CVE-2019-14347

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users editor or developer to create an administrator account via admin/user/add, as demonstrated by a Python PoC script...

HomeMatic Zentrale CCU2 Unauthenticated Remote Code Execution

Exploit Title: HomeMatic Zentrale CCU2 Unauthenticated RCE Date: 16-07-2018 Software Link: https://www.homematic.com/ Exploit Author: Kacper Szurek - ESET Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube: https://www.youtube.com/c/KacperSzurek Category: remot...

Online Voting System - Authentication Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Online Voting System - Authentication Bypass Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author: Giulio Com...

Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access

Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector:...

HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE iMC dbman RestartDB Unauthenticated RCE', 'Description' = %q This module exploits a remote command execution vulnerablity in Hewlett Packard...

PowerShellEmpire Arbitrary File Upload (Skywalker)

A vulnerability existed in the new Empire maintained by BC Security prior to commit e73e883 Authors Spencer McIntyre Erik Daguerre ACE-Responder Takahiro Yokoyama Platform Linux,Python This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash (PoC)

Exploit for windows platform in category dos / poc ''' + Credits: HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product:...

phpAcounts v. 0. 5. 3 SQL injection and fix-vulnerability warning-the black bar safety net

Author: loneferret Affected version: 0.5.3 Developer address: http://phpaccounts.com/ Test platform: Ubuntu Server 11.10 Old app, still fun. Auth. Bypass: http://www.xxx.com /phpaccounts/index.php Username: x' or '1'='1' Password: whatever Upload php shell in preferences Letterhead image upload...

phpAcounts 0.5.3 - SQL Injection

phpAcounts 0.5.3 - SQL Injection Exploit phpAcounts v.0.5.3 SQL Injection Date: June 6nd 2012 Author: loneferret Version: 0.5.3 Vendor Url: http://phpaccounts.com/ Tested on: Ubuntu Server 11.10 Discovered by: loneferret Old app, still fun. Auth. Bypass: http:///phpaccounts/index.php Username: x'...