1826 matches found
PHPMailer 5.2.18 - Remote Code Execution (Python)
PHPMailer 5.2.18 - Remote Code Execution Python """ Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory...
PHPMailer 5.2.18 - Remote Code Execution (Python) Exploit
Exploit for php platform in category web applications """ Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full...
PHPMailer < 5.2.18 - Remote Code Execution
""" Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory:...
Pornhub: Unsecured DB instance
The researcher identified vulnerable OrientDB server instances on our infrastructure. The DB servers were found to be vulnerable to script based remote code execution leading to privilege escalation. Two servers running OrientDB were identified, with default login/password combinations. Upon...
Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)
/ ;author: Filippo "zinzloun" Bersani ;date: 05/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ; description: get a reverse shell executing a shell...
Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)
Linux/x86 - Netcat -e option disabled Reverse Shell Shellcode 180 bytes. Shellcode exploit for Linx86 platform / ;author: Filippo "zinzloun" Bersani ;date: 05/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic...
Disk Savvy Enterprise 9.1.14 - Login Remote Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Savvy Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYST...
Windows/x64 - Reverse Shell TCP Shellcode (694 bytes)
/ Title : Windows x64 Reverse Shell TCP shellcode size : 694 bytes Author: Roziul Hasan Khan Shifat Date : 10-11-2016 Tested on : Windows 7 x64 Professional Email : email protected / / Disassembly of section .text: 0000000000000000 : 0: 48 31 d2 xor %rdx,%rdx 3: 65 48 8b 42 60 mov %gs:0x60%rdx,%r...
Windows x64 - Reverse Shell TCP Shellcode (694 bytes)
Windows x64 - Reverse Shell TCP Shellcode 694 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Reverse Shell TCP shellcode size : 694 bytes Author: Roziul Hasan Khan Shifat Date : 10-11-2016 Tested on : Windows 7 x64 Professional Email : [email protected] / / Disassembly of...
Exploit for Race Condition in Canonical Ubuntu_Linux
0xdeadbeef PoC for Dirty COW CVE-2...
MiCasa VeraLite Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits Exploit Title: MiCasa VeraLite Remote Code Execution Date: 10-20-2016 Software Link: http://getvera.com/controllers/veralite/ Exploit Author: Jacob Baines Contact: https://twitter.com/JuniorBaines CVE: CVE-2013-4863 & CVE-2016-6255 Platfor...
FreePBX 13 - Remote Command Execution Privilege Escalation
FreePBX 13 - Remote Command Execution Privilege Escalation !/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions:...
FreePBX 13 - Remote Command Execution / Privilege Escalation
!/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 Tested on |...
Sucuri: Administrator Access to grafana instance logstash2.sucuri.net with default credentials
Hi Team, While doing some recon on the subdomains of sucuri.net I came across logstash2.sucuri.net which is running a grafana instance on port 3000. It appears that the instance has had the /public directory deleted or is unavailable as there are a few 404 errors which make the page unusable...
HP Client 9.19.08.17.9 - Command Injection
HP Client 9.19.08.17.9 - Command Injection Exploit Title: HP Client - Automation Command Injection Date: 10/10/2016 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: Tested on version 7.9 but should work on 8.1, 9.0, 9.1...
Billion Router 7700NR4 - Remote Command Execution Exploit
Exploit for hardware platform in category remote exploits Title : Billion Router 7700NR4 Remote Root Command Execution Date : 06/10/2016 Author : R-73eN Tested on: Billion Router 7700NR4 Vendor : http://www.billion.com/ Vulnerability Description: This router is a widely used here in Albania. It i...
hacklib - Pentesting, Port Scanning, and Logging in anywhere with Python
Toolkit for hacking enthusiasts using Python. hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. Installation To get hacklib, simply run in command line: pip install hacklib hacklib also has a user interface. To use it, you ca...
Sync Breeze Enterprise 8.9.24 - Buffer Overflow Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python print "Sync Breeze Enterprise 8.9.24 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYST...
Metasploit Web UI Diagnostic Console Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Metasploit Web UI Diagnostic Console Command Execution', 'Description' = %q This module exploits the "diagnostic console" featu...
Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Metasploit Web UI Diagnostic Console Command Execution', 'Description' = %q This module exploits the "diagnostic console" featu...