1797 matches found
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can store JavaScript code that can for...
Mac cryptocurrency ticker app installs backdoors
An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. It seems that the app is covertly installing not just one but two different backdoors. Behaviors The CoinTicker app, on the surface, appears ...
WinSpy - A Windows Reverse Shell Backdoor Creator With An Automatic IP Poisener
WinSpy: Windows Reverse Shell Backdoor Creator With ip poisener. Dependencies 1 - metasploit-framework 2 - xterm 3 - apache2 4 - whiptail Installation sudo apt-get install git git clone https://github.com/TunisianEagles/winspy.git cd winspy chmod +x setup.sh ./setup.sh chmod +x winspy.sh...
Shopify: H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products
Hi, Background kitcrm.com allows the administrator to upload priority product images located at: https://kitcrm.com/seller/onboarding/1 F359446 F359447 These images are not being checked if they are real JPG/PNG/GIF. When uploading an ImageTragick issue found my Tavis Ormandy using the following...
Hershell - Simple TCP reverse shell written in Go
Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...
Photo To Video Converter Professional 8.07 Buffer Overflow
Exploit Title: Photo To Video Converter Professional 8.07 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:hhttp://www.dvd-photo-slideshow.com/photo-to-video-converter.html Tested Version: 8.05 Tested on OS: Windows XP Servic...
SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow
Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Exploit Title: Flash Slideshow Maker Professional 5.20 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://flash.dvd-photo-slideshow.com/ Tested Version: 5.20 Tested on OS: Windows XP Service Pack 3 x86 Steps to Reproduce...
SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Teste...
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Exploit Title: Photo To Video Converter Professional 8.07 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:hhttp://www.dvd-photo-slideshow.com/photo-to-video-converter.html Tested Version: 8.05 Tested on OS: Windows XP Servic...
SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Flash Slideshow Maker Professional 5.20 - Buffer Overflow SEH Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://flash.dvd-photo-slideshow.com/ Tested Version: 5.20 Tested on OS: Windows X...
Flash Slideshow Maker Professional 5.20 Buffer Overflow
Exploit Title: Flash Slideshow Maker Professional 5.20 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://flash.dvd-photo-slideshow.com/ Tested Version: 5.20 Tested on OS: Windows XP Service Pack 3 x86 Steps to Reproduce...
Tenable WAS-Scanner 7.4.1708 - Remote Command Execution
Exploit Title: Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Discovery by: Sameer Goyal Discovery Date: 2018-05-30 Vendor Homepage: https://www.tenable.com/ Software Link: https://www.tenable.com/products/tenable-io/web-application-scanning Tested Version: WAS-20180328 Vulnerability Typ...
osTicket 1.10.1 - Arbitrary File Upload
Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details: osTicket application provides a...
osTicket 1.10.1 - Arbitrary File Upload
osTicket 1.10.1 - Arbitrary File Upload Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details:...
Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)
Linux/x64 - Reverse ::1:1337/TCP + IPv6 + Password pwnd Shellcode 115 bytes. Shellcode exploit for Linuxx86-64 platform / ; Title : Reverse Shell IPv6 with Password - Shellcode ; Author : Hashim Jawad @ihack4falafel ; OS : Linux kali 4.15.0-kali2-amd64 1 SMP Debian 4.15.11-1kali1 2018-03-21 x8664...
Mac malware targets cryptomining users
Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being...
VMware NSX SD-WAN Edge 3.1.2 - Command Injection
VMware NSX SD-WAN Edge 3.1.2 - Command Injection !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start...
AVTECH {DVR/NVR/IPC} IPCP API RCE
!/usr/bin/env python2.7 SOF Subject: AVTECH DVR/NVR/IPC IPCP API admin l/p, RCE 2018 bashis Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis March 2018 Authenticated Reverse Shell; Using admin l/p that we can retrieve with unauthenticated and undocumented...