Switch Port Mapping Tool 2.81.2 Denial Of Service

Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...

My Video Converter 1.5.24 Buffer Overflow

!/usr/bin/env python Exploit Title : My Video Converter 1.5.24 - Remote Buffer Overflow Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : [email protected] Youtube Channel : www.youtube.com/c/Pentestingwithspirit Discovey Date : 29/07/2018 Software Link...

Easy DVD Creator 2.5.11 Buffer Overflow

!/usr/bin/env python Exploit Title : Easy DVD Creator 2.5.11 - Buffer Overflow in 'Registration UserName Field' SEH Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : [email protected] Youtube Channel : www.youtube.com/c/Pentestingwithspirit Discovey Dat...

Cisco Adaptive Security Appliance - Path Traversal

''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Exploit Demo for CVE-2017-5638 !DepShield Badgehttps://de...

Interspire Email Marketer Administrative Authentication Bypass

''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer Software Link: Can't legally provide link but can be found on net...

Exploit for Improper Input Validation in Drupal

Drupal 7 CVE-2018-7600 / SA-CORE-2018-002 Install required...

Microsoft Credential Security Support Provider - Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt...

Exploit for Improper Input Validation in Drupal

CVE-2018-7600 | Drupal 8.5.x --verbose --authentication...

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass Explo

Exploit for hardware platform in category web applications Exploit Title: Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds: 140721 - 170109 Backdoor Date: 15-03-2018 Vendor Homepage: http://www.hikvision.com/en/ Exploit Author: Matamorphosis Category: Web Apps Description: Exploits a backdoor in...

Memcached memcrashed Denial Of Service

Written by Alex Conrey This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your option any later version. This program is distributed in the...

TP-Link 路由器命令注入漏洞(CVE-2017-16957)

0x01 背景 TP-Link TL-WVR 等都是中国普联（TP-LINK）公司的无线路由器产品。 多款 TP-Link 系列产品存在命令注入漏洞，攻击者在登录后可发送恶意字段，经拼接后导致任意命令执行。 该漏洞由 coincoin7 发现，漏洞编号 CVE-2017-16957 0x02 受影响产品 TP-LINK TL-WVR 系列 TP-LINK TL-WAR 系列 TP-LINK TL-ER 系列 TP-LINK TL-R 系列 0x03 漏洞分析 根据原文提供的链接，下载了 TL-WVR450L 的固件，使用 binwalk 解包，拿到 squashfs 系统文件，再用...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CVE-2017-10271 Weblogic wls-wsat Component Deserialization Vu...

ClipBucket 2.8.3 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: ClipBucket PHP Script Remote Code Execution RCE Date: 2017-10-04 Exploit Author: Esecurity.ir Vendor Homepage: https://clipbucket.com/ Version: 2.8.3 Exploit Code By : Meisam Monsef - Email : email protected - TelgramID :...

Exploit for Improper Input Validation in Apache Struts

S2-053-CVE-2017-12611 A simple script for exploit RCE for Stru...

Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution

Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" i...

Exploit for Code Injection in Samba

Basic Setup Install Samba version 4.5.9 https://download...

Synchronet BBS 3.16c - Denial of Service

Synchronet BBS 3.16c - Denial of Service Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip Version: 3.16c for Windows Teste...

FreePBX 10.13.66 Remote Command Execution / Privilege Escalation

!/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 Tested on |...

EZGallery Resim Galerisi Scripti 2.0 Database Disclosure

======================================================================== | Title : EZGallery v2.0 Resim Galerisi Scripti Database Disclosure Exploit | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v2.0 | Vendor :...