47884 matches found
Write-to-file Shellcode Win32
Write-to-file Shellcode Win32. CVE-2010-0425. Shellcode exploits for multiple platform ; Write-to-file Shellcode ; ; This shellcode was used in the exploit for: CVE-2010-0425 ; Supported: Windows 2000, WinXP, Server 2003, Server 2008, Vista, Windows 7 ; ; Size: 278 bytes ;...
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...
OpenSSH 7.2p2 - Username Enumeration
!/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-19 Purpose: User name enumeration against SSH daemons...
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...
Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection
Exploit Title: Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ramil Mustafayev Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/ Software...
Testa Online Test Management System 3.4.7 - 'q' SQL Injection
Exploit Title: Testa Online Test Management System 3.4.7 - 'q' SQL Injection Date: 2020-07-21 Google Dork: N/A Exploit Author: Ultra Security Team Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad Khalifeh , Milad Ranjbar Vendor Homepage: https://testa.cc Version: v3.4.7 Tested on:...
nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting
Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.nopcommerce.com/ Version: 4.30 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29475 Stored Cross-site scriptingXSS: Stored XSS, also...
Microsoft Internet Explorer 11 32-bit - Use-After-Free
Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10 v.1803 17134.407 Tested on: Windows 7, 8.0, 8.1, 10, Serve...
Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...
Samba 3.0.21 < 3.0.24 - LSA trans names Heap Overflow (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Samba...
osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting Date: 2020-11-19 Exploit Author: Emre Aslan Vendor Homepage: https://www.oscommerce.com/ Version: 2.3.4.1 Tested on: Windows & XAMPP == Tutorial https://HOST/catalog/admin/newsletters.php?action=new 3- Enter the XSS paylo...
Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path
Exploit Title: Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path Discovery by: Erika Figueroa Discovery Date: 2020-11-07 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 1.0.64.10 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 x64 es Step ...
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow
Exploit Title: IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec Vendor Homepage: https://www.ibm.com/support/knowledgecenter/en/SSGSG77.1.0/com.ibm.itsm.tsm.doc/welcome.html Version: 5.2.0.1...
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
Exploit Title: WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection Date: 09/08/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/membership-by-supsystic.1.4.7.zip Version: 1.4.7 Tested on: Ubuntu...
ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path
Exploit Title: ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-10 Vendor Homepage: https://www.asus.com/ Software Link...
Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid stock kernel 2.6.32-27-generic contains a bug that allows to keep attached to...
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
Exploit Title: Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-24 Vendor Homepage: https://www.dell.com/ Software Link : https://www.dell.com/support/home/mx/es/mxbsdt1/drivers/driversdetails?driverid=vwpkk Tested Version...
Chromium 83 - Full CSP Bypass
Title: Chromium 83 - Full CSP Bypass Date: 02/09/2020 Exploit Author: Gal Weizman Vendor Homepage: https://www.chromium.org/ Software Link: https://download-chromium.appspot.com/ Version: 83 Tested On: Mac OS, Windows, iPhone, Android CVE: CVE-2020-6519 function var payload = top.SUCCESS = true;...
Pluck v4.7.18 - Remote Code Execution (RCE)
Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...
Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF
Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF Date: 2020-07-30 Author: Julien Ahrens Vendor Homepage: https://www.acronis.com Version: 12.5 Build 16341 CVE: CVE-2020-16171 VERSIONS AFFECTED ==================== Acronis Cyber Backup v12.5 Build 16327 and probably belo...
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It works if such a key...
TrendMicro InterScan Web Security Virtual Appliance - 'Shellshock' Remote Command Injection
!/usr/bin/env python TrendMicro InterScan Web Security Virtul Appliance ================================================== InterScan Web Security is a software virtual appliance that dynamically protects against the ever-growing flood of web threats at the Internet gateway exclusively designed to...
Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass
Canon LBP6650/LBP3370/LBP3460/LBP7750C - Authenticaton Bypass. CVE-2018-11692. Webapps exploit for Hardware platform Exploit Title: Incorrect Access Control in Canon LBP6650, LBP3370, LBP3460, LBP7750C Date: 3.6.2018 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Software Link:...
Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow
!/usr/bin/perl IIS 5.0 FTP Server / Remote SYSTEM exploit Win2k SP4 targets bug found & exploited by Kingcope, kcope2googlemail.com Affects IIS6 with stack cookie protection Modded by muts, additional egghunter added for secondary larger payload Might take a minute or two for the egg to be found...
VTiger v7.0 CRM - 'To' Persistent XSS
Exploit Title: VTiger v7.0 CRM - 'To' Persistent XSS Date: 2020-11-18 Exploit Vulnerability-Lab Vendor Homepage: https://www.vtiger.com/open-source-crm/download-open-source/ Software Link: https://sourceforge.net/projects/vtigercrm/files/ Version: v7.0 Document Title: =============== VTiger v7.0...
CuteNews 2.1.2 - Arbitrary File Deletion
Exploit Title: CuteNews 2.1.2 - Arbitrary File Deletion Date: 2020-05-08 Author: Besim ALTINOK Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Maybe it affect other versions Tested on: Xampp Credit: İsmail BOZKURT Remotely: Yes...
Sendmail 8.13.5 - Remote Signal Handling (PoC)
!/usr/bin/env python [email protected] Sendmail 8.13.5 and below Remote Signal Handling exploit usage: rbl4ck-sendmail.py 127.0.0.1 0 25 this exploit was leaked to the PHC Phrack High Council so instead of only letting them have a copy, we figure everyone should have what they have. :-...
DotNetNuke < 9.4.0 - Cross-Site Scripting
Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits a notification page. Exploit Author: MAYASEVEN CVE :...
DropBearSSHD 2015.71 - Command Injection
VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt Johnston References:...
WU-FTPD 2.6.2 - Off-by-One Remote Command Execution
/ wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz Brute-Force function added. / define VERSION "v0.0.3" include include include include include include define DEBUGNG undef DEBUGNG define NRL 0 define SCS 1 define FAD -1 define MAXBF 16 define BFLSZ 0x100 / 256 /...
Samba 2.2.x - Remote Buffer Overflow
!/usr/bin/perl Header Name: trans2root.pl Purpose: Proof of concept exploit for Samba 2.2.x trans2open overflow Author: H D Moore Copyright: Copyright C 2003 Digital Defense Inc. trans2root.pl -t -H -h use strict; use Socket; use IO::Socket; use IO::Select; use POSIX; use Getopt::Std; $SIGUSR2 = ...
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....
Moodle 3.8 - Unrestricted File Upload
Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...
PMB 5.6 - 'chemin' Local File Disclosure
Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure Date: 2020-10-13 Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 Tested on: Ubuntu 18.04.1 The PMB G...
Abusing Token Privileges For LPE
Abusing Token Privileges For LPE. Papers exploit for Windows platform |=-----------------------------------------------------------------------=| |=----------------= Abusing Token Privileges For LPE=------------------=| |=-----------------------------------------------------------------------=|...
SquirrelMail 1.2.x - From Email Header HTML Injection
source: https://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to...
Car Rental Management System 1.0 - SQL Injection / Local File include
Exploit Title: Car Rental Management System 1.0 - SQL Injection / Local File include Date: 22-10-2020 Exploit Author: Mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...
CSE Bookstore 1.0 - Authentication Bypass
Exploit Title: CSE Bookstore Authentication Bypass Date: 27/10/2020 Exploit Author: Alper Basaran Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Windows 10 Enterprise 1909 CSE...
WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting XSS Date: 2021-07-31 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/wappointment.2.2.4.zip Version: 2.2.4 Tested on: Windows Description : Wappointment is prone to Stored Cross...
Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Author: Jair Amezcua Date: 2020-11-10 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/es/advancedsystemcarepro.php Version : 13.0.0.157 Tested on: Windows 10 64bitEN CVE : N/A ...
MiniCMS 1.10 - 'content box' Stored XSS
Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS Date: 2019-7-4 Exploit Author: yudp Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:https://github.com/bg5sbk/MiniCMS Version: 1.10 CVE :CVE-2019-13339 Payload:alert"3: "+document.domain In /MiniCMS/mc-admin/page-edit.php POC...
PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion
source: https://www.securityfocus.com/bid/30707/info PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of t...
Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...
User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection
Exploit Title: User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection Date: 2020–11–14 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://phpgurukul.com Software Link:...
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
!/usr/bin/python3 Exploit Title: ManageEngine Applications Manager 14700 - Remote Code Execution Authenticated Google Dork: None Date: 2020-09-04 Exploit Author: Hodorsec Vendor Homepage: https://manageengine.co.uk Vendor Vulnerability Description:...
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Exploit Author: ABDO10 Date : Jan - 28 - 2021 Google Dork : inurl:"/wp-content/plugins/super-forms/" Vendor Homepage : https://renstillmann.github.io/super-forms// Version : All = 4.9.X data in http...