UBUNTU-CVE-2016-4441

The getcmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via unspecified vectors, involving an SCSI command...

Cmd Painter - Base64 encoded String, Dynamic Code Loading, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Cmd Painter published at the 'play' market has multiple vulnerabilities...

USBTracker - Script to track USB devices events and artifacts in a Windows OS

USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS vista and later. Special recommandations USBTracker read some protected log files and needs to be run with administrator permissions. The most simple w...

Safari User-Assisted Applescript Exec Attack Exploit

Exploit for macOS platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Safari User-Assisted Applescript Exec Attack', 'Description' = %q In versions...

Safari User-Assisted Applescript Exec Attack

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Safari User-Assisted Applescript Exec Attack', 'Description' = %q In versions of Mac OS X before 10.11.1, the applescript:// URL...

X11 Keyboard Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "\x0a", '2' = "\x0b", '3' = "\x0c", '4' = "\x0d", '5' = "\x0e", '6' = "\x0f", '7' = "\x10", '&' = "\x10", '8' = "\x11", '9' = "\x12",...

phpFileManager cmd Parameter Command Execution

A remote command execution vulnerability exists in phpFileManager. The vulnerability is due to a design weakness when handling HTTP requests with "action" parameter set to 6 or 9. A remote user can exploit this vulnerability by injecting arbitrary command in the "cmd" parameter...

Git-1.9.5 ssh-agent.exe Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Vendor: ================================ git-scm.com Product: ================================ Git-1.9.5-preview20150319.exe github.com/msysgit/msysgit/releases/tag/Git-1.9.5-preview20150319 Vulnerability Type: =================== Buffer Overflow...

VNC Keyboard Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/rfb' class Metasploit3 'VNC Keyboard Remote Code Execution', 'Description' = %q This module exploits VNC servers by sending virtual...

py-salt -- potential shell injection vulnerabilities

Colton Myers reports: In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to the various cmd module functions. These functions now default to pythonshell=False, which means that the commands will not be sent to an actual shell. The largest side effect...

KingCms最新版（k9）注入1枚

简要描述： KingCms最新版（k9）注入1枚 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k92014-12-13更新，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 注入点：POST /apps/jianli/index.php HTTP/1.1 注入参数：where 问题文件在/apps/jianli/index.php function create $u=new user;$u-authrole'jianli'; $db=new...

MvMmallv5. 5SQL injection of php exp exploit-vulnerability warning-the black bar safety net

Vulnerability type: MvMmall v5. 5. 1 SQL injection vulnerability Default background:admincp. php? module=index Google search:”Powered by MvMmall v5. 5. 1" One, use: php exp use 1 Install the php environment Use phpnow very simple to install. 2 Use exp attack Link: Extract password: aahj The exp...

Adobe-Reader-PDF-LibTiff

Title: Adobe PDF LibTiff Integer Overflow Code Execution. Product: Adobe Acrobat Reader Version: 8.3.0, 9.3.0 CVE: 2010-0188 import sys import base64 import struct import zlib import StringIO SHELLCODEOFFSET=0x555 TIFFOFSET=0x2038 windows/exec - 227 bytes http://www.metasploit.com Encoder:...

AOL-Desktop-9.6-(.rtx)

NOTE: If exploit doesn't work turn AOL off CTRL+ALT+DELETE and turn all AOL processes off then try again Watch out for other bad chars !! Current bad chars: \x00\x0a\x0d\x20\x31\x90\x3e First Header hd1 = "\x3c\x48\x54\x4d\x4c\x3e\x3c\x46\x4f\x4e\x54\x20\x20\x53\x49\x5a"...

Arris VAP2500 tools_command.php Command Execution

Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the toolscommand.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username. This module requires...

MS14-060 Microsoft Windows OLE Package Manager Code Execution

This module exploits a vulnerability found in Windows Object Linking and Embedding OLE allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our...

Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler...

VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution

VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic...

AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used i...

HP Data Protector CMD Install Service Vulnerability (msf)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Exploit Title: HP Data Protector Client...