Lucene search
K

39001 matches found

0day.today
0day.today
added 2021/03/18 12:0 a.m.52 views

Hestia Control Panel 1.3.2 - Arbitrary File Write Vulnerability

Title: Hestia Control Panel 1.3.2 - Arbitrary File Write Author: Numan Türle Vendor Homepage: https://hestiacp.com/ Software Link: https://github.com/hestiacp/hestiacp Version: 1.3.3 Tested on: HestiaCP Version 1.3.2 curl --location --request POST 'https://TARGET:8083/api/index.php' \ --form...

0.9AI score
Exploits0
0day.today
0day.today
added 2021/03/18 12:0 a.m.39 views

FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER (BitCount) Stack Based Buffer Overflow Exploit

Exploit title: FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow ASLR & DEP Bypass Exploit Author: Paolo Stagno Vendor Homepage: https://www.faststone.org/ Download: https://www.faststonesoft.net/DN/FSViewerSetup75.exe...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/18 12:0 a.m.28 views

VFS for Git 1.0.21014.1 - (GVFS.Service) Unquoted Service Path Vulnerability

Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Exploit Author: Mohammed Alshehri Vendor Homepage: https://vfsforgit.org/ Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe Version: 1.0.21014.1 Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/18 12:0 a.m.26 views

VestaCP 0.9.8 - (v_interface) Add IP Stored XSS Vulnerability

Title: VestaCP 0.9.8 - 'vinterface' Add IP Stored XSS Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com alert1&vshared=on&vowner=admin&vname=&vnat=&ok=Add 0day.today 2021-09-28...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/03/17 12:0 a.m.73 views

Microsoft Windows Containers DP API Cryptography Flaw Vulnerability

PRODUCT : Windows Containers VENDOR : Microsoft SEVERITY : High AFFECTED VERSION : Windows 10, Windows Server IDENTIFIERS : CVE-2021-1645 PATCH VERSION : KB4598229, KB4598230, KB4598242, KB4598243 FOUND BY : Marc Nimmerrichter, Certitude Lab Introduction ------------ Windows containers is a featu...

5CVSS6.8AI score0.07274EPSS
Exploits2
0day.today
0day.today
added 2021/03/17 12:0 a.m.199 views

VestaCP 0.9.8 - File Upload CSRF Vulnerability

Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch:...

8.8CVSS0.2AI score0.06033EPSS
Exploits4
0day.today
0day.today
added 2021/03/17 12:0 a.m.21 views

WoWonder Social Network Platform 3.1 - (event_id) SQL Injection Vulnerability

Exploit Title: WoWonder Social Network Platform 3.1 - 'eventid' SQL Injection Vendor Homepage: https://www.wowonder.com/ Software Link: https://codecanyon.net/item/wowonder-the-ultimate-php-social-network-platform/13785302 Version: 3.1 Tested on: Linux/Windows DESCRIPTION In WoWonder 3.1, remote...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/17 12:0 a.m.86 views

SolarWinds TFTP Server 11.0.4.101 Remote Unauthenticated Reconfiguration Vulnerability

SolarWinds TFTP Server version 11.0.4.101 suffers from a remote unauthenticated reconfiguration vulnerability that could result in code execution. Older versions of SolarWinds' TFTP Server, which could have been installed from a standalone download or bundled with certain paid products, may have...

0.8AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.38 views

Windows Server 2012 SrClient DLL Hijacking Exploit

All editions of Windows Server 2012 but not 2012 R2 are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This issue can be leveraged for privilege escalation if %PATH% includes directories that are...

7.5AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.37 views

VoIPmonitor WEB GUI 24.55 Cross Site Scripting Exploit

VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages - Fixed versions: VoIPmonitor WEB GUI 24.56 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-02-voipmonitor-gui-xss - VoIPmonitor Security Advisory: none, changelog references fixes ...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.34 views

Online News Portal 1.0 SQL Injection Vulnerability

Exploit Title: Online News Portal | 'searchtitle' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.83 views

GeoGebra Classic 5.0.631.0-d - Denial of Service Exploit

Exploit Title: GeoGebra Classic 5.0.631.0-d - Denial of Service PoC Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 5.0.631.0-d Tested on: Windows 8.1 Pro STEPS Open the program GeoGebra Run the python exploit...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.40 views

GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service Exploit

Exploit Title: GeoGebra Graphing Calculato‪r‬ 6.0.631.0 - Denial Of Service PoC Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 6.0.631.0-offlinegraphing Tested on: Windows 8.1 Pro STEPS Open the program Graficado...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.30 views

GeoGebra 3D Calculator 5.0.511.0 - Denial of Service Exploit

Exploit Title: GeoGebra 3D Calculator 5.0.511.0 - Denial of Service PoC Author: Brian Rodríguez Software Site: https://www.geogebra.org/download Download Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.11 views

Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution Exploit

Exploit Title: Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution File Upload + SQL injection Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11676/alphaware-simple-e-commerce-system.html...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.33 views

VoIPmonitor 27.5 Missing Memory Protections Exploit

Static binaries provided for VoIPmonitor version2 7.5 are built without any memory corruption protection in place. VoIPmonitor static builds are compiled without any standard memory corruption protection - Fixed versions: N/A - Enable Security Advisory:...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.22 views

Online News Portal 1.0 Cross Site Scripting Vulnerability

Online News Portal version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version was made by Parshwa Bhavsar in December of 2020. Exploit Title: Online News Portal | Stored Cross-Site Scripting Exploit Author: Richa...

6.6AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.69 views

VoIPmonitor 27.6 Buffer Overflow Exploit

A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function savepacketsql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line...

7.8AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.36 views

GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service Exploit

Exploit Title: GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service PoC Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 6.0.631.0-offlinecas Tested on: Windows 8.1 Pro STEPS Open the program Calculadora CAS Run...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/16 12:0 a.m.76 views

ExpressionEngine 6.0.2 PHP Code Injection Vulnerability

---------------------------------------------------------------------------- ExpressionEngine security-sanitizefilename$file; 366. 367. $destdir = $this-languagesdir . $language . '/'; 368. $filename = $file . 'lang.php'; 369. $destloc = $destdir . $filename; 370. 371. $str = 'lang-loadfile$file;...

8.8CVSS0.7AI score0.02832EPSS
Exploits3
0day.today
0day.today
added 2021/03/15 12:0 a.m.27 views

eBeam education suite 2.5.0.9 - (eBeam Device Service) Unquoted Service Path Vulnerability

Exploit Title: eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.luidia.com Tested Version: 2.5.0.9 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted Service...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.23 views

QNAP QVR Client 5.0.0.13230 - (QVRService) Unquoted Service Path Vulnerability

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted Service Path: C:\wm...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.23 views

MagpieRSS 0.72 - (url) Command Injection and Server Side Request Forgery Vulnerability

Exploit Title: MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery Exploit Author: bl4ckh4ck5 Vendor Homepage: http://magpierss.sourceforge.net/ Software Link: https://sourceforge.net/projects/magpierss/files/magpierss/magpierss-0.72/magpierss-0.72.tar.gz/download Version:...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.56 views

Interactive Suite 3.6 - (eBeam Stylus Driver) Unquoted Service Path Vulnerability

Exploit Title: Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.luidia.com Software Link: http://down.myequil.com/dn/setup/ScrapBookwin/down.html Tested Version: 3.6 Tested on OS: Windows 10 Pro x64 es Step to discover...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.49 views

Zenario CMS 8.8.53370 - (id) Blind SQL Injection Vulnerability

Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 Reference -...

0.2AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.24 views

Realtek Wireless LAN Utility 700.1631 - (Realtek11nSU) Unquoted Service Path Vulnerability

Exploit Title: Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.realtek.com/en/ Tested Version: 700.1631 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.76 views

SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload Exploit

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.3AI score0.46021EPSS
Exploits5
0day.today
0day.today
added 2021/03/15 12:0 a.m.19 views

rConfig 3.9.6 - (path) Local File Inclusion (Authenticated) Vulnerability

Exploit Title: rConfig 3.9.6 - 'path' Local File Inclusion Authenticated Exploit Author: 5a65726f Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...

Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.34 views

openMAINT 2.1-3.3-b - (Multiple) Persistent Cross-Site Scripting Vulnerability

Exploit Title: openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Exploit Author: Hosein Vita Vendor Homepage: https://www.openmaint.org/ Software Link: https://sourceforge.net/projects/openmaint/files/2.1/Core%20updates/openmaint-2.1-3.3.1/ Version: 2.1-3.3 Tested on: Lin...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/15 12:0 a.m.23 views

Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Vulnerabilities

Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Exploit Author: Berkan Er Vendor Homepage: https://www.sonlogger.com/ Version: 4.2.3.3 Tested on: Windows 10 Enterprise x64 Version 1803 A remote attacker can be create an user with SuperAdmin profile...

Exploits0
0day.today
0day.today
added 2021/03/13 12:0 a.m.98 views

D-Link DIR-3060 1.11b04 Command Injection Vulnerability

title: Authenticated Command Injection in D-Link DIR-3060 Web Interface vendor/product: D-Link DIR-3060 https://www.dlink.com/ vulnerable version: v1.11b04 & Below fixed version: v1.11b04 Hotfix 2 CVE number: CVE-2021-28144 impact: 8.8 high CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor...

9CVSS8.9AI score0.06009EPSS
Exploits4
0day.today
0day.today
added 2021/03/13 12:0 a.m.105 views

ForkCMS PHP Object Injection Vulnerability

ForkCMS PHP Object Injection ========================= | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology |...

8.8CVSS0.2AI score0.02935EPSS
Exploits3
0day.today
0day.today
added 2021/03/13 12:0 a.m.106 views

QCubed 3.1.1 Cross Site Scripting Vulnerability

QCube Cross-Site-Scripting ====================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24912 | | Accessibility: | Remote | | Severity: | High | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology | SUMMAR...

9.8CVSS8AI score0.44002EPSS
Exploits6
0day.today
0day.today
added 2021/03/13 12:0 a.m.119 views

Apache OFBiz XML-RPC Java Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

6.1CVSS6.6AI score0.98926EPSS
Exploits16
0day.today
0day.today
added 2021/03/13 12:0 a.m.204 views

QCubed 3.1.1 PHP Object Injection Vulnerability

QCubed PHP Object Injection =========================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technolog...

9.8CVSS0.1AI score0.05554EPSS
Exploits3
0day.today
0day.today
added 2021/03/13 12:0 a.m.121 views

QCubed 3.1.1 SQL Injection Vulnerability

QCubed SQL Injection ================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology | SUMMARY...

9.8CVSS0.3AI score0.44002EPSS
Exploits5
0day.today
0day.today
added 2021/03/12 12:0 a.m.17 views

Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths Vulnerability

Exploit Title: Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.vembu.com/ Software Link: https://sg-build-release.s3.amazonaws.com/BDRSuite/V420/4202020051312/VembuBDRBackupServerSetup4201U1GA.exe Version: Version 4.2.0.1 U1...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/12 12:0 a.m.24 views

Monitoring Of Students Cyber Accounts System 1.0 SQL Injection Vulnerability

Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...

0.7AI score
Exploits0
0day.today
0day.today
added 2021/03/12 12:0 a.m.34 views

Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated) Exploit

Exploit Title: Monitoring System Dashboard 1.0 - File Upload RCE Authenticated Exploit Author: Richard Jones Date: 2021-03-11 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/03/12 12:0 a.m.23 views

Monitoring System (Dashboard) 1.0 - uname SQL Injection Vulnerability

Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/03/12 12:0 a.m.68 views

F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write Vulnerability

Big IP's Traffic Management Microkernels TMM URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition. F5 Big IP - TMM urinormalizehost infoleak and out-of-bounds write Big IP's Traffic Management Microkernels TMM URI...

9.8CVSS9.3AI score0.61064EPSS
Exploits3
0day.today
0day.today
added 2021/03/11 12:0 a.m.77 views

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Vulnerability

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin adds a feedback...

6.1CVSS0.1AI score0.00854EPSS
Exploits4
0day.today
0day.today
added 2021/03/11 12:0 a.m.46 views

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation Vulnerability

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user user:user can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password admin credentials in...

0.9AI score
Exploits0
0day.today
0day.today
added 2021/03/11 12:0 a.m.36 views

Nsasoft Hardware Software Inventory 1.6.4.0 - (multiple) Denial of Service Exploit

Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10 Steps: 1- Run the python...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/03/11 12:0 a.m.225 views

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit

Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...

9.8CVSS0.5AI score0.99999EPSS
Exploits65
0day.today
0day.today
added 2021/03/10 12:0 a.m.66 views

Atlassian JIRA 8.11.1 - User Enumeration Exploit

Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...

5.3CVSS0.4AI score0.99603EPSS
Exploits8
0day.today
0day.today
added 2021/03/10 12:0 a.m.128 views

QBOT Botnet C2 Panel - Authentication Bypass Vulnerability

A vulnerability exists in the Qbot botnet C2, in the code that performs the login. A remote attacker can exploit it to bypass the authentication, having the ability to control the botnet and perform action as an authenticated user, like taking control of the botnet. This Botnet has a lot of...

2.3AI score
Exploits0
0day.today
0day.today
added 2021/03/10 12:0 a.m.31 views

WEBIM 10.2.55 Cross Site Scripting Vulnerability

Exploit Title: XSS in WEBIM web application Exploit Author: ASCII Vendor Homepage: HTTPS://WEBIM.RU Version: 10.2.55 Tested on: 10.2.55 Webim messanger XSS POC https://location.webim.ru/webim/iframe-sample.php?historyjs=1%27"%26%25alert1&location=test&redirected=0&webim-visitor=2&webimVisitor=1...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/10 12:0 a.m.507 views

Microsoft Windows Containers Privilege Escalation Vulnerability

The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user. Windows Containers: ContainerUser has Elevated Privileges Windows Containers: ContainerUser has...

7.8CVSS8.7AI score0.00748EPSS
Exploits2
0day.today
0day.today
added 2021/03/09 12:0 a.m.35 views

bVPN 2.5.1 - (waselvpnserv) Unquoted Service Path Vulnerability

Exploit Title: bVPN 2.5.1 - 'waselvpnserv' Unquoted Service Path Exploit Author: Mohammed Alshehri Vendor Homepage: https://carolcoral.github.io/no-freevpn/ Software Link: https://github.com/carolcoral/no-freevpn/releases/download/BVPN%4020190225/bVPN251setup.exe Version: Version 2.5.1 Tested on:...

0.3AI score
Exploits0
Total number of security vulnerabilities39001