47884 matches found
myUPB 2.2.6 - Multiple Vulnerabilities
=============== altbta ====================== Name: myUPB = v2.2.6 Multiple Vulnerabilities Download: http://sourceforge.net/projects/textmb/files/UPB/ Vulnerability: CSRF privilege escalation Tested on: 2.2.6 Author : altbta [email protected] Dork: "Powered by myUPB" ================= backup exploi...
JForum - 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/58164/info JForum is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of t...
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team...
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
Title: MongoDB nativeHelper.apply Remote Code Execution Author: agixid http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ Software Link: http://fastdl.mongodb.org/linux/mongodb-linux-i686-2.2.3.tgz Version: 2.2.3 The following PoC exploits the "nativeHelper" feature in the spidermonkey...
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AppXSvc Hard Link Privilege Escalation', 'Description' = %q There exists a privilege escalation vulnerability for Windows 10 builds prior to buil...
BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)
/ \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | | ------======\ / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Exploit Code ===============/======================================================== Exploit ID:...
Pligg CMS 9.9.0 - Remote Code Execution
!/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print "\n"; print " Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1'; $http-envproxy; cookiejar; my $host =...
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
!/usr/bin/env python3 Optionsbleed proof of concept test by Hanno Böck import argparse import urllib3 import re def testbleedurl, args: r = pool.request'OPTIONS', url try: allow = strr.headers"Allow" except KeyError: return False if allow in dup: return dup.appendallow if allow == "": print"empty...
Esoftpro Online Guestbook Pro - Multiple Vulnerabilities
Exploit Title: Esoftpro Online Guestbook Pro Multiple Vulnerability Vendor url:http://www.esoftpro.com/ Version:5.1 Author: L0rd CrusAd3r aka VSN [email protected] Published: 2010-07-4 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz:...
WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection
Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...
Zookeeper 3.5.2 - Denial of Service
Zookeeper 3.5.2 - Denial of Service. Dos exploit for Linux platform !/usr/bin/python Exploit Title: Zookeeper Client Denial Of Service Port 2181 Date: 2/7/2017 Exploit Author: Brandon Dennis Email: [email protected] Software Link: http://zookeeper.apache.org/releases.htmldownload Zookeeper...
Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
/ Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of the php5-cgi package. When the php5-cgi package is installed on Debian and...
TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass
Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...
eSyndiCat Directory Software - Multiple SQL Injections
eSyndiCat: Multiple SQL Injection's http://www.esyndicat.net/ ---------------------------------------------------------- Exploit coded and founded by d3v1l Date: 14.07.2007 [email protected] ----------------------------------------------------------- Greetz tO:- Security-Shell Members...
Vlbook 1.21 - Cross-Site Scripting / Local File Inclusion
vlBook 1.21 ALL VERSION Multiple Remote Vulnerabilities LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Raso...
Linux Kernel < 2.6.29 - 'exit_notify()' Local Privilege Escalation
!/bin/sh gw-notexit.sh: Linux kernel 2.6.29 exitnotify local root exploit by Milen Rangelov gat3way-at-gat3way-dot-eu Based on 'exitnotify' CAPKILL verification bug found by Oleg Nestorov. Basically it allows us to send arbitrary signals to a privileged suidroot parent process. Due to a bad check...
OpenSSHd 7.2p2 - Username Enumeration
Source: http://seclists.org/fulldisclosure/2016/Jul/51 -------------------------------------------------------------------- User Enumeration using Open SSHD =Latest version. ------------------------------------------------------------------- Abstract: ----------- By sending large passwords, a...
MicroTik RouterOS < 6.43rc3 - Remote Root
/ Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By...
OpenSSH < 6.6 SFTP - Command Execution
OpenSSH 8 else 32 print "+ bit libc mapped @ -, path: ".formatBITS, addr0, addr1, path libcbase = intaddr0, 16 libcpath = path if "stack" in line: addr = addr.split"-" saddrstart = intaddr0, 16 saddrend = intaddr1, 16 print "+ Stack mapped @ -".formataddr0,...
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Date: 2020-02-28 Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...
OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation
/ notansshnuke.c Federico Bento up201407890 alunos dcc fc up pt https://twitter.com/uid1000 OpenSSH 6.8-6.9 local privilege escalation - CVE-2015-6565 Considered mostly to be a "DoS", turns out to be a priv esc vuln. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6565 Shoutz to Jann Horn...
phpBB 3.2.3 - Remote Code Execution
// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' = aaae9cba5fdadb1f0c384934cd20d11czip // you...
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)
require "msf/core" class MetasploitModule "Ghostcat", "Description" = %q When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such...
vsftpd 2.3.4 - Backdoor Command Execution
Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution Date: 9-04-2021 Exploit Author: HerculesRD Software Link: http://www.linuxfromscratch.org/thomasp/blfs-book-xsl/server/vsftpd.html Version: vsftpd 2.3.4 Tested on: debian CVE : CVE-2011-2523 !/usr/bin/python3 from telnetlib import Telnet...
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
// All respects goes to Zhiyi Zhang of 360 ESG Codesafe Team // URL: https://blogs.projectmoon.pw/2018/10/19/Oracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities/ package ysoserial.payloads; import com.sun.jndi.rmi.registry.ReferenceWrapperStub; import sun.rmi.server.UnicastRef; import...
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
Exploit Title: CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Date: 30/11/2022 Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi Deda Cloud Cybersecurity Team Vendor Homepage: https://www.crowdstrike.com/ Author Homepage...
Apache Httpd mod_rewrite - Open Redirects
Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik 'https://redirect.local/%0a.evilwebsite.com' --path-as-is HTTP/2 302 date: Mon...
Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if...
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
!/bin/bash -p Source: https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html // http://legalhackers.com/exploits/CVE-2016-6664/mysql-chowned.sh MySQL / MariaDB / PerconaDB - Root Privilege Escalation PoC Exploit mysql-chowned.sh ver. 1.0 CVE-2016-6664 ...
Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) UDEV < 1.4.1 - Local Privilege Escalation (2)
/ cve-2009-1185.c udev http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user...
OpenLD 1.2.2 - 'index.php?id' SQL Injection
--==+================================================================================+==-- --==+ OpenLD = 1.2.2 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXero" Rester PAYLOAD: Admin username an...
FLDS 1.2a - 'redir.php' SQL Injection
Free Links Directory Script id SQL Injection Vulnerability Author: nuclear site: http://flds-script.com vuln: http://localhost/path/redir.php?id=-1%20UNION%20SELECT%201,2,@@version,4,5,6,7,8,9,10,11/ vulnerable code: $ida = $GET'id'; $link = mysqlfetcharraymysqlquery"select from links where...
PHPDug 2.0.0 - Cross-Site Scripting
======================================================================================== | Title : PHPDug version 2.0.0 Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Total alerts...
Advanced Guestbook 2.4.2 - 'Lang' Cookie Local File Inclusion
source: https://www.securityfocus.com/bid/23876/info Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. Advanced Guestbook 2.4.2 ...
7-zip - Code Execution / Local Privilege Escalation
Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kağan Çapar Date: 2020-04-12 Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...
ArticleBeach Script 2.0 - 'index.php' Remote File Inclusion
------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : October, 22th 2006...
ClipShare < 3.0.1 - 'tid' SQL Injection
// / / / Clipshare / / / / Remote SQL Injection Vulnerability / / / / / // AUTHOR : SuNHouSe2 ALGERIAN HaCkEr DORK : "powered by clipshare" VERSION : less than v3.0.1 EXPLOIT :...
Jetty 9.4.37.v20210219 - Information Disclosure
Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Date: 2021-10-21 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and...
PHP 4.x/5.0/5.1 - PHPInfo Large Input Cross-Site Scripting
source: https://www.securityfocus.com/bid/17362/info PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC)
import socket, sys print "\n" print "----------------------------------------------------------------" print "| Windows 7 IIS7.5 FTPSVC UNAUTH'D REMOTE DOS POC |" print "| Matthew Bergin, Bergin Penetration Testing |" print "| Win7 Ultimate v6.1 build 7600, IIS 7.5.7600.16385 |" print...
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | XSS BYPASS...
Jcow 4.2.1 - Local File Inclusion
------------------------------------------------------------------------ Software................Jcow 4.2.1 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.jcow.net/ Discovery Date..........5/12/2011 Tested...
Joomla! 3.4.6 - Remote Code Execution
Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A Technical details:...
FlatFile Login System - Remote Password Disclosure
============================================================================== » Note : Tribute to the martyrs of Gaza . ============================================================================== » FlatFile system Remote Password Disclouse Vulnerability...
glFusion 1.1.2 - 'COM_applyFilter()/cookies' Blind SQL Injection
1 // Check user status $status = SECcheckUserStatus$userid; if $status == USERACCOUNTACTIVE || $status == USERACCOUNTAWAITINGACTIVATION $userloggedin = 1; SESSupdateSessionTime$sessid, $CONF'cookieip'; ... see SESSupdateSessionTime function near lines 418-436: ... function...
freeSSHd 2.1.3 - Remote Authentication Bypass
FreeSSHD all version Remote Authentication Bypass ZERODAY Discovered & Exploited by Kingcope Year 2011 Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23080.zip Run like: ssh.exe -l valid username might be: root admin administrator webadmin...
Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
Online Guestbook Pro display Blind SQL Injection Vulnerability Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangelg85atYahooDoTcom script : http://www.esoftpro.com/webscriptsonlineguestbookpro.php DorK : Powered by Online Guestbook Pro Demo :...
FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution
!/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2012 Author: muts, SSL update by Emporeo Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE : notyet Blog post :...
ClipShare - 'UID' SQL Injection
video sharing www.clip-share.com Remote SQL Injection Exploit All Version AUTHOR :Krit webmaster of http://www.thaishadow.com HOME : http://www.thaishadow.com Download : http://www.clip-share.com/ DorKs :inurl:/uprofile.php?UID= or "Powered by clipshare" EXPLOIT :...