3100 matches found
DokuWiki Proof Of Concept Shell Upload
c@kali:/src/napalm2.2/modules$ cat shell-dokuwiki.py !/usr/bin/env python shell-dokuwiki.py - module to upload shell, based on previous version created 28.04.2017. Bug 'feature' is exploitable only when you will have a valid credentials. for this proof-of-concept you'll also need host with...
Mozilla Firefox < 53 - gfxTextRun Out-of-Bounds Read Exploit
Exploit for multiple platform in category dos / poc .class1 float: left; white-space: pre-line; .class2 border-bottom-style: solid; font-face: Arial; font-size: 7ex; function go menuitem.appendChilddocument.body.firstChild; canvas.toBlobcallback; function callback var s = menu.style;...
Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer
Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1251 When the eBPF verifier kernel/bpf/verifier.c runs in verbose mode, it dumps all processed instructions to a user-accessible buffer in human-readable form...
LabF nfsAxe FTP Client 3.7 Buffer Overflow
!/usr/bin/python print "LabF nfsAxe 3.7 FTP Client Buffer Overflow SEH" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Tested on Windows Vista x86 import socket import sys badchars \x00\x10\x0a buf = "" buf +=...
CVE-2017-8936
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Cloudera HUE =< 3.9.0 Enumerating users with an unprivileged account (CVE-2016-4947)
Cloudera HUE =/desktop/api/users/autocomplete Open redirection Cloudera HUE =:8888/accounts/login/?next=//google.fr...
ImagePro Lazygirls Clone Script SQL Injection
Exploit Title: ImagePro Lazygirls Clone Script - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/8-2/ Demo: http://imagepro.clonedemo.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan Author Web:...
ImagePro Lazygirls Clone Script - SQL Injection
ImagePro Lazygirls Clone Script - SQL Injection Exploit Title: ImagePro Lazygirls Clone Script - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/8-2/ Demo: http://imagepro.clonedemo.com/ Version: N/A Tested on: Win7 x64, Kali Lin...
Maian Greetings 2.1 - 'cat' SQL Injection
Exploit Title: Maian Greetings v2.1 - SQL Injection Google Dork: N/A Date: 04.04.2017 Vendor Homepage: http://www.maiansoftware.com/ Software: http://www.maiangreetings.com/?dl=yes Demo: http://www.maiansoftware.com/demos/greetings/ Version: 2.1 Tested on: Win7 x64, Kali Linux x64 Exploit Author:...
EyesOfNetwork (EON) 5.1 SQL Injection
Exploit Title: EyesOfNetwork EON 5.1 Unauthenticated SQL Injection in eonweb leading to remote root Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" Date: 29/03/2017 Exploit Author: Dany Bach Vendor Homepage: https://www.eyesofnetwork.com/ Software Link:...
MikroTik RouterBoard 6.38.5 Denial Of Service
!/usr/local/bin/perl use Socket; $srchost =3D $ARGV0;=20 $srcport =3D $ARGV1;=20 $dsthost =3D $ARGV2;=20 $dstport =3D $ARGV3;=20 if!defined $srchost or !defined $srcport or !defined $dsthost or !defin= ed $dstport=20 =09 =09print "Usage: $0 \n"; =09exit; =20 else=20 =09 =09main; =20 sub main=20...
onArcade 2.4.x Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: onArcade 2.4.x Local File Get Contents Vulnerability Google Dork: inurl:"cup.php?a=all" Date: 23 Mar 2017 Exploit Author: Deyaa Muhammad Author Mail: contact at deyaa.me Exploit Blog:...
VqgNA8RVTtdBLKP
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Omegle Clone - SQL Injection
Exploit Title: Omegle Clone - SQL Injection Google Dork: N/A Date: 18.03.2017 Vendor Homepage: http://turnkeycentral.com/ Software: http://www.turnkeycentral.com/scripts/omegle-clone/ Demo: http://demo.turnkeycentral.com/omegleclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author...
ohocms getsyscat.php sql注入漏洞
No description provided by source...
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 - Privilege Escalation Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link:...
Naukri Clone Script 3.02 SQL Injection
Exploit Title: Naukri Clone Script v3.02 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://phpscriptsmall.com/product/naukri-clone-script/ Demo: http://phpscriptsmall.biz/demo/jobsite/ Version: 3.02 Tested on: Win7 x64, Kali Linux...
Responsive Events Movie Ticket Booking Script - SQL Injection
Responsive Events Movie Ticket Booking Script - SQL Injection Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software :...
ohocms edittheme.php code execution vulnerability
No description provided by source...
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode 106 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files...