Lucene search
K

39001 matches found

0day.today
0day.today
added 2020/04/27 12:0 a.m.78 views

Counter-Strike CS:GO BuildID: 4937372 - Arbitrary Code Execution Exploit

Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...

7.8CVSS0.5AI score0.01088EPSS
Exploits4
0day.today
0day.today
added 2020/04/27 12:0 a.m.140 views

Linux/x86 Reverse Shell Generator Shellcode (80 bytes)

80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address. Title: Linux/x86 - Reverse Shell Generator - Customizable TCP Port & IP Address 80 bytes Exploit Author: Bobby Cooke Tested on: Ubuntu 16.04.6 - 4.15.0-45-generic x86 i686 Usage: TERMINAL 1 root ...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.125 views

Linux/x64_86 Egghunter Execve Shellcode (63 bytes)

63 bytes small Linux/x6486 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve/bin/bash shellcode. // Shellcode Title: Linux/x64 -...

7.5AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.23 views

Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery Add Admin Author: Besim ALTINOK Vendor Homepage: https://www.maiansupport.com Software Link: https://www.maiansupport.com/zip.html Version: v4.3 Tested on: Xampp Credit:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.32 views

Online Course Registration 2.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Course Registration 2.0 - Authentication Bypass Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.99 views

Netis E1+ 1.2.32533 - Backdoor Account (root) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netis E1+ 1.2.32533 - Backdoor Account root Author: Besim ALTINOK Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/204 Version: V1.2.32533 Tested on: Netis...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.48 views

Linux/x86 Egghunter Shellcode (39 bytes)

39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. // Shellcode Title: Linux/x86 - EggHunter + Null-free 39...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.38 views

Online shopping system advanced 1.0 - (p) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection Exploit Author : Majid kalantari Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced Software link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.26 views

PHP-Fusion 9.03.50 - (Edit Profile) Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.33 views

Linux/x64_86 ROL Encoded Execve Shellcode (57 bytes)

57 bytes small Linux/x6486 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload. // Shellcode Title: Linux/x64 - ROL Encoded Execve Shellcode 57 bytes // Shellcode Author: Bobby Cooke // Tested...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.50 views

Linux/x86 Dynamic MMX+FPU Encoded Add Root User Shellcode (155 bytes)

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/pass...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.74 views

Docker Desktop Community Edition <= 2.1.0.1 Privilege Escalation Exploit

This Metasploit module exploit leverages a vulnerability in Docker Desktop Community Edition versions prior to 2.1.0.1 where an attacker can write a payload to a lower-privileged area to be executed automatically by the docker user at login. This module requires Metasploit:...

9.3CVSS0.8AI score0.29628EPSS
Exploits5
0day.today
0day.today
added 2020/04/24 12:0 a.m.134 views

WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access Vulnerability

WebKit: Data race in AudioArray::allocate can lead to OOB access VULNERABILITY DETAILS Source/WebCore/platform/audio/AudioArray.h: void allocateChecked n ... while !isAllocationGood // Initially we try to allocate the exact size, but if it's not aligned // then we'll have to reallocate and from...

3.1CVSS0.3AI score0.01116EPSS
Exploits2
0day.today
0day.today
added 2020/04/24 12:0 a.m.16 views

Edimax EW-7438RPn 1.13 - Remote Code Execution Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn 1.13 - Remote Code Execution Exploit Author: Besim ALTINOK Vendor Homepage: https://www.edimax.com/edimax/merchandise/merchandisedetail/data/edimax/global/wi-firangeextendersn300/ew-7438rpnmini/ Version:1....

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.249 views

QRadar Community Edition 7.3.1.6 Default Credentials Vulnerability

QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including encrypted credentials and host tokens. With these host tokens it is...

5CVSS7.6AI score0.01959EPSS
Exploits3
0day.today
0day.today
added 2020/04/24 12:0 a.m.44 views

QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control Vulnerability

QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities. ------------------------------------------------------------------------ Cross-Site Request Forgery & weak access control in QRadar ConfigServices webservice...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.21 views

EspoCRM 5.8.5 - Privilege Escalation Vulnerability

Exploit for multiple platform in category web applications Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.56 views

Popcorn Time 6.2 - (Update service) Unquoted Service Path Vulnerability

Exploit Title: Popcorn Time 6.2 - 'Update service' Unquoted Service Path Vendor Homepage: https://getpopcorntime.is Exploit Authors: Uriel Yochpaz & Jonatan Schor Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 6.2.1.14 and probably prior versions Tested on: Windows 10...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.63 views

Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A...

7.1AI score0.09876EPSS
Exploits5
0day.today
0day.today
added 2020/04/24 12:0 a.m.79 views

QRadar Community Edition 7.3.1.6 Authorization Bypass Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Authorization bypass in QRadar Forensics web application ------------------------------------------------------------------------ Abstract...

5.5CVSS5.8AI score0.00893EPSS
Exploits3
0day.today
0day.today
added 2020/04/24 12:0 a.m.96 views

QRadar Community Edition 7.3.1.6 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ PHP object injection vulnerability in QRadar Forensics web application ------------------------------------------------------------------------ Abstract...

6.5CVSS0.2AI score0.01732EPSS
Exploits3
0day.today
0day.today
added 2020/04/24 12:0 a.m.55 views

QRadar Community Edition 7.3.1.6 Path Traversal Vulnerability

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens UUIDs. QRadar fails to validate if the user-supplied token is in the correct format. Using path...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.94 views

QRadar Community Edition 7.3.1.6 Server Side Request Forgery Vulnerability

QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation whitelisting, it is possible for authenticated...

6.5CVSS7.3AI score0.01244EPSS
Exploits3
0day.today
0day.today
added 2020/04/24 12:0 a.m.56 views

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)

Exploit Title: Linux/x64 - Password Protected Bindshell + Null-free Shellcode 272 Bytes Exploit Author: Bobby Cooke Tested on: Linux x8664 SMP Debian 5.3.15-1kali1 SLAE/Student ID: PA-10913 Course: This shellcode was created for the x8664 Assembly Language and Shellcoding on Linux SLAE64 Course...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.116 views

QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation Vulnerability

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and potentially arbitrary execution of code...

6.5CVSS1AI score0.02978EPSS
Exploits3
0day.today
0day.today
added 2020/04/24 12:0 a.m.74 views

QRadar Community Edition 7.3.1.6 Insecure File Permissions Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Abstra...

4.6CVSS7.6AI score0.00492EPSS
Exploits3
0day.today
0day.today
added 2020/04/24 12:0 a.m.34 views

QRadar Community Edition 7.3.1.6 Cross Site Scripting Vulnerability

QRadar Community Edition version 7.3.1.6 suffers from a reflective cross site scripting vulnerability in the Forensics link analysis page. ------------------------------------------------------------------------ Reflected Cross-Site Scripting in QRadar Forensics link analysis page...

6.5AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.40 views

Complaint Management System 4.2 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Complaint Management System 4.2 - Authentication Bypass Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.2 Tested on: Xampp Credit: İsma...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.26 views

Edimax EW-7438RPn - Information Disclosure (WiFi Password) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn 1.13 - Information Disclosure WiFi Password Date: 2020-04-21 Exploit Author: Besim ALTINOK Vendor Homepage:...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.19 views

VB 6.0 Dirlist Object Code Execution Exploit

/ VB 6.0 Dirlist Object Code Execution Author : Hexrain Tutorial Video : https://youtu.be/BLFbUJ4n8hY Twitter : @smashedkernel Greetz : OA Cybersec wornix blacknbunny / import sys try: commandfile = sys.argv1 poc = 'End If\nEnd Sub\nlPtr = Private Type Private Type\nRtlMoveMemory ByVal lPtr, &HE8...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.40 views

Sky File 2.1.0 iOS - Directory Traversal Vulnerability

Exploit for php platform in category web applications Title: Sky File 2.1.0 iOS - Directory Traversal Date: 2020-04-21 Software Link: https://apps.apple.com/us/app/sky-file-wireless-transfer/id1236452210 CVE: N/A Document Title: =============== Sky File v2.1.0 iOS - Multiple Web Vulnerabilities...

Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.35 views

Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User) Vulnerability

Exploit for php platform in category web applications Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery Delete User Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.2 Tested on:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.38 views

User Management System 2.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-pane...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.130 views

Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names. ------------------------------------------------------------------------ Cisco AnyConnect elevation of privileges due to insecure handling...

6.5CVSS0.6AI score0.28307EPSS
Exploits15
0day.today
0day.today
added 2020/04/23 12:0 a.m.42 views

Complaint Management System 4.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Complaint Management System 4.2 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.2 Tested on: Xampp...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.30 views

User Management System 2.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: User Management System 2.0 - Authentication Bypass Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Version...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.22 views

Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn - Cross-Site Request Forgery MAC Filtering Exploit Author: Besim ALTINOK Vendor Homepage:...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.25 views

Zen Load Balancer 3.10.1 - Directory Traversal Exploit

Exploit for cgi platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zen Load Balancer Directory Traversal", 'Description' = %q This module exploits a...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.49 views

AMD Radeon DirectX 11 Driver 8.17.10.0871 Memory Corruption Vulnerability

AMD Radeon DirectX 11 Driver version 8.17.10.0871 suffers from a memory corruption vulnerability. / Title : Advanced Micro Devices, Inc. Radeon DirectX 11 Driver Firefox/MS Edge Memory Corruption Exploit Author : Marcin Ressel Vendor Homepage : https://www.amd.com/ Software Link: n/a Version:...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/04/23 12:0 a.m.47 views

RM Downloader 3.1.3.2.2010.06.13 - (Load) Buffer Overflow (SEH) Exploit

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Author: Felipe Winsnes Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the python script, it will create a new file "poc.txt" 2.- Copy the content of the new file 'poc.txt' to clipboard 3.-...

0.2AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.50 views

Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...

5.5CVSS5.8AI score0.00967EPSS
Exploits8
0day.today
0day.today
added 2020/04/21 12:0 a.m.332 views

Windows/x86 - MSVCRT System + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)

644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service. Exploit Title: Windows/x86 -...

7AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.31 views

NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit

Exploit for jsp platform in category web applications Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.59 views

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Exploit

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck function in the...

8.8CVSS8.7AI score0.01802EPSS
Exploits5
0day.today
0day.today
added 2020/04/21 12:0 a.m.111 views

IQrouter 3.3.1 Firmware - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: IQrouter 3.3.1 Firmware - Remote Code Execution Exploit Author: drakylar Vendor Homepage: https://evenroute.com/ Software Link: https://evenroute.com/iqrouter Version: IQrouter firmware up to 3.3.1 Tested on: IQrouter...

9CVSS0.4AI score0.03189EPSS
Exploits3
0day.today
0day.today
added 2020/04/21 12:0 a.m.29 views

Spiderman2 Game - Buffer Overflow Exploit

Exploit Title: Spiderman2 - Buffer Overflow Exploit Author: HexraiN Vendor Homepage: https://www.mobygames.com/company/fizz-factor Software Link: https://www.mobygames.com/game/spider-man-2-the-game Version: 2.1.1 Tested on: Windows 10 x64 Greetz : OA Cybersecurity Labs Twitter : @smashedkernel 1...

0.5AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.38 views

CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Unauthorized user...

Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.33 views

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery Add Admin Google Dork:jizhicms Exploit Author: iej1ctk1g Product web page: https://www.p5.hu Affected version: 1.0.20, 1.0.11 CVE : N/A !-- P5 FNIP-8x16A/FNIP-4xSH...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.77 views

IBM Data Risk Manager Authentication Bypass / Command Injection / File Download Exploit

IBM Data Risk Manager suffers from authentication bypass, command injection, insecure default password, and arbitrary file download vulnerabilities. Multiple Vulnerabilities in IBM Data Risk Manager By Pedro Ribeiro email protected from Agile Information Security Disclosure Date: 21/04/2020 | Las...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/21 12:0 a.m.57 views

Sysaid 20.1.11 b26 Remote Command Execution Vulneravility

Sysaid version 20.1.11 b26 suffers from an AJP13 remote command execution vulnerability. Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software...

10CVSS0.3AI score0.03176EPSS
Exploits3
Total number of security vulnerabilities39001