Laravel Log Viewer 0.13.0 - Local File Download

Laravel Log Viewer 0.13.0 - Local File Download Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1...

Laravel Log Viewer Local File Download

Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1. Description Unauthorized user can access Laravel lo...

Node.js third-party modules: `utile` allocates uninitialized Buffers when number is passed in input

I would like to report an uninitialized Buffer allocation issue in utile. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: utile version: 0.3.0 npm page:...

HBGK DVR 3.0.0 Build 20161206 Authentication Bypass

Exploit Title: HBGK DVR V3.0.0 build20161206 - Authentication Bypass Date: 24-09-2017 Vendor Homepage: http://www.hbgk.net/en/ Exploit Author: RAT - ThiefKing Contact: https://www.facebook.com/cctvsuperpassword Website: http://tromcap.com Category: webapps Tested on: V2.3.1 build20160927, V3.0.0...

Debian DSA-3705-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...

CVE-2016-8617

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...

CVE-2016-8617

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...

Winpayloads - Undetectable Windows Payload Generation

Undetectable Windows Payload Generation with extras Running on Python2.7 Getting Started git clone https://github.com/Charliedean/Winpayloads cd WinPayloads sudo ./setup.sh python WinPayloads.py Menu 1 Windows Reverse ShellStageless Shellter 2 Windows Reverse MeterpreterStaged Shellter, UacBypass...

CVE-2003-0861

Integer overflows in 1 base64encode and 2 the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors...

WordPress RobotCPA Plugin V5 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin RobotCPA V5 - Local File Include Google Dork: inurl:"/wp-content/plugins/robotcpa/" Date: 09.06.2015 Exploit Author: T3N38R15 Vendor Homepage: http://robot-cpa.good-info.co/ Version: 5V Tested on: Windows Firefo...

WordPress Plugin RobotCPA V5 - Local File Inclusion

WordPress Plugin RobotCPA V5 - Local File Inclusion Exploit Title: Wordpress Plugin RobotCPA V5 - Local File Include Google Dork: inurl:"/wp-content/plugins/robotcpa/" Date: 09.06.2015 Exploit Author: T3N38R15 Vendor Homepage: http://robot-cpa.good-info.co/ Version: 5V Tested on: Windows Firefox...

WordPress Plugin RobotCPA V5 - Local File Inclusion

Exploit Title: Wordpress Plugin RobotCPA V5 - Local File Include Google Dork: inurl:"/wp-content/plugins/robotcpa/" Date: 09.06.2015 Exploit Author: T3N38R15 Vendor Homepage: http://robot-cpa.good-info.co/ Version: 5V Tested on: Windows Firefox Linux Firefox The affected file is f.php and the...

云锁最新版1.3.145绕过webshell检测

简要描述： webshell检测绕过 详细说明： 一句话马+大马绕过检测 漏洞证明： 1.一句话木马，单纯用这种方式肯定会被检测到，我们采用这种方式： 结果发现只有一开始说的那种文件被检测到： 2.大马，采用base64+gzinflate压缩编码，大马文件如下： ?php function CLsI$ZzvSWE $ZzvSWE=gzinflatebase64decode$ZzvSWE; for$i=0;$istrlen$ZzvSWE;$i++ $ZzvSWE$i = chrord$ZzvSWE$i-1; return $ZzvSWE;...

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion

Cuppa CMS - alertConfigField.php LocalRemote File Inclusion Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip...

Sysax Multi Server 5.50 Create Folder Buffer Overflow

Title: Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF MSF Module Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bitNo DEP Notes: My original exploit = http://www.exploit-db.com/exploits/18382/ did not automate the SID gathering process, but this one does...

Tencent RTX upload arbitrary files and fixes-vulnerability warning-the black bar safety net

Install the RTX after the open IP:8 0 1 2 site Tencent RTX exist UserPhoto/photoUpload. php arbitrary file upload vulnerability Detailed description: Simple as a post form to upload $useraccount = $POST'useraccount'; $filename = $POST"filename"; $filedata = $POST"filedata"; Without any filtering...

ZeusCart 3.0 SQL Injection

/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID ----------------------------------------------------------------------- ZeusCart...

Mozilla Base64 decoding crash

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...

Fonts Site Script - Remote File Disclosure

=---------------------------------------------= = ,.:oO0^-^0Oo:., = = JIKO = = '':0Oov-voO0:'' = =---------------------------------------------= ----------------------=JIKO=------------------- | Autor : jiko | Home : WwW.No-Exploit.CoM | | Bug : Remote File Disclosure Vulnerability | Vendor :...

Fonts Site Script - Remote File Disclosure

Fonts Site Script - Remote File Disclosure =---------------------------------------------= = ,.:oO0^-^0Oo:., = = JIKO = = '':0Oov-voO0:'' = =---------------------------------------------= ----------------------=JIKO=------------------- | Autor : jiko | Home : WwW.No-Exploit.CoM | | Bug : Remote...