Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/10/27 12:0 a.m.64 views

GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit

Exploit Title: GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit Author: LiquidWorm Software Link: https://www.embedthis.com Version: 5.1.1 !/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reu...

8.8CVSS9AI score0.04039EPSS
Exploits5
0day.today
0day.today
added 2020/10/26 12:0 a.m.305 views

Whatsapp Desktop (session hijacking) Payload 0day Exploit

This vulnerability makes you able to get Full Access Any account Victim installed Whatsapp Version Desktop By Payload Exploit Support ant last version proof video: https://0day.today/videos/34312.mp4...

1.5AI score
Exploits0
0day.today
0day.today
added 2020/10/26 12:0 a.m.51 views

Adobe Acrobat Reader DC Memory Corruption Remote Code Execution Exploit

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/10/26 12:0 a.m.41 views

Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Exploit

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of data...

7AI score
Exploits0
0day.today
0day.today
added 2020/10/21 12:0 a.m.761 views

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization Exploit

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload RAU component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization...

9.8CVSS9.7AI score0.99737EPSS
Exploits19
0day.today
0day.today
added 2020/10/21 12:0 a.m.80 views

Linux / Unix su Privilege Escalation Exploit

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/10/21 12:0 a.m.162 views

LISTSERV Maestro 9.0-8 Remote Code Execution Vulnerability

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be...

5CVSS9.9AI score0.91079EPSS
Exploits22
0day.today
0day.today
added 2020/10/19 12:0 a.m.97 views

Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit

This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...

8.6CVSS0.5AI score0.70894EPSS
Exploits5
0day.today
0day.today
added 2020/10/19 12:0 a.m.94 views

HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS) Exploit

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...

9.8CVSS9.7AI score0.35393EPSS
Exploits4
0day.today
0day.today
added 2020/10/19 12:0 a.m.40 views

FRITZ!Box 7.20 DNS Rebinding Protection Bypass Vulnerability

FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism. Details ======= Product: FRITZ!Box 7490...

7.8CVSS0.1AI score0.01402EPSS
Exploits4
0day.today
0day.today
added 2020/10/18 12:0 a.m.168 views

Microsoft Office Word 2003+2007+2010 Universal 0day Exploit

This module targets Office 2003 no-SP/SP1/SP2/SP3 + 2007 no-SP/SP/SP2/SP3 + Office 2010 no-SP/SP1 versions. This module exploits a stack buffer overflow in SCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012...

7.3AI score
Exploits0
0day.today
0day.today
added 2020/10/15 12:0 a.m.16 views

Guild Wars 2 - Insecure Folder Permissions Vulnerability

Exploit Title: Guild Wars 2 - Insecure Folder Permissions Exploit Author: George Tsimpidas Software Link : https://account.arena.net/welcome Version Build : 106915 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability Description: Guild Wars 2 Launcher...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/10/15 12:0 a.m.130 views

Microsoft Windows Uninitialized Variable Local Privilege Escalation Exploit

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing...

7.8CVSS8.5AI score0.74438EPSS
Exploits10
0day.today
0day.today
added 2020/10/15 12:0 a.m.17 views

Microsoft Office 2007/2010 Download and Execute Vulnerability

This vulnerability allows to download and execute a file note: the vulnerability is triggered only when Includes macros or user consents to the inclusion...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/10/13 12:0 a.m.18 views

Battle.Net 1.27.1.12428 - Insecure File Permissions Vulnerability

Exploit Title: Battle.Net 1.27.1.12428 - Insecure File Permissions Exploit Author: George Tsimpidas Software Link : https://www.blizzard.com/en-gb/download/ Battle Net Desktop Version Patch: 1.27.1.12428 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/10/07 12:0 a.m.39 views

BACnet Test Server 1.01 - Remote Denial of Service Exploit

Title: BACnet Test Server 1.01 - Remote Denial of Service PoC Author: LiquidWorm Vendor: https://www.bac-test.com Product link: https://sourceforge.com/projects/bacnetserver CVE: N/A !/usr/bin/perl BACnet Test Server 1.01 Remote Denial of Service Exploit Vendor: BACnet Interoperability Test...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/10/07 12:0 a.m.803 views

Facebook steal Group 0day Exploit

Exploit can steal facebook Group and delete the old administrator and create a new administrator...

2.2AI score
Exploits0
0day.today
0day.today
added 2020/10/03 12:0 a.m.38 views

Checkmk 1.6.0p16 Local Privilege Escalation Vulnerability

Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 is an IT infrastructure monitoring software. It is consists of a management serve...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/10/03 12:0 a.m.50 views

FusionAuth SAML v 2 0.2.3 Message Forging Vulnerability

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement...

9.1CVSS9.2AI score0.02906EPSS
Exploits3
0day.today
0day.today
added 2020/10/01 12:0 a.m.82 views

Safari Type Confusion / Sandbox Escape Exploit

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion CVE-2020-9850. The...

9.8CVSS7.7AI score0.77246EPSS
Exploits3
0day.today
0day.today
added 2020/10/01 12:0 a.m.70 views

Cisco AnyConnect Privilege Escalation Exploit

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility...

7.8CVSS0.9AI score0.28307EPSS
Exploits16
0day.today
0day.today
added 2020/10/01 12:0 a.m.61 views

Sony IPELA Network Camera 1.82.01 - (ftpclient.cgi) Remote Stack Buffer Overflow Exploit

Exploit Title: Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow Google Dork: Server: Mida eFramework Exploit Author: LiquidWorm Vendor Homepage: https://pro.sony Version: = 1.82.01 !/usr/bin/env python Sony IPELA Network Camera ftpclient.cgi Remote Stack Buffer...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/09/29 12:0 a.m.62 views

Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call Exploit

This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours...

7.8CVSS0.1AI score0.39967EPSS
Exploits5
0day.today
0day.today
added 2020/09/29 12:0 a.m.32 views

BearShare Lite 5.2.5 - (Advanced Search) Buffer Overflow Exploit

Title: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in PoC Author: Christian Vierschilling Vendor Homepage: http://www.bearshareofficial.com/ Software Link: http://www.oldversion.com.de/windows/bearshare-lite-5-2-5 Versions: 5.1.0 - 5.2.5 Tested on: Windows 10 x64 EN/DE CVE: NA ---...

Exploits0
0day.today
0day.today
added 2020/09/29 12:0 a.m.104 views

CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR) Exploit (2)

Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x64 - 10.0.19041 Build 19041 Script:...

9.8CVSS0.3AI score0.93597EPSS
Exploits29
0day.today
0day.today
added 2020/09/22 12:0 a.m.58 views

Jenkins 2.56 CLI Deserialization / Code Execution Exploit

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...

4.5CVSS0.3AI score0.99686EPSS
Exploits46
0day.today
0day.today
added 2020/09/22 12:0 a.m.65 views

Framer Preview 12 Content Injection Vulnerability

Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the...

5.5CVSS5.5AI score0.00453EPSS
Exploits3
0day.today
0day.today
added 2020/09/22 12:0 a.m.93 views

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and...

9CVSS9.7AI score0.93967EPSS
Exploits8
0day.today
0day.today
added 2020/09/21 12:0 a.m.62 views

ForensiTAppxService 2.2.0.4 - (ForensiTAppxService.exe) Unquoted Service Path Vulnerability

Exploit Title: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path Discovery by: Burhanettin Özgenç Vendor Homepage: https://www.forensit.com/downloads.html Tested Version: 2.2.0.4 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 Step to discove...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/09/21 12:0 a.m.138 views

VyOS restricted-shell Escape / Privilege Escalation Exploit

This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator...

9.9CVSS10AI score0.15411EPSS
Exploits4
0day.today
0day.today
added 2020/09/19 12:0 a.m.81 views

D-Link DGS-1210-28 Denial Of Service Exploit

Exploit Title: D-Link DGS-1210-28 Denial of Service Exploit Author: Saeed Reza Zamanian Product : D-Link DGS-1210-28 Vendor Homepage: https://www.dlink.com/ Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch Version : DGS-1210-28 Description : Device...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/09/19 12:0 a.m.433 views

TP-Link Cloud Cameras NCXXX Bonjour Command Injection Exploit

TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250, NC260, NC450 are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent...

9CVSS9.3AI score0.74338EPSS
Exploits10
0day.today
0day.today
added 2020/09/17 12:0 a.m.19 views

Boxoft Convert Master 1.3.0 wav SEH Local Exploit

Exploit Title: Boxoft Convert Master 1.3.0 wav SEH Local Exploit Date: 17.09.2020 Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/convert-master/setupboxoft-convert-master.exe Exploit Author: Achilles Tested Version: 1.3.0 Tested on: Windows 7 x64 1.- Run python code...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/09/17 12:0 a.m.76 views

Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Exploit

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox. If the user is in th...

9CVSS0.2AI score0.47145EPSS
Exploits5
0day.today
0day.today
added 2020/09/17 12:0 a.m.64 views

Microsoft Spooler Local Privilege Elevation Exploit

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

7.8CVSS0.7AI score0.16502EPSS
Exploits10
0day.today
0day.today
added 2020/09/17 12:0 a.m.847 views

Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Exploit

Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Google Dork: inurl:ReportViewer.aspx Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft SQL Server 2016 32-bit/x64 SP2 CU/GDR, Microsoft SQL Server 2014 32-bit/x64 SP3...

6.5CVSS8.2AI score0.99046EPSS
Exploits14
0day.today
0day.today
added 2020/09/16 12:0 a.m.89 views

Mida Solutions eFramework ajaxreq.php Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apach...

10CVSS0.5AI score0.98239EPSS
Exploits6
0day.today
0day.today
added 2020/09/16 12:0 a.m.33 views

iOS 12 / 13 / 14 Passcode Bypass 0day Exploit

Attacker can access device SpringBoard, run default iOS apps, run 3rd party iOS apps installed from AppStore, open Photos, Reminders, Notes, Email, and all other iOS apps, make and receive calls / sms, etc. What you receive: The source code of exploit written in TheOS tweak platform...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/09/16 12:0 a.m.59 views

ModSecurity 3.0.x Denial Of Service Vulnerability

ModSecurity version 3.0.x suffers from a denial of service vulnerability due to the handling of regular expression matching. ModSecurity version 3.0.x is affected by a denial of service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular...

7.5CVSS7.3AI score0.03141EPSS
Exploits2
0day.today
0day.today
added 2020/09/14 12:0 a.m.39 views

Linux expand_downwards() / munmap() Race Condition Exploit

Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/09/14 12:0 a.m.50 views

Microsoft Windows Finger Security Bypass / C2 Channel Exploit

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can al...

7AI score
Exploits0
0day.today
0day.today
added 2020/09/14 12:0 a.m.38 views

Pearson Vue VTS 2.3.1911 Installer - (VUEApplicationWrapper) Unquoted Service Path Vulnerability

Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Tested Version: 2.3.1911...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/09/11 12:0 a.m.19 views

Gnome Fonts Viewer 3.34.0 - Heap Corruption Exploit

!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take a few tries. Too...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/09/11 12:0 a.m.40 views

DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation Exploit

This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to...

0.8AI score
Exploits0
0day.today
0day.today
added 2020/09/11 12:0 a.m.167 views

Internet Explorer 11 - Use-After-Free Exploit

Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...

7.5CVSS8.2AI score0.86863EPSS
Exploits17
0day.today
0day.today
added 2020/09/10 12:0 a.m.15 views

Input Director 1.4.3 Unquoted Service Path Vulnerability

Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path Discovery Date: 2020-09-08 Response from Input Director Support: 09/09/2020 Exploit Author: TOUHAMI Kasbaoui Vendor Homepage: https://www.inputdirector.com/ Version: 1.4.3 Tested on: Windows Server 2012, Windows 10 Find...

0.6AI score
Exploits0
0day.today
0day.today
added 2020/09/10 12:0 a.m.16 views

Audio Playback Recorder 3.2.2 Local Buffer Overflow Exploit

Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/09/08 12:0 a.m.52 views

ShareMouse 5.0.43 - (ShareMouse Service) Unquoted Service Path Vulnerability

Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path Discovery by: Alan Lacerda alacerda Vendor Homepage: https://www.sharemouse.com/ Software Link: https://www.sharemouse.com/ShareMouseSetup.exe Version: 5.0.43 Tested on OS: Microsoft Windows 10 Pro EN OS Version:...

0.7AI score
Exploits0
0day.today
0day.today
added 2020/09/07 12:0 a.m.64 views

macOS cfprefsd Arbitrary File Write / Local Privilege Escalation Exploit

This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an...

7CVSS0.3AI score0.03667EPSS
Exploits3
0day.today
0day.today
added 2020/09/07 12:0 a.m.26 views

Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vulnerability

Rapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability. Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vendor: Rapid7 Product web page: https://www.rapid7.com Affected version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME:...

0.4AI score
Exploits0
Total number of security vulnerabilities39001