Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/07/26 12:0 a.m.212 views

Socusoft Photo to Video Converter Professional 8.07 (Output Folder) Buffer Overflow (SEH Egghunter)

Exploit Title: Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow SEH Egghunter Exploit Author: MasterVlad Vendor Homepage: http://www.dvd-photo-slideshow.com/photo-to-video-converter.html Software Link:...

0.8AI score
Exploits0
0day.today
0day.today
added 2020/07/26 12:0 a.m.279 views

DiskBoss 7.7.14 - (Reports and Data Directory) Buffer Overflow (SEH Egghunter) Exploit

Exploit Title: DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow SEH Egghunter Exploit Author: MasterVlad Vendor Homepage: https://www.diskboss.com/ Software Link: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Version: 7.7.14 Vulnerability Type:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/26 12:0 a.m.208 views

GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) Vulnerability

Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 La...

Exploits0
0day.today
0day.today
added 2020/07/24 12:0 a.m.363 views

SteelCentral Aternity Agent 11.0.0.120 Privilege Escalation Vulnerability

======================================================================= title: Privilege Escalation Vulnerability product: SteelCentral Aternity Agent vulnerable version: 11.0.0.120 fixed version: CVE number: CVE-2020-15592, CVE-2020-15593 impact: Critical homepage: https://www.riverbed.com/gb/ b...

7.8CVSS7.7AI score0.01855EPSS
Exploits1
0day.today
0day.today
added 2020/07/24 12:0 a.m.199 views

Newsportal 3 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Newsportal v3 - 'uname' - SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/ Software...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/23 12:0 a.m.449 views

FTPDummy 4.80 - Local Buffer Overflow (SEH) Exploit

Exploit Title: FTPDummy 4.80 - Local Buffer Overflow SEH Author: Felipe Winsnes Software Link: http://www.dummysoftware.com/ftpdummy.html Version: 4.80 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run the python script, it will create the file...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/23 12:0 a.m.465 views

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability

Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/23 12:0 a.m.711 views

Online Book Store 1.0 Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Exploit Author: Tib3rius Vendor Homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/23 12:0 a.m.434 views

Snes9K 0.09z - (Port Number) Buffer Overflow (SEH) Exploit

Exploit Title: Snes9K 0.09z - 'Port Number' Buffer Overflow SEH Exploit Author: MasterVlad Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://www.exploit-db.com/apps/ef5249b64ce34575c12970b334a08c17-snes9k009z.zip Version: 0.09z Vulnerability Type: Local Buffer...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/22 12:0 a.m.536 views

WordPress NexosReal Estate 1.7 Theme - (search_order) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Softwar...

5CVSS8AI score0.05901EPSS
Exploits7
0day.today
0day.today
added 2020/07/22 12:0 a.m.513 views

NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter) Exploit

Exploit Title: NetPCLinker 1.0.0.0 - Buffer Overflow SEH Egghunter Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/netpclinker/ Software Link: https://sourceforge.net/projects/netpclinker/files/ Version: 1.0.0.0 Tested on: Windows Vista SP1 !/usr/bin/python '...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/22 12:0 a.m.530 views

Docsify 4.11.4 - Reflective Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE :...

6.6AI score0.045EPSS
Exploits5
0day.today
0day.today
added 2020/07/22 12:0 a.m.591 views

ZenTao Pro 8.8.2 Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...

9.6CVSS9.5AI score0.17225EPSS
Exploits4
0day.today
0day.today
added 2020/07/22 12:0 a.m.556 views

Sophos VPN Web Panel 2020 - Denial of Service Exploit

Exploit Title: Sophos VPN Web Panel 2020 - Denial of Service Poc Exploit Author: Berk KIRAS Vendor Homepage: https://www.sophos.com/ Version:2020 Web Panel Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist Sophos VPN Web Portal Denial of Service Vulnerability System parse JSON data. If...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/21 12:0 a.m.714 views

Mida Solutions eFramework 2.9.0 XSS / Code Execution / SQL Injection Vulnerabilities

Mida Solutions eFramework versions 2.9.0 and below suffer from command execution, cross site scripting, denial of service, remote SQL injection, and path traversal vulnerabilities. ============================================= Title: Mida Solutions eFramework Multiple Vulnerabilities Author: Andr...

0.7AI score
Exploits0
0day.today
0day.today
added 2020/07/21 12:0 a.m.337 views

Intellian / Sea Tel / SAILOR VSAT / RedPort maritime Exploit Pack

ever wondered how can someone hack into a ship/vessel/carrier/yacht? well here is the bundle targeting 3 major companies specialized in maritime satellite networks. in this bundle you get Intellian 3 root backdoors seatel 1 DOS sailor 2 sensitive information disclosure redport 1 admin busybox RCE...

6.9AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.496 views

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Vulnerability

UBICOD Medivision Digital Signage version 1.5.1 suffers from a privilege escalation vulnerability that is leveraged via authorization bypass. UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page:...

7.3AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.487 views

Company Visitor Management System (CVMS) 1.0 SQL Injection Vulnerability

Company Visitor Management System CVMS version 1.0 suffers from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos68...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.466 views

Employee Record Management System 1.1 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Employee Record Management SystemERMS 1.1 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.258 views

Daily Expense Tracker 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expense Tracker 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.235 views

LibreHealth 2.0.0 Remote Code Execution Exploit

Exploit Title: LibreHealth v2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Tested Using: Python 2.7.17...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.488 views

UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.264 views

Directory Management System (DMS) 1.0 SQL Injection Vulnerability

Directory Management System DMS version 1.0 suffers from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Directory Management System DMS 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 |...

Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.631 views

Plex Unpickle Dict Windows Remote Code Execution Exploit

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will b...

7.2CVSS7.8AI score0.72936EPSS
Exploits4
0day.today
0day.today
added 2020/07/19 12:0 a.m.604 views

Simple Startup Manager 1.17 - (File) Local Buffer Overflow Exploit

Exploit Title: Simple Startup Manager 1.17 - 'File' Local Buffer Overflow PoC Exploit Author: PovlTekstTV Vulnerable Software: Simple Startup Manager Software Link Download: http://www.ashkon.com/download/startup-manager.exe Version: 1.17 Vulnerability Type: Local Buffer Overflow Tested on: Windo...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.733 views

SMB12 Information Gathering Exploit

SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version only supported by SMB1 as per protocol definition, DNS computer name, DNS domain name, NetBIOS computer name and NetBIO...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.657 views

VMware ESXi Use-After-Free / Out-Of-Bounds Access Vulnerability

Several security issues have been identified in the VMware ESIx virtual machine monitor VMM. A use-after-free UAF vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads. Overview ======= We...

8.4CVSS0.1AI score0.00587EPSS
Exploits4
0day.today
0day.today
added 2020/07/19 12:0 a.m.565 views

PMB 5.6 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: PMB 5.6 Cross Site Scripting XSS Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Email: tarikbak999atgmail.com Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/19 12:0 a.m.941 views

WonderCMS 3.1.0 XSS / Directory Traversal / File Upload Vulnerabilities

Exploit for php platform in category web applications title: Multiple Vulnerabilities product: WonderCMS vulnerable version: =3.1.0 fixed version: - CVE number: - impact: High homepage: https://www.wondercms.com/ found: 2020-04-30 by: Calvin Phang Office Singapore SEC Consult Vulnerability Lab An...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/17 12:0 a.m.493 views

CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password) Vulnerability

Exploit for php platform in category web applications Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery Change Admin Password Exploit Author: Noth Vendor Homepage: https://github.com/boiteasite/cmsuno Software Link: https://github.com/boiteasite/cmsuno Version: v1.6 CVE : 2020-15600 An issue...

4.3CVSS0.3AI score0.01899EPSS
Exploits3
0day.today
0day.today
added 2020/07/17 12:0 a.m.504 views

Vehicle Parking Management System 1.0 SQL Injection Vulnerability

Vehicle Parking Management System version 1.0 suffer from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Vehicle Parking Management System 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 |...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/07/17 12:0 a.m.1024 views

RiteCMS 2.2.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: RiteCMS 2.2.1 - Remote Code Execution Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://CHANGE-THIS/ritecms/cms/ 2- Default username and password is...

Exploits0
0day.today
0day.today
added 2020/07/17 12:0 a.m.442 views

Sonar Qube 8.3.1 - (SonarQube Service) Unquoted Service Path Vulnerability

Title: Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path Author: Velayutham Selvaraj Vendor Homepage: https://www.sonarqube.org Software Link: https://www.sonarqube.org/downloads/ Version : 8.3.1 Tested on: Windows 10 64bitEN About Unquoted Service Path : ==============================...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/17 12:0 a.m.446 views

Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web console based on Lua...

Exploits0
0day.today
0day.today
added 2020/07/15 12:0 a.m.235 views

Zyxel Armor X1 WAP6806 - Directory Traversal Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal Exploit Author: Rajivarnan R Vendor Homepage: https://www.zyxel.com/ Software http://www.zyxelguard.com/WAP6806.asp Version: V1.00ABAL.6C0 CVE: 2020-14461 Tested on: Linux Mint /...

5CVSS0.1AI score0.09537EPSS
Exploits3
0day.today
0day.today
added 2020/07/15 12:0 a.m.258 views

Joomla J2 JOBS 1.3.0 - (sortby) Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Change Log Upda...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/15 12:0 a.m.228 views

SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.supermicro.com/ Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware...

9.3CVSS0.5AI score0.02296EPSS
Exploits6
0day.today
0day.today
added 2020/07/15 12:0 a.m.277 views

SecZetta NEProfile 3.3.11 Remote Code Execution Vulnerability

Exploit Title: NEProfile - Remote Code Execution Date: 5/13/2020 Vendor Homepage: https://seczetta.com Software Link: https://seczetta.com/product/ne-profile Version: 3.3.11 Tested on: 3.3.11 Exploit Author: Josh Sheppard Exploit Contact: ghost a t undervurse dotcom Exploit Technique: Remote CVE...

8.8CVSS8.7AI score0.02975EPSS
Exploits1
0day.today
0day.today
added 2020/07/15 12:0 a.m.204 views

Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/15 12:0 a.m.289 views

Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/php/14198/online-farm-management-system-phpmysql.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/15 12:0 a.m.235 views

Online Polling System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Polling System 1.0 - Authentication Bypass Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/15 12:0 a.m.220 views

Infor Storefront B2B 1.0 - (usr_name) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Version...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.201 views

Apartment Visitors Management System Project 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Apartment Visitors Management System Project 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.238 views

BSA Radar 1.6.7234.24750 - Local File Inclusion Vulnerability

Exploit for multiple platform in category web applications Exploit title: BSA Radar 1.6.7234.24750 - Local File Inclusion Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE-2020-14946 - Local File Inclusion...

4CVSS4.8AI score0.077EPSS
Exploits4
0day.today
0day.today
added 2020/07/14 12:0 a.m.233 views

Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 Remote Code Execution Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual Appliance Remote Code Execution', 'Description' = %q...

6.5CVSS0.89661EPSS
Exploits9
0day.today
0day.today
added 2020/07/14 12:0 a.m.245 views

Teachers Record Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Teachers Record Management System 1.0 - 'searchteacher' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.219 views

Client Management System 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Client Management System 1.0 - 'searchdata' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/14 12:0 a.m.245 views

Cyber Cafe Management System SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Cyber Cafe Management System - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/07/13 12:0 a.m.212 views

Park Ticketing Management System 1.0 - (viewid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/07/13 12:0 a.m.215 views

Small CRM 2.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: Small CRM in PHP - 'id' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/small-crm-php/ Software Link:...

Exploits0
Total number of security vulnerabilities39001