Welcome to zerodays
The go-to web-page for all your tools, write-ups, cheat sheets, and more.
Zerodays.lol is open-source, so everybody can contribute with information, including you!
The following items were unfixed on the day released. All found and released by us!
- [11-09-19] Grav < 1.7.0 - Stored Cross-Site Scripting (CVE-2019-16126)
- [30-08-19] WordPress Plugin: WooCommerce Product Feed <= 2.2.18 - Cross-Site Scripting (CVE-2019-1010124)
- [30-08-19] YouPHPTube <= 7.4 - Remote Code Execution (CVE-2019-16124)
- [29-08-19] PilusCart <= 1.4.1 - Local File Disclosure (CVE-2019-16123)
- [29-08-19] Jobberbase <= 2.0 - SQL injection (CVE-2019-16125)
- [28-08-19] DomainMOD <= 4.13 - Cross-Site Scripting (CVE-2019-15811)
- [25-08-19] WordPress Plugin: UserPro <= 4.9.32 - Cross-Site Scripting (CVE-2019-14470)
A collection of security related tools, listed for you!
- Acamar, a python-based subdomain enumerator
- Arjun, a hidden parameter discovery tool
- Git Dumper, a git repository dumper
- XSStrike, one of the most advanced XSS scanners
📚 Cheat Sheets
Nobody can remember every single thing, and that is why we provide you with handy cheat sheets!
Available Cheat Sheets