Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/08/15 12:0 a.m.237 views

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion Vulnerability

Exploit for hardware platform in category web applications QiHang Media Web QH.aspx Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.871 views

WebKit On iOS PAC / JIT Hardening Bypass Vulnerability

PAC and JIT Hardening Bypass in WebKit on iOS As per discussions with email protected, Apple would like to treat the PAC bypass described here as a security vulnerability by itself. The bypass was initially reported without a deadline on May 6. After receiving the reply that they will treat it as...

8.8CVSS0.02163EPSS
Exploits1
0day.today
0day.today
added 2020/08/15 12:0 a.m.184 views

Avian JVM 1.2.0 Silent Return Exploit

Avian JVM version 1.2.0 suffers from a silent return issue in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks are performed to prevent out-of-bounds memory read/write. One of these boundary checks makes the code return silently when a negative length is...

5.5CVSS0.6AI score0.01178EPSS
Exploits9
0day.today
0day.today
added 2020/08/15 12:0 a.m.199 views

WordPress Sell Photo 1.0.5 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sell Photo Wordpress Plugin v1.0.5 - Persistent Cross-Site Scripting Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/sell-photo/developers Exploit Author: Melbin K Mathew @melbinkm Autho...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/15 12:0 a.m.309 views

QiHang Media Web Digital Signage 3.0.9 Remote Code Execution Vulnerability

Exploit for hardware platform in category web applications function uploadShellPoC var xhr = new XMLHttpRequest; xhr.open"POST", "http://192.168.1.74:8090/QH.aspx", true; xhr.s...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/13 12:0 a.m.200 views

GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin) Vulneraility

Exploit for php platform in category web applications Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Add Admin Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/13 12:0 a.m.300 views

Artica Proxy 4.3.0 - Authentication Bypass Exploit

Exploit for hardware platform in category web applications Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass Google Dork: N/A Date: 2020-08-13 Exploit Author: Dan Duffy Vendor Homepage: http://articatech.net/ Software Link: http://articatech.net/download2x.php?IsoOnly=yes Version:...

9.6AI score0.93967EPSS
Exploits7
0day.today
0day.today
added 2020/08/12 12:0 a.m.409 views

vBulletin 5.6.2 - (widget_tabbedContainer_tab_panel) Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu...

7.5CVSS9.9AI score0.99728EPSS
Exploits27
0day.today
0day.today
added 2020/08/12 12:0 a.m.200 views

CMS Made Simple 2.2.14 - Authenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/12 12:0 a.m.423 views

vBulletin 5.x Remote Code Execution Exploit

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widgettabbedcontainertabpanel template while also providing the widgetphp argument. This causes the former template to load...

9.8CVSS10AI score0.99728EPSS
Exploits28
0day.today
0day.today
added 2020/08/11 12:0 a.m.212 views

Cisco 7937G Denial Of Service Exploit

CVE-2020-16138.py: Exploit Title: Cisco 7937G DoS 2 MSF Module Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: ', 'type': 'cve', 'ref': '2020-', 'type': 'edb', 'ref': '' , 'type': 'dos', 'options': 'rhost': 'type': 'address', 'description': 'Target address...

7.5CVSS0.1AI score0.7977EPSS
Exploits6
0day.today
0day.today
added 2020/08/11 12:0 a.m.188 views

BarracudaDrive 6.5 Local Privilege Escalation Vulnerability

Exploit Title: BarracudaDrive v6.5 - User-System - Local Privilege Escalation Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 08-08-2020 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Teste...

0.6AI score
Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.234 views

flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload Vulnerabilities

Exploit for php platform in category web applications title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: =1.5.5 fixed version: 1.5.7 CVE number: - impact: High homepage: https://flatcore.org/ found: 2020-03-28 by: Farhan Rahman Office Malaysia Azrul Ikhwan Zulkifli Office...

Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.247 views

Travel Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - SQLi Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec and Bobby Cooke boku Vendor Homepage: https://www.projectsworld.in Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.226 views

House Rental 1.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...

Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.183 views

Orion Application Server 1.5.2b Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications Orion Application Server - Cross Site Scripting Tested on: Orion Application Server 1.5.2b Date: Ago 09, 2020 Informer: Pablo Rebolini - Cross Site Scripting Poc: GET http://x.x.x.x/%3Cscript%3Ealert%22xss'ed%22%3C/script%3E Dork: "Orion...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.320 views

Cisco 7937G All-In-One Exploiter Exploit

This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below. Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepag...

9.8CVSS7.9AI score0.7977EPSS
Exploits8
0day.today
0day.today
added 2020/08/11 12:0 a.m.217 views

Travel Management System 1.0 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/10 12:0 a.m.190 views

BarcodeOCR 19.3.6 - (BarcodeOCR) Unquoted Service Path Vulnerability

Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted Service Path Vulnerability: C:\wmic service get...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/10 12:0 a.m.223 views

Fuel CMS 1.4.7 - (col) SQL Injection (Authenticated) Vulnerability

Exploit for php platform in category web applications Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection Authenticated Exploit Author: Roel van Beurden Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.7.zip Version: 1.4.7 Tested o...

0.2AI score0.90044EPSS
Exploits4
0day.today
0day.today
added 2020/08/10 12:0 a.m.179 views

Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password) Exploit

Exploit for php platform in category web applications Exploit Title: Warehouse Inventory System 1.0 - Cross-Site Request Forgery Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://oswapp.com Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/10 12:0 a.m.203 views

ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)

Exploit for java platform in category web applications Exploit Title: ManageEngine ADSelfService Plus 6000 – Unauthenticated Remote Code Execution Exploit Author: Bhadresh Patel Vendor link: https://www.manageengine.com/company.html Version: ADSelfService Plus build 6003 CVE : CVE-2020-11552 This...

9.2AI score0.07403EPSS
Exploits4
0day.today
0day.today
added 2020/08/08 12:0 a.m.158 views

Car Rental Management System 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Car Rental Management System v1.0 - Unauthenticated Persistent XSS Session Harvester Exploit Author: Bobby Cooke Date: August 6, 2020 Vendor Homepage: https://projectworlds.in Software Link:...

Exploits0
0day.today
0day.today
added 2020/08/08 12:0 a.m.157 views

Tailor Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Tailor Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit Karadag Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Exploits0
0day.today
0day.today
added 2020/08/08 12:0 a.m.161 views

All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery Add Admin Discovery by: LiquidWorm Discovery Date: 2020-08-05 Vendor Homepage: https://www.all-dynamics.de !-- All-Dynamics Software enlogic:show Digital...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/07 12:0 a.m.229 views

CodeMeter 6.60 - (CodeMeter.exe) Unquoted Service Path Vulnerability

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.164 views

Victor CMS 1.0 - (Search) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection Exploit Author: Edo Maland Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: XAMPP ...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.141 views

Daily Expenses Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expenses Management System 1.0 - Multiple SQL Injection Vulnerabilty Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.137 views

Online Shopping Alphaware 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Edit Customer Account' Persistent Cross-Site Scripting Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html...

Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.162 views

Online Shopping Alphaware 1.0 Unauthorized Administrative Access Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Unauthorized Admin Page Access Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.175 views

Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.195 views

Online Shopping Alphaware 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Multiple SQL Injection Vulnerabilty Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.159 views

Online Shopping Alphaware 1.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Arbitrary File Upload Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.221 views

Curfew e-Pass Management System 1.0 SQL Injection Vulnerability

Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau. Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.176 views

Online Shopping Alphaware 1.0 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Cross-Site Request Forgery Account Takeover Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.181 views

Docker Privileged Container Escape Exploit

This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYSADMIN, --privileged. This module requir...

7.3AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.191 views

Daily Expenses Management System 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expenses Management System 1.0 - Multiple Persistent Cross-Site Scripting Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/06 12:0 a.m.149 views

Daily Expenses Management System 1.0 Cross SIte Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expenses Management System 1.0 - Cross-Site Request Forgery Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/05 12:0 a.m.244 views

Gantt-Chart For Jira 5.5.3 Missing Privilege Check Vulnerability

Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users. Product: Jira module "Gantt-Chart for Jira" Manufacturer: Frank Polscheit - Solutions & IT-Consulting Affected Versions: =5.5.3 Tested...

0.8AI score0.01834EPSS
Exploits3
0day.today
0day.today
added 2020/08/05 12:0 a.m.191 views

ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service Exploit

Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service PoC Exploit Author: MegaMagnus Vendor Homepage: https://www.acti.com/ Software Link: https://www.acti.com/DownloadCenter Version: V.3.0.12.42 , V.2.3.04.07 Tested on: Windows 7, Windows 10 CVE: CVE-2020-15956...

7.5CVSS0.10522EPSS
Exploits5
0day.today
0day.today
added 2020/08/05 12:0 a.m.187 views

Stock Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/05 12:0 a.m.201 views

c-ares 1.16.0 Use-After-Free Exploit

c-ares version 1.16.0 has an issue where aresdestroy with pending aresgetaddrinfo leads to a use-after-free condition. c-ares 1.16.0: aresdestroy with pending aresgetaddrinfo leads to use-after-free The following code was introduced in c-ares commit dbd4c441 first released in 1.16.0, which was...

7AI score
Exploits0
0day.today
0day.today
added 2020/08/05 12:0 a.m.193 views

Documalis Free PDF Editor 5.7.2.26 / Documalis Free PDF Scanner 5.7.2.122 Buffer Overflow Exploit

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the us...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/08/05 12:0 a.m.194 views

Gantt-Chart For Jira 5.5.4 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications Product: Jira module "Gantt-Chart for Jira" Manufacturer: Frank Polscheit - Solutions & IT-Consulting Affected Versions: alert'XSS'" can be chosen as the name of a filter and is then d...

5.6AI score0.01348EPSS
Exploits3
0day.today
0day.today
added 2020/08/05 12:0 a.m.195 views

QlikView 12.50.20000.0 - (FTP Server Address) Denial of Service Exploit

Exploit Title: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.qlik.com Software Link: https://www.qlik.com/us/trial/qlik-sense-business Tested Version: 12.50.20000.0 Vulnerability Type: Denial of Service DoS Local Teste...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/08/04 12:0 a.m.1117 views

Pi-hole 4.3.2 - Remote Code Execution (Authenticated) Exploit

Exploit for linux platform in category web applications !/usr/bin/env python2 Exploit Title: Pi-hole 4.3.2 - Remote Code Execution Authenticated Date: 2020-08-04 Exploit Author: Luis Vacas @CyberVaca Vendor Homepage: https://pi-hole.net/ Software Link: https://github.com/pi-hole/pi-hole Version: ...

6.5CVSS0.77847EPSS
Exploits13
0day.today
0day.today
added 2020/08/04 12:0 a.m.155 views

RTSP for iOS 1.0 - (IP Address) Denial of Service Exploit

Exploit Title: RTSP for iOS 1.0 - 'IP Address' Denial of Service PoC Author: Luis Martinez Vendor Homepage: https://appadvice.com/app/rtsp-viewer/1056996189 Software Link: App Store for iOS devices Tested Version: 1.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: iPhone 7 iOS 13.5...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/04 12:0 a.m.157 views

Daily Expenses Management System 1.0 - (username) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Tested on: XAMPP Version 5.6.40 / Windows ...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/04 12:0 a.m.145 views

Mocha Telnet Lite for iOS 4.2 - (User) Denial of Service Exploit

Exploit Title: Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://apps.apple.com/us/app/telnet-lite/id286893976 Software Link: App Store for iOS devices Tested Version: 4.2 Vulnerability Type: Denial of Service DoS Local Tested on OS:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/03 12:0 a.m.86 views

Stock Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html...

Exploits0
Total number of security vulnerabilities39001