Open Redirect in st

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...

CMS ISWEB 3.5.3 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file...

poapo.fr XSS vulnerability

Open Bug Bounty ID: OBB-653579 Description| Value ---|--- Affected Website:| poapo.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Directory Traversal in looppake

Affected versions of looppake resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

DEBIAN-CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character...

Ibombshell - Dynamic Remote Shell

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities and in some cases exploitation. It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can b...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Exploit Demo for CVE-2017-5638 !DepShield Badgehttps://de...

Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate

Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and download all missing CA certificates. How To Use It's simple: Clone this repository git clone...

Event Manager Admin panel - events_new.php SQL injection

Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

FireShodanMap - A Realtime Map That Integrates Firebase, Google Maps And Shodan

FireShodanMap is a Realtime map that integrates Firebase and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime. Changes We have a file named "fireshodan.py" responsible for fill Firebase...

XATABoost 1.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: XATABoost CMS Sql Injection Google Dork: inurl:php?id= Powered by XATABOOST Exploit Author: MgThuraMoeMyint Vendor Homepage: http://www2.xataboost.com Version: 1.0.0 Tested on: Kali Linux SQL Injection Type: Union Based Example...

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...

PT-2018-6562 · Bose · Bose Soundtouch

Name of the Vulnerable Software and Affected Versions: Bose SoundTouch affected versions not specified Description: The issue allows for cross-site scripting XSS attacks through specially crafted song data from a music service. An example of such an attack is demonstrated using Pandora...

[Citrix Gateway Trace Study] – LDAP Authentication

This trace study looks at how LDAP authentication to the Citrix Gateway works, using a user called "garyca" as an example. This example trace was carried out in a practice lab environment with the following IP addresses: VIP:10.90.33.172 NSIP:10.90.41.200 SNIP:192.168.0.2 LDAP/AD server:192.168.0...

Groupon Clone Script 3.0.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Slickdeals/DealNews/Groupon Clone Script 3.0.2 – Stored XSS Date: 09.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Category: Web Application...

Automating Cracking Methodologies Through Hashcat: hate_crack

A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries https://hashcat.net/hashcat/ OSX Install https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/ mkdir -p hashcat/deps git clone...

Cisco IOS - Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Ios

CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code exe...

ReverShellGenerator - A Tool to Generate Various Ways to Do a Reverse Shell

A tool to generate various ways to do a reverse shell. Usage example Reverse Shell fonts http://bernardodamele.blogspot.com.br/2011/09/reverse-shells-one-liners.html http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Download ReverShellGenerator...

Securimage HTML Injection Vulnerability

Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. An HTML injection vulnerability exists in Securimage 3.6.4 and earlier versions. A remote attacker can send the '$SERVER'HTTPUSERAGENT'' parameter to the exampleform.ajax.php or...