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28419...

7.2CVSS0.4AI score0.10672EPSS
Exploits4
0day.today
0day.today
added 2021/04/26 12:0 a.m.30 views

Hasura GraphQL 1.3.3 - Remote Code Execution Exploit

Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/04/26 12:0 a.m.31 views

OpenPLC 3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: OpenPLC 3 - Remote Code Execution Authenticated Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster /usr/bin/python3 import...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/26 12:0 a.m.57 views

Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation Exploit

Windows 10 Wi-Fi Drivers For Intel Wireless Adapters version 22.30.0 suffer from a privilege escalation vulnerability. Hi @ll, the executable installers version 22.30.0 Latest, published 2/23/2021, for the "Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters", and , available from are SURPRISE...

7.6AI score
Exploits0
0day.today
0day.today
added 2021/04/24 12:0 a.m.29 views

Document Management System 1.0 SQL Injection / Remote Code Execution Exploit

Exploit Title: Document Management System - SQL Injection to RCE webshell Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import requests import sy...

0.7AI score
Exploits0
0day.today
0day.today
added 2021/04/23 12:0 a.m.69 views

BMD BMDWeb 2.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or higher CVE number: - impact: High homepage:...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/04/23 12:0 a.m.52 views

GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit

Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against Server Host: Windows 10 P...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/23 12:0 a.m.60 views

Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery Vulnerability

Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin...

0.9AI score
Exploits0
0day.today
0day.today
added 2021/04/23 12:0 a.m.51 views

DzzOffice 2.02.1 - (Multiple) Cross-Site Scripting Exploit

Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...

6.1CVSS6.4AI score0.02848EPSS
Exploits4
0day.today
0day.today
added 2021/04/23 12:0 a.m.57 views

Sipwise C5 NGCP CSC - (Multiple) Stored/Reflected Cross-Site Scripting Vulnerability

Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/23 12:0 a.m.26 views

Moodle 3.10.3 - (url) Persistent Cross Site Scripting Vulnerability

Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting Exploit Author: UVision Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org Version: 3.10.3 Tested on: Debian/Windows 10 By having the role of a teacher or an administrator or a manager to have the...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/22 12:0 a.m.60 views

CMS Made Simple 2.2.15 - (title) Cross-Site Scripting (XSS) Vulnerability

Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting XSS Exploit Author: bt0 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip Version: 2.2.15 CVE: CVE-2021-28935...

5.4CVSS0.01574EPSS
Exploits4
0day.today
0day.today
added 2021/04/22 12:0 a.m.66 views

OTRS 6.0.1 - Remote Command Execution Exploit (2)

Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921 !/usr/bin/env python3...

9CVSS0.3AI score0.19901EPSS
Exploits8
0day.today
0day.today
added 2021/04/22 12:0 a.m.74 views

RemoteClinic 2.0 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039,...

5.4CVSS0.01773EPSS
Exploits7
0day.today
0day.today
added 2021/04/21 12:0 a.m.26 views

Tenda D151 & D301 - Configuration Download (Unauthenticated) Exploit

Exploit Title: Tenda D151 & D301 - Configuration Download Unauthenticated Exploit Author: BenChaliah Author link: https://github.com/BenChaliah Vendor Homepage: https://www.tendacn.com Software Link: https://www.tendacn.com/us/download/detail-3331.html Versions: - D301 1.2.11.2EN - D301 V2.0...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.59 views

Adtran Personal Phone Manager 10.8.1 - (emailAddress) Stored Cross-Site Scripting Vulnerability

Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting XSS Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25679 CVE-2021-25679 - Adtran...

5.4CVSS5.9AI score0.02857EPSS
Exploits5
0day.today
0day.today
added 2021/04/21 12:0 a.m.53 views

RemoteClinic 2 - (Multiple) Cross-Site Scripting (XSS) Exploit

Exploit Title: RemoteClinic 2 - 'Multiple' Cross-Site Scripting XSS Exploit Author: nu11secur1ty Debug: g3ck0dr1v3r Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...

5.4CVSS5.6AI score0.01773EPSS
Exploits4
0day.today
0day.today
added 2021/04/21 12:0 a.m.21 views

BlackCat CMS 1.3.6 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Step 1 : Login to admin account in...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.59 views

Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration Vulnerability

Exploit Title: Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25681 CVE-2021-25681 - AdTran Personal Phone Manager DNS...

7.5CVSS0.1AI score0.13418EPSS
Exploits5
0day.today
0day.today
added 2021/04/21 12:0 a.m.45 views

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ur username : "...

7.5CVSS7.6AI score0.03073EPSS
Exploits4
0day.today
0day.today
added 2021/04/21 12:0 a.m.33 views

WordPress RSS for Yandex Turbo Plugin 1.29 - Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting XSS Exploit Author: Himamshu Dilip Kulkarni Software Link: https://wordpress.org/plugins/rss-for-yandex-turbo/ Version: 1.29 Tested on: Windows Steps to reproduce vulnerability: 1. Install WordPress 5.6 2...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.46 views

Hasura GraphQL 1.3.3 - Denial of Service Exploit

Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 8...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.85 views

GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

9.8CVSS0.3AI score0.80467EPSS
Exploits12
0day.today
0day.today
added 2021/04/21 12:0 a.m.27 views

Hasura GraphQL 1.3.3 - Local File Read Exploit

Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80 READFILE ...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.37 views

Fast PHP Chat 1.3 - (my_item_search) SQL Injection Vulnerability

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.30 views

rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) Exploit (2)

Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host: Linux+XAMPP import...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.70 views

Adtran Personal Phone Manager 10.8.1 - (Multiple) Reflected Cross-Site Scripting Vulnerability

Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting XSS Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25680 CVE-2021-25680 - Adtran...

6.1CVSS6.5AI score0.03431EPSS
Exploits5
0day.today
0day.today
added 2021/04/21 12:0 a.m.88 views

Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) Vulnerability

Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: CVE-2021-31152 Exploit code: document.forms0.submit; 0day.today 2021-10-25...

8.8CVSS0.4AI score0.03753EPSS
Exploits5
0day.today
0day.today
added 2021/04/21 12:0 a.m.81 views

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF) Exploit

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80...

0.8AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.43 views

OpenEMR 5.0.2.1 - Remote Code Execution Exploit

Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution Exploit Author: Hato0, BvThTrd Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Version: 5.0.2.1 without patches Tested on: Ubuntu...

7.4AI score
Exploits0
Total number of security vulnerabilities39001