Endian Firewall 3.0.0 - OS Command Injection (Python)

Endian Firewall 3.0.0 - OS Command Injection Python !/usr/bin/env python Endian Firewall Proxy User Password Change /cgi-bin/chpasswd.cgi OS Command Injection Exploit POC Reverse TCP Shell Ben Lincoln, 2015-06-28 http://www.beneaththewaves.net/ Requires knowledge of a valid proxy username and...

Endian Firewall < 3.0.0 - OS Command Injection

!/usr/bin/env python Endian Firewall Proxy User Password Change /cgi-bin/chpasswd.cgi OS Command Injection Exploit POC Reverse TCP Shell Ben Lincoln, 2015-06-28 http://www.beneaththewaves.net/ Requires knowledge of a valid proxy username and password on the target Endian Firewall import httplib...

CVE-2015-0173

The HTTP connection-management functionality in Internet Pass-Thru IPT before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value...

CVE-2015-4640

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitatio...

Code injection

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitatio...

Apache HTTP Server 'mod_cache' Denial of Service Vulnerability -01 (May 2015)

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Netsparker 4 - Easier to Use, More Automation and Much More Web Security Checks

Netsparker Web Application Security Scanner version 4. The main highlight of this new version is the new fully automated Form Authentication mechanism; it does not require you to record anything, supports 2 factor authentication and other authentication mechanisms that require a one time code to...

WordPress Marketplace 2.4.0 Add Administrator

!/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani -------------------------------------------------------------------- The vulnerable function is located on...

Viber for Android exposes insecure Javascript interface

------------------------------------------------------------------------ Viber for Android exposes insecure Javascript interface ------------------------------------------------------------------------ Yorick Koster, April 2014...

Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications !/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit writt...

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload !/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification...

WordPress Download Manager 2.7.4 Remote Command Execution

!/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit written by Claudio Viviani 2014-12-03: Discovered...

Wordpress wpDataTables 1.5.3 shell Upload Exploit

The wordpress premium plugin wpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability !/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit...

Joomla HD FLV 2.1.0.1 Arbitrary File Download

!/usr/bin/env python Exploit Title : Joomla HD FLV 2.1.0.1 and below Arbitrary File Download Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : http://www.hdflvplayer.net/ Software Link : http://www.hdflvplayer.net/downloadcount.php?pid=5 Dork google 1: inurl:/component/hdflvplayer/...

WordPress / Joomla Creative Contact Form 0.9.7 Shell Upload Exploit

WordPress / Joomla Creative Contact Form plugin versions 0.9.7 and below suffer from a remote shell upload vulnerability. !/usr/bin/python Exploit Name: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability Wordpress plugin version: = 0.9.7 Joomla extension version: = 2.0.0...

Apache mod_cgi - Remote Exploit (Shellshock)

No description provided by source. ! /usr/bin/env python from socket import from threading import Thread import thread, time, httplib, urllib, sys stop = False proxyhost = "" proxyport = 0 def usage: print """ Shellshock apache modcgi remote exploit Usage: ./exploit.py var=value Vars: rhost: vict...

IPFire 2.15 Bash Command Injection

!/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link: http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso Dat...

Joomla Mac Gallery 1.5 - Arbitrary File Download

No description provided by source. Exploit Title : Joomla Mac Gallery = 1.5 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link : https://www.apptha.com/downloadable/download/sample/sampleid/18 Dork Google: inurl:option=commacgallery Dat...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...