32 matches found
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 This repository contains a Proof of Concept P...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 This repository contains a Proof of Concept P...
VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform
VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open...
Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)
The following blog post was co-authored by Andrew Christian and Brendan Watters. Beginning Feb. 27, 2021, Rapid7’s Managed Detection and Response MDR team has observed a notable increase in the automated exploitation of vulnerable Microsoft Exchange servers to upload a webshell granting attackers...
Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
Out-of-bounds read vulnerability in the Message Framework library Horizon 6, 7, Horizon Agent, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from ...
Foxit Reader 9.0.1.1049 - Remote Code Execution
Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
Beckhoff TwinCAT
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Beckhoff Equipment: TwinCAT Vulnerability: Untrusted Pointer Dereference AFFECTED PRODUCTS Beckhoff reports that the vulnerability affects the following TwinCAT PLC products: TwinCAT 3.1 Build 4022.4 or prior, TwinCAT 2.11 R3 2259 or prio...
Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Exploit
Exploit for windows platform in category dos / poc Vulnerability Summary The following advisory describes a kernel stack buffer overflow that leads to privilege escalation found in Kingsoft Antivirus/Internet Security 9+. Kingsoft Antivirus “provides effective and efficient protection solution at...
Advantech WebAccess
CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Stack-based Buffer Overflow, Untrusted Pointer Dereference AFFECTED PRODUCTS The following versions of WebAccess, an HMI platform, are affected: WebAccess versions prior...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (2)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 2 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
Jungo DriverWizard WinDrive OOB Write Privilege Escalation
-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1:...
Jungo DriverWizard WinDriver - Kernel Out-of-Bounds Write Privilege Escalation Exploit
Exploit for windows platform in category local exploits -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver:...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (1)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 1 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydaerce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0root...
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryadminsystimerce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0ro...
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverydetectedpotentialfilesrce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root...
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryuploadrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + popping shell, type 'exit' to exit. $ id uid=0root gid=0root $ uname -a Linux localhost 2.6.24...
PIPL <= 2.5.0 (.m3u File) Universal Buffer Overflow Exploit (SEH)
No description provided by source. !/usr/bin/python PIPL = 2.5.0 .m3u File Universal bof exploit SEH Coded by: Steven Seeley aka mrme email: info At net-ninja d0t net Download: http://www.programmedintegration.com/files/pipl.exe Tested on Wind0ws XP sp3 & Vist@ SEH overwrite, just for kicks...
SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow PoC Exploit
No description provided by source. / surethingcdlabelerbofpoc.c SureThing cd labeler m3u/pls - unicode stack overflow PoC exploit Found by: Ruben Alejandro - chap0 Author: Steven Seeley - mrme http://net-ninja.net/ Greetz to: Corelan Security Team...
Cogent Datahub 7.1.1.63 Buffer Overflow
!/usr/bin/python Cogent Datahub @netninja || @luigiauriemma example usage: mrme@neptune cognet$ ./cognetoverflow.py 192.168.114.130 ----------------------------------------------------- ------ Cogent Datahub Unicode Overflow Exploit ------ ------------- Found by Luigi Auriemma ---------------...