WPHRM <= 1.0 - Authenticated SQL Injection

The vulnerability allows an employee users to inject SQL commands. http://localhost/PATH/?hr-dashboard=user&page=message&tab=viewmessage&from=inbox&id=SQL-23+union+select 1,2,3,4,5,SELECT+GROUPCONCATtablename+SEPARATOR+0x3c62723e+FROM+INFORMATIONSCHEMA.TABLES+WHERE+TABLESCHEMA=DATABASE,7,8--%20-...

PlugX Controller Stack Overflow Exploit

This Metasploit module exploits a Stack buffer overflow in the PlugX Controller C2 server. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'PlugX Controller Stack Overflow',...

emlog 5.3.1 arbitrary deletion of files(four)

No description provided by source...

zzcms8. 1 a stored xss+csrf can steal all the user cookies

No description provided by source...

WP Support Plus Responsive Ticket System < 8.0.0 - Privilege Escalation

You can login as anyone without knowing password because of incorrect usage of wpsetauthcookie. Username:...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Apache-Struts-2-CVE-2017-5638-Exploit This exploit exploits th...

Niushop v1. 05 beta 20170622 a SQL injection

No description provided by source...

wstmall the latest version V1. 9. 4 a SQL injection

No description provided by source...

Citrix CloudBridge CAKEPHP Cookie Command Injection

POST /cgi-bin/login.cgi?redirect=/ HTTP/1.1 Host: 10.242.129.149 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0 Connection: close Referer: https://10.242.129.149/cgi-bin/login.cgi?redirect=/ Cookie: CAKEPHP=sleep 10 Content-Type...

Microsoft Windows 7 SP1 x86 GDI Palette Objects Local Privilege Escalation

include include include include //From http://stackoverflow.com/a/26414236 this defines the details of the NtAllocateVirtualMemory function //which we will use to map the NULL page in user space. typedef NTSTATUSWINAPI PNtAllocateVirtualMemory HANDLE ProcessHandle, PVOID BaseAddress, ULONG...

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...

NfSen 1.3.7 AlienVault OSSIM 5.3.6 - Local Privilege Escalation

NfSen 1.3.7 AlienVault OSSIM 5.3.6 - Local Privilege Escalation Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...

Counter Strike: Condition Zero - &#039;.BSP&#039; Map File Code Execution

!/usr/bin/env python Counter Strike: Condition Zero BSP map exploit By @DigitalCold Jun 11, 2017 E-DB Note: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42325.zip bsp-exploit-source.zip from binascii import hexlify, unhexlify from struct import pack, unpack...

Easy File Sharing Web Server 7.2 - Unrestricted File Upload Exploit

Exploit for windows platform in category web applications 2017/6/15 Chako EFS Web Server 7.2 Unrestricted File Upload Vendor Homepage: http://www.sharing-file.com Version: Easy File Sharing Web Server 7.2 Tested on: WinXP SP3 EFS Web Server 7.2 allows unauthorized users to upload malicious files...

Easy File Sharing Web Server 7.2 - Unrestricted File Upload

Easy File Sharing Web Server 7.2 - Unrestricted File Upload 2017/6/15 Chako EFS Web Server 7.2 Unrestricted File Upload Vendor Homepage: http://www.sharing-file.com Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web Server 7...

WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions Exploit

Exploit for multiple platform in category dos / poc switchToSlowPutArrayStoragevm; = MINSPARSEARRAYINDEX || structurevm-holesMustForwardToPrototypevm return nullptr; Structure...

Viral Optins - Arbitrary File Upload

Affected versions and whether the issue has been remediated is unclear as the vendor website does not exist anymore. Upload!...

Apple macOS - Disk Arbitration Daemon Race Condition

Apple macOS - Disk Arbitration Daemon Race Condition !/bin/bash Sources: https://raw.githubusercontent.com/phoenhex/files/master/pocs/poc-mount.sh https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc if ! security authorize system.volume.internal.mount &/dev/null; then echo 2&1 "Cannot...

Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read Exploit

Exploit for linux platform in category web applications Exploit title : Arbitry file reading by authenticated users on Riverbed SteelHead VCX Vendor: Riverbed Author: Gregory DRAPERI Date: 03/2017 Software Link:...

xycms edit_book. php page id parameter there is SQL injection vulnerability

No description provided by source...