47884 matches found
Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection
Exploit Title: Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection Date: 2020-12-04 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/geraked/phpscript-sgh Software Link: https://github.com/geraked/phpscript-sgh Version: 0.1.0 Tested on: Kali Linux...
Apache Struts 2.5.20 - Double OGNL evaluation
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...
IQrouter 3.3.1 Firmware - Remote Code Execution
Exploit Title: IQrouter 3.3.1 Firmware - Remote Code Execution Date: 2020-04-21 Exploit Author: drakylar Vendor Homepage: https://evenroute.com/ Software Link: https://evenroute.com/iqrouter Version: IQrouter firmware up to 3.3.1 Tested on: IQrouter firmware 3.3.1 CVE : N/A !/usr/bin/env python3...
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...
OpenSSH 3.x - Challenge-Response Buffer Overflow (2)
source: https://www.securityfocus.com/bid/5093/info The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to the OpenSSH SSH2 challenge-response mechanism. They...
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting
Exploit Title: WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-13 Vendor Homepage: https://wordpress.org/plugins/buddypress/ Version: 6.2.0 Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerabilit...
WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting
Exploit Title: WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Mayur Parmar Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: PopOS Stored Cross-site scriptingXSS: Stored attacks are those where the injected script is permanently store...
Microsoft Internet Explorer 11 - Use-After-Free
Exploit Title: Microsoft Internet Explorer 11 - Use-After-Free Date: 2020-05-07 Exploit Author: maxpl0it Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 CVE :...
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)
/ EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of...
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
/ Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...
GitLab 12.9.0 - Arbitrary File Read
Exploit Title: GitLab 12.9.0 - Arbitrary File Read Google Dork: - Date: 2020-05-03 Exploit Author: KouroshRZ Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Ubuntu 18.04 but it's OS independent CVE : -...
EyesOfNetwork 5.3 - LFI
Exploit Title: EyesOfNetwork 5.3 - LFI Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 The php not exclude other tools than proposed...
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
Exploit Title: WordPress Rest Google Maps Plugin SQL Injection Google Dork: inurl:index.php?restroute=3D/wpgmza/ Date: 2020-09-09 Exploit Author: Jonatas Fil Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/developers Software Link: https://wordpress.org/plugins/wp-google-maps/...
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
Exploit Title: Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Date: 03/2019 Author: Simon Zuckerbraun Vendor: https://www.microsoft.com/ Version: February 2019 patch level Tested on: Windows 10 1809 17763.316 CVE: CVE-2019-0752 Content Dim ar1&h3000000...
Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload
Exploit Title: Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/3dprint-lite/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/3dprint-lite/ Version: spacehen www.github.com/spacehen" def printusage:...
Gitea 1.12.5 - Remote Code Execution (Authenticated)
Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Date: 17 Feb 2020 Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/en/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link:...
vBulletin Blog 4.0.2 - Title Cross-Site Scripting
Vbulletin Blog 4.0.2 XSS Vulnerability Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin™ Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved. The script is affected by Permanent XSS vulnerability, so you can put in bad java script code alert'put...
School Faculty Scheduling System 1.0 - Authentication Bypass POC
Exploit Title: School Faculty Scheduling System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...
ClipShare 2.6 - Remote User Password Change
!/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User Passord Change Exploit\n"; print "\nBy...
Internet Explorer 11 - Use-After-Free
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
Technicolor TD5130.2 - Remote Command Execution
Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST /mntping.cgi HTTP/1.1 Host: HOST User-Agent:...
WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting
Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29233 Stored Cross-site scriptingXSS: Stored XSS, also...
Claroline 1.8.9 - '/claroline/redirector.php?url' Arbitrary Site Redirect
source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser ...
Online Shopping Alphaware 1.0 - 'id' SQL Injection
Title: Online Shopping Alphaware 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-28 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
/ Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under t...
KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path
Exploit Title: KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Discovery by: IRVIN GIL Discovery Date: 2020-11-14 Vendor Homepage: https://www.kite.com/ Tested Version: 1.2020.1113.1 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 es Step to discover...
HelpDeskZ 1.0.2 - Arbitrary File Upload
''' Updated Exploit Provided by Drew Griess Exploit Title HelpDeskZ = v1.0.2 - Unauthenticated Shell Upload Google Dork intextHelp Desk Software by HelpDeskZ Date 2016-08-26 Exploit Author Lars Morgenroth - @krankoPwnz Vendor Homepage httpwww.helpdeskz.com Software Link...
Centos WebPanel 7 - 'term' SQL Injection
Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : CVE-2020-10230 Type: Error Based...
CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)
Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...
Subrion CMS 4.2.1 - Arbitrary File Upload
Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE Authenticated Date: 17/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE:...
Cisco ASA and FTD 9.6.4.42 - Path Traversal
Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...
Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path
Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Exploit Author : Isabel Lopez Exploit Date: 2020-11-13 Vendor Homepage : https://www.file.net/process/athcoexagent.exe.html Link Software :...
Fuel CMS 1.4.1 - Remote Code Execution (2)
Title: Fuel CMS 1.4.1 - Remote Code Execution 2 Exploit Author: Alexandre ZANNI Date: 2020-11-14 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: FILE -h | --help Options: Root URL base path including HTTP scheme,...
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC Remote Code Execution', 'Description' = %q An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11....
WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...
Piwigo 2.10.1 - Cross Site Scripting
Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...
BlackBoard Academic Suite 6/7 - '/bin/common/announcement.pl?data__announcements___pk1_pk2__subject' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of...
IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path
Exploit Title: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Discovery by: Diego Cañada Software link: https://www.pconlife.com/download/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/ Discovery Date: 2020-12-03 Tested Version: 1.0.6499.0 Vulnerability Type: Unquoted Service Path...
Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
Exploit Title: Moodle 3.10.3 - 'label' Persistent Cross Site Scripting Date: 25.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month...
Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path
Exploit Title: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path Discovery by: Marcos Antonio León psk Discovery Date: 2019-11-04 Vendor Homepage: https://www.wacom.com Software Link : http://cdn.wacom.com/U/drivers/IBMPC/pro/WacomTablet637-3.exe Tested Version: 6.3.7.3...
Microsoft Windows - Local Privilege Escalation (MS15-051)
Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
Exploit Title: WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://sygnoos.com Software Link: https://wordpress.org/plugins/popup-builder/ / https://popup-builder.com/ Version: = 3.69.6 Tested on...
HackBack - A DIY Guide
HackBack - A DIY Guide. Papers exploit for Multiple platform | | | | | | | | | | | | || |/ |/ | |/ / | \ / |/ | |/ / | | | | | | | | | | | | || || ||,|||\ |/ ,|||\ A DIY Guide ,-.,-. ,-\ o O/; / , | | -.,, / \ -./ / ,.\ / -..-\ ./ ' / /| \ ,/ \ |.-" '/\ \ \ / ,, | \ | o/o / . \ , / / ;-;'...
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)
Exploit Title: Jiofi 4 JMR 1140 CSRF To View Wi-fi Password Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 Category: Hardware Wifi Router Version: JMR-11...
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...
SAP Lumira 1.31 - Stored Cross-Site Scripting
Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Date: 13.08.2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...
Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...
SmarterMail Build 6985 - Remote Code Execution
Exploit Title: SmarterMail Build 6985 - Remote Code Execution Exploit Author: 1F98D Original Author: Soroush Dalili Date: 10 May 2020 Vendor Hompage: re CVE: CVE-2019-7214 Tested on: Windows 10 x64 References:...
HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion
source: https://www.securityfocus.com/bid/8416/info A file include vulnerability has been reported in the htmltags.php module of HolaCMS. This problem may allow an attacker to access potentially sensitive information reserved for adminstration. It has also been reported that some files included v...
Laravel Nova 3.7.0 - 'range' DoS
Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...