Microsoft Windows (x86) - Task Scheduler .job Import Arbitrary Discretionary Access Control List Write Local Privilege Escalation

Microsoft Windows x86 - Task Scheduler .job Import Arbitrary Discretionary Access Control List Write Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two folders for tasks. c:\windows\tasks c:\windows\system32\tasks...

Microsoft Windows - Win32k Local Privilege Escalation

Microsoft Windows - Win32k Local Privilege Escalation CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description: The...

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Exploit

Exploit for windows platform in category local exploits Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This i...

ABC ERP 0.6.4 Cross Site Request Forgery

Exploit Title: ABC ERP 0.6.4 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.abc-erp.com/ Software Link: https://netcologne.dl.sourceforge.net/project/abc-erp/abcv064.zip Version: 0.6.4 Category: Webapps Tested on:...

Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...

Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow

Exploit Title: Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2018-09-13 Vendor Homepage : http://www.dvd-photo-slideshow.com/photo-to-video-converter.html Version Software : 8.07 Tested on OS: Windows 7 Related Exploit Link :...

R 3.4.4 - Local Buffer Overflow (DEP Bypass)

Exploit Title: R v3.4.4 - Local Buffer Overflow DEP Bypass Exploit Author: Hashim Jawad Exploit Date: 2018-05-21 Vendor Homepage: https://www.r-project.org/ Vulnerable Software: https://www.exploit-db.com/apps/a642a3de7b5c2602180e73f4c04b4fbd-R-3.4.4-win.exe Tested on OS: Microsoft Windows 7...

Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS Privilege Escalation', 'Description' = %q This module exploit...

UPDATE: Kali Linux 2018.2 Release!

PenTestIT RSS Feed Second Kali Linux update of this year and this time, it is about the latest Kali Linux 2018.2 release! The last release was made available recently in the month of February. This new release includes all patches, fixes, updates, and improvements since the last release – Kali...

Adobe Flash - Overflow in Slab Rendering

The attached fuzzed swf file causes heap or stack corruption depending on platform when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...

JCS - Joomla Vulnerability Component Scanner

JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...

typhoonondoy.org XSS vulnerability

Open Bug Bounty ID: OBB-559594 Description| Value ---|--- Affected Website:| typhoonondoy.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Transmission - RPC DNS Rebinding Exploit

Exploit for multiple platform in category remote exploits The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc. Clients interact with the daemon using JSON RPC requests to ...

GoAhead Web Server 2.5 3.6.5 - HTTPd LD_PRELOAD Remote Code Execution

GoAhead Web Server 2.5 3.6.5 - HTTPd LDPRELOAD Remote Code Execution !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...

DiskBoss Enterprise 8.4.16 Local Buffer Overflow

!/usr/bin/python ======================================================================================================================== Exploit Author: C4t0ps1s Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowCode execution Date: 03-10-2017 Twitter: @C4t0ps1s Email:...

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

www3.hants.gov.uk XSS vulnerability

Vulnerable URL: https://www3.hants.gov.uk/mediaplayer.swf?file=http://content.bitsontherun.com/videos/bkaovAYt-364766.flv=falseℑ=http://appsec.ws/ExploitDB/cMon.jpg=true=javascript:confirm/openbugbounty/;//=blank&.swf Details: Description| Value ---|--- Patched:| No Latest check for patch:|...

cms.scu.edu XSS vulnerability

Vulnerable URL: http://cms.scu.edu/images/flash/mediaplayer.swf?file=http://content.bitsontherun.com/videos/bkaovAYt-364766.flv=falseℑ=http://appsec.ws/ExploitDB/cMon.jpg=true=javascript:confirm/openbugbounty/;//=blank&.swf Details: Description| Value ---|--- Patched:| No Latest check for patch:|...