MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

!/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski http://legalhackers.com This is a limited version of the PoC exploit. It only...

Streamo Online Radio / TV Streaming CMS SQL Injection

Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://rexbd.net/ Vulnerable Type : SQL Injection Date : 2016-07-0...

Streamo Online Radio And TV Streaming CMS - SQL Injection

Streamo Online Radio And TV Streaming CMS - SQL Injection Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage :...

Streamo Online Radio And TV Streaming CMS - SQL Injection

Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://rexbd.net/ Vulnerable Type : SQL Injection Date : 2016-07-0...

Kagao 3.0 - Multiple Vulnerabilities

Kagao 3.0 - Multiple Vulnerabilities Application Name : Kagao v3.0 - Professional Classified Market Google Dork : inurl:/cat1.php?id2= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Vendor Homepage : http://kogaoscript.com/ Vulnerable Type : SQL Injection & Cross Site Scripting...

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (M

Exploit for windows platform in category local exploits Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-0189 To run 1. Download...

Windows kernel Vulnerability CVE-2 0 1 6-0 1 4 3 analysis-vulnerability warning-the black bar safety net

4 on 2 0 March, Nils Sommer in the exploitdb on broke a new Windows kernel vulnerability PoC. The vulnerability affects all versions of Windows operating system, the attacker after the success of available privilege escalation, Microsoft in 4, on patch day fixes the vulnerability. 0×0 1...

SOLIDserver <= 5.0.4 - Local File Inclusion

Exploit for php platform in category web applications Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserve...

OpenMRS 2.3 (1.11.4) - XML External Entity Processing

OpenMRS 2.3 1.11.4 - XML External Entity Processing !/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0...

POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

Exploit for windows platform in category remote exploits Title : POP Peeper 4.0.1 - Persistent Code Execution Vulnerability Author : ZwX Vendor : http://www.esumsoft.com/ Download : http://data.esumsoft.com/download/POPPeeperPro.zip Tested On : Windows 7 Description Vulnerability :...

PHP 5.6 GMP unserialize() Use-After-Free

Use After Free Vulnerability in unserialize with GMP Taoguang Chen - Write Date: 2015.8.17 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code...

Brasero - Crash (PoC)

!/usr/bin/perl -w Title : Kali brasero - Crash Proof Of Concept website : https://www.kali.org/downloads/ Tested : kali 1.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website : www.reza.es Twitter :...

Ubuntu aeration local elevation of privilege vulnerability, CVE-2 0 1 5-1 3 2 8）, The impact of multiple versions-vulnerability warning-the black bar safety net

Due to the particular case when the file is created the permissions check bug, the Ubuntu operating system exposure to local privilege escalation vulnerabilities affect Ubuntu 12.04 and 14.04, and 14.10, and 15.04 version. The current Ubuntu official has been fixed the vulnerability. The...

Oracle blind injection combined with XXE vulnerability remote data acquisition-vulnerability warning-the black bar safety net

Presumably everyone onSQL injectionhas been familiar for XML entity injection, or XXE, is also. This paper mainly discussed the method in the presence of the ORACLE the blind the case of remote access to the data. In fact, and UTLHTTP Remote Access Method of the same, but the principle is...

WordPress Plugin Ajax Store Locator 1.2 - SQL Injection

WordPress Plugin Ajax Store Locator 1.2 - SQL Injection Exploit Title : Wordpress Ajax Store Locator = 5.0.12 AND time-based blind SELECT' injectable for the remaining tests, do you want to include all tests for 'MySQ...

Mac OS X rootpipe Local Privilege Escalation Exploit

Mac OS X rootpipe local proof of concept privilege escalation exploit. PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from Cocoa...

Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation

Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from...

Exim ESMTP GHOST Denial Of Service

The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash. !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128 CVE-2015-0235 GHOST glibc gethostbyname buffer overflow http://crowdshield.com USAGE: python ghost-smtp-dos.py Escape...

Exim ESMTP GHOST Denial Of Service Exploit

Exim ESTMP denial of service exploit that leverages the GHOST glibc gethostbyname buffer overflow. The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash. !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128 CVE-2015-0235 GHOST...

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

Exploit Title: Exim ESMTP GHOST DoS PoC Exploit Date: 1/29/2015 Exploit Author: 1N3 Vendor Homepage: www.exim.org Version: 4.80 or less Tested on: debian-7-7-64b CVE : 2015-0235 !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128 CVE-2015-0235 GHOST glibc gethostbyname buffer overflow...