Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/05/13 12:0 a.m.39 views

Tryton 5.4 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Tryton 5.4 - Persistent Cross-Site Scripting Vendor Homepage: https://www.tryton.org/ Version: 5.4 Software Link: https://www.tryton.org/download Document Title: =============== Tryton v5.4 - Name Persistent Cross Site...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.48 views

Phase Botnet - Blind SQL Injection Exploit

Exploit for linux platform in category web applications...

1.4AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.50 views

WordPress ChopSlider 3 3.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://idangero.us/ Software Link: https://github.com/idangerous/Plugins Version: getrow'SELECT FROM '...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.31 views

qdPM 9.1 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - Arbitrary File Upload Author: Besim ALTINOK Vendor Homepage: https://sourceforge.net/projects/qdpm/ Software Link: https://sourceforge.net/projects/qdpm/ Version: v9.1 Maybe it affect other versions Tested on: Xampp...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.44 views

Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation Exploit

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested...

7.8CVSS0.5AI score0.08566EPSS
Exploits7
0day.today
0day.today
added 2020/05/12 12:0 a.m.27 views

LanSend 3.2 - Buffer Overflow (SEH) Exploit

Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w' """ PoC 1. Run...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.57 views

MacOS 320.whatis Script - Privilege Escalation

Exploit Title: MacOS 320.whatis Script - Privilege Escalation Exploit Author: Csaba Fitzl Vendor Homepage: https://support.apple.com/en-us/HT210722 Version: macOS Labelcom.sample.LoadProgramArguments /Applications/Scripts/sample.shRunAtLoad!-- """ shquickcontent = """...

9.3CVSS0.7AI score0.01036EPSS
Exploits3
0day.today
0day.today
added 2020/05/12 12:0 a.m.57 views

CuteNews 2.1.2 - Authenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: CuteNews 2.1.2 - Authenticated Arbitrary File Upload Author: Vigov5 - SunCSR Team Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Tested on: Ubuntu 18.04 / Kali...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.47 views

Netsweeper WebAdmin unixlogin.php Python Code Injection Exploit

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS...

8.1AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.49 views

Orchard Core RC1 - Persistent Cross-Site Scripting Vulnerability

Exploit for asp platform in category web applications Exploit Title: Orchard Core RC1 - Persistent Cross-Site Scripting Google Dork: "Orchardcms" Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: http://www.orchardcore.net/ Software Link: https://github.com/OrchardCMS/OrchardCor...

Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.107 views

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations...

9.8CVSS0.9AI score0.96405EPSS
Exploits25
0day.today
0day.today
added 2020/05/12 12:0 a.m.31 views

TylerTech Eagle 2018.3.11 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: TylerTech Eagle 2018.3.11 - Remote Code Execution Exploit Author: Anthony Cole Vendor Homepage: https://www.tylertech.com/products/eagle Version: 2018.3.11 Tested on: Windows 2012 CVE: N/A Category: webapps Eagle is a software...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.68 views

Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...

0.1AI score0.0312EPSS
Exploits4
0day.today
0day.today
added 2020/05/12 12:0 a.m.45 views

MikroTik RouterOS Denial Of Service / Memory Corruption Vulnerability

MikroTik RouterOS suffers from two vulnerabilities. The cerm process suffers from an uncontrolled resource consumption issue. By sending a crafted packet, an authenticated remote user can cause a high cpu load, which may make the device respond slowly or unable to respond. Versions until stable...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.42 views

Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Vendor: http://www.sentrifugo.com/ Link: http://www.sentrifugo.com/download Version: 3.2 Product & Service Introduction: ===============================...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.39 views

OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting Vendor: https://www.openz.de/ https://www.openz.de/download.html Document Title: =============== OpenZ v3.6.60 ERP - Employee Persistent XSS Vulnerability Product & Service...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.31 views

Complaint Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: complaint management system 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.35 views

Kartris 1.6 - Arbitrary File Upload Vulnerability

Exploit for asp platform in category web applications Exploit Title: Kartris 1.6 - Arbitrary File Upload Exploit Author: Nhat Ha - Sun CSR Vendor Homepage: https://www.cactusoft.com/ Software Link: https://www.kartris.com/ Version: 1.6 Category: Webapps Tested on: WiN10x64/KaLiLinuXx64 CVE: N/A...

Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.106 views

Pi-hole < 4.4 - Remote Code Execution / Privileges Escalation Exploit

Exploit for linux platform in category web applications !/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard...

9CVSS0.2AI score0.78262EPSS
Exploits17
0day.today
0day.today
added 2020/05/11 12:0 a.m.38 views

Online AgroCulture Farm Management System 1.0 - (uname) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.69 views

Victor CMS 1.0 - (post) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'post' SQL Injection Exploit Author: BKpatron Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: v1.0 Tested on: Win 10 CV...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.42 views

CuteNews 2.1.2 - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: CuteNews 2.1.2 - Arbitrary File Deletion Author: Besim ALTINOK Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Maybe it affect other versions Tested on: Xampp...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/11 12:0 a.m.112 views

Pi-hole < 4.4 - Remote Code Execution Exploit

Exploit for linux platform in category web applications !/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard...

9CVSS8.7AI score0.78262EPSS
Exploits17
0day.today
0day.today
added 2020/05/11 12:0 a.m.47 views

LibreNMS 1.46 - (search) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: LibreNMS 1.46 - 'search' SQL Injection Google Dork:unknown Exploit Author: Punt Vendor Homepage: https://www.librenms.org Software Link: https://www.librenms.org Version:1.46 and less Tested on:Linux and Windows CVE: N/A Affecte...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/05/09 12:0 a.m.41 views

WebTareas 2.0p8 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Vendor Homepage: http://webtareas.sf.net/ Software Link:...

Exploits0
0day.today
0day.today
added 2020/05/09 12:0 a.m.74 views

ManageEngine DataSecurity Plus Authentication Bypass Vulnerability

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability. ManageEngine DataSecurity Plus Authentication Bypass Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3...

10CVSS9.4AI score0.77477EPSS
Exploits7
0day.today
0day.today
added 2020/05/09 12:0 a.m.33 views

Create-Project Manager 1.07 Cross Site Scripting / HTML Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Create-Project Manager 1.07 Multi XSS /HTML injection Vunlerabilities Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/create-project-manager-with-authenticator/20483329?srank=3 Version: 1.6 Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/09 12:0 a.m.78 views

ManageEngine Asset Explorer Windows Agent Remote Code Execution Vulnerability

Exploit for php platform in category web applications ManageEngine Asset Explorer Windows Agent Remote Code Execution Vulnerability Identifiers ------------------------------------------------- CVE-2020-8838 XL-20-003 CVSSv3 score ------------------------------------------------- 7.5...

4.9CVSS0.1AI score0.01557EPSS
Exploits3
0day.today
0day.today
added 2020/05/09 12:0 a.m.93 views

Service Tracing Privilege Escalation Exploit

This Metasploit module leverages a trusted file overwrite with a dll hijacking vulnerability to gain SYSTEM-level access on vulnerable Windows 10 x64 targets. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

7.8CVSS1.2AI score0.2605EPSS
Exploits8
0day.today
0day.today
added 2020/05/09 12:0 a.m.32 views

WordPress Dosimple Theme 2.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a cross site web vulnerability in...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/09 12:0 a.m.134 views

WordPress ChopSlider 3 SQL Injection Vulnerability

Exploit for php platform in category web applications ---------------------------------------------------------------- ChopSlider3 Wordpress Plugin SQL Injection ---------------------------------------------------------------- - Software Link: https://idangero.us/...

7.5CVSS0.2AI score0.95657EPSS
Exploits8
0day.today
0day.today
added 2020/05/09 12:0 a.m.50 views

Linux 5.6 IORING_OP_MADVISE Race Condition

Linux 5.6 has an issue with IORINGOPMADVISE racing with coredumping. Linux 5.6: IORINGOPMADVISE races with coredumping Last year, I noticed that core dumping iterates over current-mm's VMA list without proper locking, under the assumption that the VMA list can not be modified externally. This...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/09 12:0 a.m.95 views

ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...

6.5CVSS0.3AI score0.13655EPSS
Exploits3
0day.today
0day.today
added 2020/05/09 12:0 a.m.91 views

Microsoft Windows NtUserMNDragOver Local Privilege Escalation Exploit

This Metasploit module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex, which is reachable via a NtUserMNDragOver system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint function does not effectively check the validity of the tagPOPUPMENU...

7.8CVSS7.7AI score0.53298EPSS
Exploits10
0day.today
0day.today
added 2020/05/07 12:0 a.m.65 views

SolarWinds MSP PME Cache Service Insecure File Permissions / Code Execution Exploit

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities. Title: SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG GitHub:...

9.3CVSS0.7AI score0.22404EPSS
Exploits4
0day.today
0day.today
added 2020/05/07 12:0 a.m.33 views

Car Park Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Car Park Management System 1.0 - Authentication Bypass Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.24 views

i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.50 views

IBM Data Risk Manager 2.0.3 Default Password Exploit

This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time o...

10CVSS1.1AI score0.71363EPSS
Exploits10
0day.today
0day.today
added 2020/05/07 12:0 a.m.46 views

Draytek VigorAP 1000C - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Title: Draytek VigorAP 1000C - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-05-07 Vendor: https://www.draytek.com/ Software: https://www.draytek.com/products/vigorap-903/ Product & Service Introduction:...

Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.73 views

Linux/x64 Anti-Debug Trick INT3 Trap Shellcode (113 bytes)

113 bytes small Linux/x64 anti-debug trick INT3 trap with execve"/bin/sh" shellcode that is NULL free. / Shellcode Title: linux/x64 anti-debug trick INT3 trap + execve"/bin/sh" - NULL Free - 113 bytes Shellcode Author: Dario Castrogiovanni Tested on: LXLE Linux 18.04 x64 Description: This shellco...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.29 views

webTareas 2.0.p8 - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: webTareas 2.0.p8 - Arbitrary File Deletion Author: Besim ALTINOK Vendor Homepage: https://sourceforge.net/projects/webtareas/files/ Software Link: https://sourceforge.net/projects/webtareas/files/ Version: v2.0.p8 Tested on: Xam...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.55 views

Online Clothing Store 1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.556 views

Kentico CMS 12.0.14 Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML inp...

9.8CVSS1.1AI score0.96031EPSS
Exploits5
0day.today
0day.today
added 2020/05/07 12:0 a.m.63 views

GitLab 12.9.0 - Arbitrary File Read Exploit

Exploit for ruby platform in category web applications Exploit Title: GitLab 12.9.0 - Arbitrary File Read Exploit Author: KouroshRZ Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Ubuntu 18.04 but it's O...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.62 views

TrixBox CE 2.8.0.4 Command Execution Exploit

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpointdevicemap.php page. Successful exploitation allows for arbitrary command executi...

9CVSS9.2AI score0.65208EPSS
Exploits4
0day.today
0day.today
added 2020/05/07 12:0 a.m.75 views

IBM Data Risk Manager 2.0.3 Remote Code Execution Exploit

IBM Data Risk Manager IDRM contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. Thi...

10CVSS10.2AI score0.71363EPSS
Exploits10
0day.today
0day.today
added 2020/05/07 12:0 a.m.42 views

Extreme Networks Aerohive HiveOS 11.x Denial Of Service Exploit

Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service DoS attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the...

7.6AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.29 views

YesWiki cercopitheque 2020.04.18.1 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection Exploit Author: coiffeur Vendor Homepage: https://yeswiki.net/ Software Link: https://yeswiki.net/, https://github.com/YesWiki/yeswiki Version: YesWiki cercopitheque...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.37 views

MPC Sharj 3.11.1 - Arbitrary File Download Exploit

Exploit for php platform in category web applications Exploit title : MPC Sharj 3.11.1 - Arbitrary File Download Exploit Author : SajjadBnd Date : 2020-05-02 Software Link : http://dl.nuller.ir/mpc-sharj-vr3.11.1betawww.nuller.ir.zip Tested on : Ubuntu 19.10 Version : 3.11.1 Beta DESCRIPTION MPC...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/05/07 12:0 a.m.63 views

WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: WordPress WooCommerce - Advanced Order Export plugin. Vendor Homepage: https://algolplus.com/plugins/downloads/advanced-order-export-for-woocommerce-pro/ Vulnerable Version: 3.1.3 Fixed Version: 3.1.4 CVE Number: CVE-2020-11727 Author...

4.3CVSS6.3AI score0.01955EPSS
Exploits4
Total number of security vulnerabilities39001