Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/07/01 12:0 a.m.168 views

Joomla J2 JOBS 1.3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla J2 JOBS - Authenticated SQL Injection Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Version: 1.3.0 Tested on: Kali...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/01 12:0 a.m.133 views

Online Shopping Portal 3.1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/01 12:0 a.m.325 views

PHP-Fusion 9.03.60 - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.60 - PHP Object Injection Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 Description: PHP...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/30 12:0 a.m.119 views

Reside Property Management 3.0 - (profile) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Reside Property Management 3.0 - 'profile' SQL Injection Google Dork: "Copyright 2020 Reside Property Management" Exploit Author: Ultra Security Team Ashkan Moghaddas , AmirMohammad Safari Team Members: Behzad Khalifeh , Milad...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/06/30 12:0 a.m.170 views

ATutor 2.2.4 Directory Traversal / Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS9AI score0.73317EPSS
Exploits11
0day.today
0day.today
added 2020/06/30 12:0 a.m.140 views

Cellebrite EPR Decryption Hardcoded AES Key Material Vulnerability

The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of...

7.5CVSS0.4AI score0.02511EPSS
Exploits3
0day.today
0day.today
added 2020/06/30 12:0 a.m.143 views

Victor CMS 1.0 - (user_firstname) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/06/30 12:0 a.m.178 views

openSIS 7.4 Local File Inclusion Vulnerability

Exploit for php platform in category web applications -------------------------------------------------------------- openSIS = 7.4 Bottom.php Local File Inclusion Vulnerability -------------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions...

5CVSS7.8AI score0.69605EPSS
Exploits6
0day.today
0day.today
added 2020/06/30 12:0 a.m.201 views

openSIS 7.4 Multiple SQL Injection Vulnerabilties

Exploit for php platform in category web applications ----------------------------------------------------- openSIS = 7.4 Multiple SQL Injection Vulnerabilities ----------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior...

7.5CVSS0.2AI score0.59028EPSS
Exploits7
0day.today
0day.today
added 2020/06/30 12:0 a.m.201 views

openSIS 7.4 Incorrect Access Control Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and...

6.4CVSS0.4AI score0.52814EPSS
Exploits6
0day.today
0day.today
added 2020/06/29 12:0 a.m.151 views

Bolt CMS 3.7.0 Authenticated Remote Code Execution Exploit

This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7. Th...

7.9AI score
Exploits0
0day.today
0day.today
added 2020/06/26 12:0 a.m.132 views

Windscribe 1.83 - (WindscribeService) Unquoted Service Path Vulnerability

Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config WindscribeService...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/06/26 12:0 a.m.103 views

OpenEMR 5.0.1 - (controller) Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: OpenEMR 5.0.1 - 'controller' Remote Code Execution Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.open-emr.org/ Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: v5.0.1 Tested on: Linux...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/06/26 12:0 a.m.166 views

FHEM 6.0 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: FHEM 6.0 - Local File Inclusion Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://fhem.de/ Software Link: https://fhem.de/Download Version: v6.0 Tested on: Windows Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/26 12:0 a.m.155 views

mySCADA myPRO 7 - Hardcoded Credentials Vulnerability

Exploit Title: mySCADA myPRO v7 Hardcoded Credentials Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://myscada.org Software Link: https://www.myscada.org/mypro/ Version: v7.0.45 Tested on: Windows/Linux CVE-2018-11311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311...

9.1CVSS9.4AI score0.1593EPSS
Exploits5
0day.today
0day.today
added 2020/06/26 12:0 a.m.139 views

KiteService 1.2020.618.0 - Unquoted Service Path Vulnerability

Exploit Title: KiteService 1.2020.618.0 - Unquoted Service Path Discovery by: PoisonSk Vendor Homepage: https://www.kite.com/ Software Link : https://www.kite.com/download/ Tested Version: 1.2020.618.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Home Single...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/06/26 12:0 a.m.162 views

Cisco AnyConnect Path Traversal / Privilege Escalation Exploit

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IP...

6.5CVSS0.6AI score0.28307EPSS
Exploits15
0day.today
0day.today
added 2020/06/26 12:0 a.m.239 views

Lansweeper 7.2 Default Account / Remote Code Execution Vulnerability

Exploit Title: Lansweeper 7.2 - Incorrect Access Control SHODAN DORK : title:"Lansweeper - Login" Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.lansweeper.com/ Software Link: https://www.lansweeper.com Version: 6.0.x through 7.2.x Tested on: Windows CVE : CVE-2020-14011 Title...

9.8CVSS0.1AI score0.29467EPSS
Exploits4
0day.today
0day.today
added 2020/06/26 12:0 a.m.362 views

ASUS Aura Sync 1.07.71 Privilege Escalation Exploit

// CVE-2019-17603: ASUS Aura Sync 1.07.71 'ene.sys' EoP Kernel Exploit // Discovered by @dhn // Author of PoC: Connor McGarr @33y0re - https://connormcgarr.github.io // Windows 10 RS1 Version 10.0.14393 Build 14393 // Tested with VBS, HyperGuard, and PatchGuard disabled include include include //...

7.8CVSS0.9AI score0.0073EPSS
Exploits5
0day.today
0day.today
added 2020/06/26 12:0 a.m.208 views

NETGEAR R6700v3 Password Reset / Remote Code Execution Exploit

This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon /usr/sbin/upnpd, running on NETGEAR R6700v3 router with firmware versions V1.0.4.8210.0.57...

8.1AI score
Exploits0
0day.today
0day.today
added 2020/06/26 12:0 a.m.193 views

Inductive Automation Ignition Remote Code Execution Exploit

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to and including 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an...

7.5CVSS0.8AI score0.20208EPSS
Exploits4
0day.today
0day.today
added 2020/06/26 12:0 a.m.770 views

iOS / macOS Wifi Proximity Vulnerability

iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering. if 0 iOS/MacOS wifi proximity kernel double free in AWDL BSS Steering As part of developing an exploit for CVE-2020-3843 a heap overflow in AWDL I've been looking at the code for "BSS Steering". It...

9.3CVSS0.6AI score0.03475EPSS
Exploits1
0day.today
0day.today
added 2020/06/25 12:0 a.m.151 views

BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit title: BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Tested on: Window CVE-2020-14943 Description: The "Firstname" and "Lastname"...

3.5CVSS6.7AI score0.06338EPSS
Exploits8
0day.today
0day.today
added 2020/06/24 12:0 a.m.235 views

Responsive Online Blog 1.0 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...

0.6AI score
Exploits0
0day.today
0day.today
added 2020/06/24 12:0 a.m.140 views

LanSpy 2.0.1.159 Stack Buffer Overflow Exploit

""" Exploit title: LanSpy v.2.0.1.159 - Stack Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec - email protected - https://voidsec.com Vendor Homepage: https://lizardsystems.com/ Download: https://www.exploit-db.com/apps/70a780b78ee7dbbbbc99852259f75d53-lanspysetup2.0.1.159.exe Version:...

0.7AI score
Exploits0
0day.today
0day.today
added 2020/06/24 12:0 a.m.204 views

Gila CMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for perl platform in category web applications ===== Tempest Security Intelligence - ADV-07/2020 ========================== GilaCMS - Version 1.11.5 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of...

6.8CVSS0.1AI score0.01814EPSS
Exploits7
0day.today
0day.today
added 2020/06/24 12:0 a.m.187 views

Code Blocks 20.03 - Denial Of Service Exploit

Exploit Title: Code Blocks 20.03 - Denial Of Service PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/20.03/Windows/codeblocks-20.03-setup.exe/download Exploit Author: Paras Bhatia Vulnerable Software: Code Blocks...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/24 12:0 a.m.136 views

Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student) Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Student Enrollment System 1.0 - Cross-Site Request Forgery Add Student Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/24 12:0 a.m.193 views

Lansweeper 7.2 - Incorrect Access Control Vulnerability

Exploit Title: Lansweeper 7.2 - Incorrect Access Control SHODAN DORK : title:"Lansweeper - Login" Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.lansweeper.com/ Software Link: https://www.lansweeper.com Version: 6.0.x through 7.2.x Tested on: Windows CVE : CVE-2020-14011 Title...

9.8CVSS0.7AI score0.29467EPSS
Exploits4
0day.today
0day.today
added 2020/06/24 12:0 a.m.208 views

ABUS Secvest Wireless Control Device Missing Encryption Vulnerability

The wireless communication of the ABUS Secvest Wireless Control Device FUBE50001 for transmitting sensitive data like PIN codes or IDs of used proximity chip keys RFID tokens is not encrypted. Product: ABUS Secvest Wireless Control Device FUBE50001 Manufacturer: ABUS Affected Versions: N/A Tested...

8.1CVSS0.4AI score0.00793EPSS
Exploits2
0day.today
0day.today
added 2020/06/22 12:0 a.m.148 views

Mereo 1.9.4 Denial Of Service Exploit

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 , Windows Vista...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/22 12:0 a.m.131 views

WebPort 1.19.1 - Reflected Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: WebPort 1.19.1 - Reflected Cross-Site Scripting Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://webport.se/ Software Link: https://webport.se/nedladdningar/ Version: v1.19.1 Tested on: Windows/Linux CVE-2019-12461...

4.3CVSS6.5AI score0.09916EPSS
Exploits5
0day.today
0day.today
added 2020/06/22 12:0 a.m.139 views

FileRun 2019.05.21 - Reflected Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: FileRun 2019.05.21 - Reflected Cross-Site Scripting Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.filerun.com/ Software Link: https://filerun.com/download Version: v2019.05.21 Tested on: Windows/Linux CVE:...

4.3CVSS0.1AI score0.03605EPSS
Exploits7
0day.today
0day.today
added 2020/06/22 12:0 a.m.151 views

Frigate 2.02 - Denial Of Service Exploit

Exploit Title: Frigate 2.02 - Denial Of Service PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/Frigate2.exe Exploit Author: Paras Bhatia Vulnerable Software: Frigate Version: 2.02 Vulnerability Type: Denial of Service DoS Tested on: Windows ...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/22 12:0 a.m.238 views

Trend Micro Web Security (Virtual Appliance) Remote Code Execution Exploit

This Metasploit module exploits multiple vulnerabilities together in order to achieve a remote code execution. Unauthenticated users can execute a terminal command under the context of the root user. The specific flaw exists within the LogSettingHandler class of administrator interface software...

9.8CVSS8.9AI score0.89661EPSS
Exploits9
0day.today
0day.today
added 2020/06/22 12:0 a.m.161 views

Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Versio...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/22 12:0 a.m.158 views

WebPort 1.19.1 - (setup) Reflected Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://webport.se/ Software Link: https://webport.se/nedladdningar/ Version: v1.19.1 Tested on: Windows/Linux CVE-2019-12460...

4.3CVSS6.4AI score0.03833EPSS
Exploits5
0day.today
0day.today
added 2020/06/22 12:0 a.m.127 views

Odoo 12.0 - Local File Inclusion Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Odoo 12.0 - Local File Inclusion Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.odoo.com/ Software Link: https://www.odoo.com/trTR/page/download Version: v12.0 Tested on: Windows/Linux...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/22 12:0 a.m.175 views

Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/06/19 12:0 a.m.141 views

Agent Tesla Panel Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018...

9.2AI score
Exploits0
0day.today
0day.today
added 2020/06/18 12:0 a.m.158 views

Code Blocks 17.12 - (File Name) Local Buffer Overflow (Unicode) (SEH) Exploit

Exploit Title: Code Blocks 17.12 - 'File Name' Local Buffer Overflow Unicode SEH PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/17.12/Windows/codeblocks-17.12-setup.exe/download Exploit Author: Paras Bhatia...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/06/18 12:0 a.m.220 views

NetEase(163,126) Mail Persistent XSS Vulnerability

This ia a 0day XSS vulnerability. The vulnerability for Netease email163,126 that works on all operating systems and browsers. Android and iPhone sometimes don't work You can easily obtain the users session and password with this XSS. Also, QQ-XSS vulnerability will be uploaded soon. Thank you...

3.7AI score
Exploits0
0day.today
0day.today
added 2020/06/18 12:0 a.m.168 views

Cayin CMS NTP Server 11.0 Remote Code Execution Exploit

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the systemservice.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin...

9.9CVSS9.5AI score0.33874EPSS
Exploits8
0day.today
0day.today
added 2020/06/18 12:0 a.m.141 views

OpenCTI 3.3.1 - Directory Traversal Vulnerability

Exploit for multiple platform in category web applications Exploit Title: OpenCTI 3.3.1 - Directory Traversal Exploit Author: Raif Berkay Dincel Vendor Homepage: www.opencti.io/ Software https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1 Version: 3.3.1 CVE-ID: N/A Tested on: Linux Min...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/06/18 12:0 a.m.171 views

Beauty Parlour Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Exploit Author: Prof. Kailas PATIL krp Vendor Homepage: https://phpgurukul.com/ Software Link:...

Exploits0
0day.today
0day.today
added 2020/06/18 12:0 a.m.359 views

Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...

10CVSS10AI score0.14014EPSS
Exploits5
0day.today
0day.today
added 2020/06/18 12:0 a.m.135 views

College-Management-System-Php 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Vendor: https://github.com/olotieno/...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/06/18 12:0 a.m.252 views

Gila CMS 1.1.18.1 SQL Injection / Shell Upload Exploit

This Metasploit module exploits a remote SQL injection vulnerability in the "query" parameter found on Gila CMS version 1.1.18.1. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require "net/http"...

7.2CVSS8AI score0.26546EPSS
Exploits9
0day.today
0day.today
added 2020/06/16 12:0 a.m.150 views

SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13 Tested on: Windows and Linux CVE:...

7.5CVSS7.4AI score0.07842EPSS
Exploits6
0day.today
0day.today
added 2020/06/16 12:0 a.m.130 views

Documalis Free PDF Editor Buffer Overflow Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Documalis Free PDF Editor', 'Description' = %qDocumalis Free PDF Editor is prone to a security vulnerability when open PDF files.When the...

0.6AI score
Exploits0
Total number of security vulnerabilities39001