Lucene search
K

11967 matches found

exploitpack
exploitpack
added 2015/01/05 6:44 p.m.11 views

NetZip-Classic-SEH

Exploit Title: Exploit Buffer Overflow NetZip ClassicSEH Date: 01\30\2011 Author: C4SS!0 G0M3S Software Link: http://proforma.real.com/real/nzclassic/nzclassic.html Version: 7.5.1.86 Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN def usage system"cls" system"color 4f"; end if ARGV.length !=1 usage...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2015/01/05 4:22 p.m.13 views

GOM-Player-2.1.33.5071-ASX-File-Unicode

Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution. Version: 2.1.33.5071 Date: 30-11-2011 Author: Debasish Mandal Peter Van Eeckhoutte corelanc0d3r rawinput" Press Enter to generate the crafted ASX..." size = 2046 Shellcode WinExec "Calc.exe"...

1AI score
Exploits0
exploitpack
exploitpack
added 2015/01/05 3:53 p.m.28 views

Lattice-Semiconductor-PAC-Designer-6.21

Exploit: Lattice Semiconductor PAC-Designer 6.21 possibly all versions CVE: CVE-2012-2915 Author: b33f Ruben Boonen - http://www.fuzzysecurity.com/ OS: WinXP SP1 Software: http://www.latticesemi.com/products/designsoftware/pacdesigner/index.cfm filename="evil.PAC" PAC1 = """ 1 ispPAC-CLK5410D...

0.1AI score0.29465EPSS
Exploits10
exploitpack
exploitpack
added 2015/01/05 2:54 p.m.31 views

Beetel-Connection-Manager

Exploit Title:Beetel Connection Manager SEH Buffer Overflow Software for usb wireless Homepage:http://www.beetel.in/business-solutions/international-business/3g-products/g31-3g-data-card Version:PCWBTLINDV1.0.0B04 Software...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2015/01/05 12:3 p.m.26 views

XM-Easy-Personal-FTP-Server

Because this address is relative and has a static base in this environment, I was able to use the heap chunk address as the pointer to write at the vtable. Then a function is called at offset 0xb0 or 0x98 and we can reliably return into a ROP payload and execute arbitrary code. import socket impo...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2015/01/05 11:30 a.m.16 views

Ubiquiti-AirOS-5.5.2

The http://IP/test.cgi "essid" parameter is not sanitized for input which allows for execution of operating system commands. The parameter input field can be like this to create a file /tmp/test.txt: LINKTEST /bin/touch /tmp/test.txt " import urllib, urllib2, cookielib, sys, random, mimetools,...

0.2AI score
Exploits0
0day.today
0day.today
added 2015/01/05 12:0 a.m.21 views

Wordpress WP-EMail 2.64 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress WP-EMail 2.64 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : https://wordpress.org/plugins/wp-email/ Date : 2015-01-03 Software Link :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/01/04 12:0 a.m.28 views

HDWIKI鸡肋SQL注入(PHP弱类型实例)

简要描述: 见drops中@小飞发了一篇文章:http://drops.wooyun.org/tips/4483 我一直认为没有实例的文章不是好文章,于是来帮他加个实例,由PHP弱类型造成的SQL注入,非常典型。 为了不拉低大号的平均rank,小号交起嘿 详细说明: /control/list.php 109行 function dofocus $doctype = $this-get2; switch$doctype case 2: $type = 'hot'; $navtitle = $this-view-lang'hotDoc'; break; case 3: $type =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/29 12:0 a.m.21 views

PHPAPP注入第四枚(各种无视过滤)

简要描述: PHPAPP注入第四枚(各种无视过滤) 详细说明: 在wooyun上看到了有人提了PHPAPP的漏洞: http://wooyun.org/bugs/wooyun-2010-055604,然后去官网看了看,前几天刚有更新,就在官网下了PHPAPP最新的v2.6来看看2014-12-11更新的。 PSOT注入点:wwww.xxx.com/member.php?action=1&app=43&cid=1&rid=2, 存在漏洞的文件在/phpapp/apps/refund/memberphpapp.php 下面分析一下漏洞产生的原因 第一处绕过:...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/12/26 12:0 a.m.33 views

phpyun v3.2 (20141222) 三处注入

简要描述: 20141222 详细说明: 第一处在 api/alipay/alipayto.php 现在的少了以前的验证。 errorreporting0; requireonce"alipayconfig.php"; requireonce"class/alipayservice.php"; requireoncedirnamedirnamedirnameFILE."/data/db.config.php"; requireoncedirnamedirnamedirnameFILE."/plus/config.php";...

7.1AI score
Exploits0
Fedora
Fedora
added 2014/12/22 2:32 a.m.49 views

[SECURITY] Fedora 21 Update: kernel-3.17.7-300.fc21

The kernel meta package...

5.5CVSS2.4AI score0.00738EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/12/22 12:0 a.m.43 views

Lexmark MarkVision Enterprise < 2.1 Multiple Vulnerabilities

The version of Lexmark MarkVision Enterprise installed on the remote host is prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability due to improper handling of user input to the 'GfdFileUploadServerlet' servlet. CVE-2014-8741 - An...

10CVSS8.9AI score0.77198EPSS
Exploits7References6
OpenVAS
OpenVAS
added 2014/12/22 12:0 a.m.302 views

Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) Detection (HTTP)

HTTP based detection of the Microsoft Exchange Outlook Web App / Outlook Web Access OWA and the Microsoft Exchange Server running this OWA application. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2014/12/19 12:0 a.m.39 views

Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion

!/bin/sh Exploit Title: Cacti - Superlinks Plugin 1.4-2 RCELFI via SQL Injection Date: 19/12/2014 Exploit Author: Wireghoul Software Link: http://docs.cacti.net/plugin:superlinks Identifiers: CVE-2014-4644, EDB-ID-33809 Exploit explanation through inline comments Patch provided at the end This is...

7.5CVSS6.6AI score0.01317EPSS
Exploits5
Exploit DB
Exploit DB
added 2014/12/15 12:0 a.m.47 views

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload

!/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification Twitter 2014-12-02: Vendor Notification Web Site 2014-12-04:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/12/12 12:0 a.m.26 views

Iwebsns最新版SQL注入第五枚

简要描述: Iwebsns最新版SQL注入第五枚 详细说明: 在wooyun上看到雨牛提了5个iwebsns的漏洞了( WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,已对比,不重复,下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复,我先把存在漏洞的文件和注入参数分别写在这里:action/group/groupexit.action.php groupid 下面看看漏洞是怎么产生的 ction/group/groupexit.action.php 无关代码 //变量区 $userid=getsessuserid;...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/12/09 12:0 a.m.21 views

Flat Calendar 1.1 - HTML Injection

!/usr/bin/perl -w Title : Flat Calendar v1.1 HTML Injection Exploit Download : http://www.circulargenius.com/flatcalendar/FlatCalendar-v1.1.zip Author : ZoRLu / [email protected] Website : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultima...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/12/08 12:0 a.m.26 views

IceHrm 7.1 Multiple Vulnerabilities

IceHrm versions 7.1 and below suffer from cross site request forgery, cross site scripting, local file inclusion, and code execution via remote shell upload vulnerabilities. IceHrm =7.1 Multiple Vulnerabilities Vendor: IceHRM Product web page: http://www.icehrm.com Affected version: = 7.1 Summary...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2014/12/05 12:0 a.m.68 views

Microsoft Windows Kerberos - Privilege Escalation (MS14-068)

!/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache import CCache, gettgtcred, kdcrep2ccache from kek.crypto...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/26 12:0 a.m.38 views

Apadana CMS SQL Injection

000000000000000000000000000000000 0 0 Exploit Title : Apadana CMS Sql Injection Vulnerability 0 Exploit Author : SeRaVo.BlackHat 0 Vendor Homepage : http://www.apadanacms.ir/ 0 Google Dork : powered by apadana CMS 0 Date: 2014/November/25 0 Tested On : windows + linux | Mozila | Havij 0 Software...

0.9AI score
Exploits0
Rows per page
Query Builder