47904 matches found
WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/angwp Date: 23/12/2020 Exploit Author: spacehen Vendor Homepage: http://adning.com/ Version: spacehen www.lunar.sh" def printusage: print"Usage: python3 exploit.py target url ph...
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
Exploit Title: INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Date: 2020-07-23 Exploit Author: Patrick Hener, SySS GmbH Many credits go to Dr. Benjamin Heß, SySS GmbH for helping with php oddities and the powershell payload Advisory: SYSS-2020-028...
Barangay Management System 1.0 - Authentication Bypass
Exploit Title: Barangay Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-07-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/13484/barangay-management-system.html Software Link:...
Online Shopping Portal 3.1 - Authentication Bypass
Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Date: 2020-06-25 Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to following url!...
HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
Exploit Title: HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-02-14 Vendor Homepage:https://www8.hp.com/mx/es/home.html Software Link:ftp://ftp.hp.com/pub/softpaq/sp70001-70500/sp70439.exe HP Development Company, L.P. Tested Version:...
Hostel Management System 2.0 - 'id' SQL Injection
Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Google Dork: intitle: "Hostel management system" Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-system/ Version: v2.0 Tested on: Windows CVE...
WebERP 4.15 - SQL injection
Exploit Title: Blind SQL injection in WebERP. Date: June 10, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unserialize function. It can be deserialize...
Microsoft Edge Chakra - 'InitClass' Type Confusion
/ Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value; function main for let i = 0; i 2000; i++ let o = a: ...
Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape', 'Description' = %q This module abuses a process creation...
Apache Tomcat - 'WebDAV' Remote File Disclosure
!/usr/bin/perl Apache Tomcat Remote File Disclosure Zeroday Xploit kcdarookie aka eliteb0y / 2007 thanx to the whole team & andi : +++KEEP PRIV8+++ This Bug may reside in different WebDav implementations, Warp your mind! +You will need auth for the exploit to work... use IO::Socket; use...
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...
GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Date: 30/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content ...
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Exploit Title: Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting XSS Google Dork: inurl:metform-form intext:textarea|message Date: 14/01/2023 Exploit Author: Mohammed Chemouri https://de.linkedin.com/in/chemouri Vendor Homepage:...
Canteen-Management v1.0 - XSS-Reflected
Exploit Title: Canteen-Management v1.0 - XSS-Reflected Exploit Author: nu11secur1ty Date: 10.04.2022 Vendor: Free PHP Projects & Ideas with Source Codes for Students | mayurik Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayurik/2022/Canteen-Management/Docs...
Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html...
Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Church Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Date: 2021-09-20 Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
Exploit Title: TerraMaster TOS 4.2.06 - RCE Unauthenticated Date: 12/12/2020 Exploit Author: IHTeam Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ Vendor Homepage: https://www.terra-master.com/ Version: " /usr/www/"+shellfilename+" &&...
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
Exploit Title: Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow SEH Egghunter Date: 2020-07-24 Exploit Author: MasterVlad Vendor Homepage: http://www.frigate3.com/ Software Link: http://www.frigate3.com/download/frigate3pro.exe Version: 3.36.0.9 Vulnerability Type: Local Buffer Overflo...
PHP 7.4 FFI - 'disable_functions' Bypass
?php / FFI Exploit - uses 3 potential BUGS. PHP was contacted and said nothing in FFI is a security issue. Able to call system$cmd without using FFI::load or FFI::cdefs BUG 1 maybe intended, but why have any size checks then? no bounds check for FFI::String when type is ZENDFFITYPEPOINTER...
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below Teste...
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload', 'Description' = %q This module exploits a directory traversal vulnerability...
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 72 and 73 Array.map exploit', 'Description' = %q This module exploits an issue in Chrome 73.0.3683.86 64 bit. The exploit corrupts...
Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution
Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x Advisory ID: ZSL-2019-55...
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
/ raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...
Intel Active Management Technology - System Privileges
!/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-5689 = dork="Server: IntelR Active Management Technology" port:"16992", ports= 623, 664, 16992, 16993, 16994, 16995 products= Active Management Technology AMT, Intel Standard Manageability ISM, Intel Small Business Technology SBT versio...
Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1)
/ linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist. EDB Note: Update...
Microsoft Windows Server - Universal Code Execution (MS08-067)
MS08-067 Exploit for CN by EMM exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6841.rar 2008-MS08-067.rar milw0rm.com 2008-10-26...
Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/17438/info Guestbook is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the...
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote attackers to embed SQL commands which are to be passed to the...
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow
/ source: https://www.securityfocus.com/bid/5363/info A buffer-overflow vulnerability has been reported in some versions of OpenSSL. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. A malicious client may be able to exploit this vulnerability ...
PandoraFMS 7.0NG.772 - SQL Injection
Exploit Title: PandoraFMS 7.0NG.772 - SQL Injection Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link: https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafmsagentlinux-7.0NG.772.tar.gz Version: v7.0NG.772 Tested on: Linux...
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and...
Wondershare Dr Fone 12.9.6 - Privilege Escalation
Exploit Title: Wondershare Dr Fone 12.9.6 - Privilege Escalation Date: 14 March 2023 Exploit Author: Thurein Soe Vendor Homepage: https://drfone.wondershare.com Software Link: https://mega.nz/file/ZFd1TZIRe2WfCXryaH08C3VNGZH1yAIG6DU01p-MrDooq529I Version: Dr Fone version 12.9.6 Tested on: Window ...
Pega Platform 8.1.0 - Remote Code Execution (RCE)
Exploit Title: Pega Platform 8.1.0 - Remote Code Execution RCE Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.3.7 Tested on: Red Hat...
System Mechanic v15.5.0.61 - Arbitrary Read/Write
/ Exploit Title: System Mechanic v15.5.0.61 - Arbitrary Read/Write Date: 26-09-2022 Exploit Author: Brandon Marshall Vendor Homepage: https://www.iolo.com/ Tested Version - System Mechanic version 15.5.0.61 Driver Version - 5.4.11 - amp.sys Tested on OS - 64 bit Windows 10 18362 Fixed Version -...
Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH)
Exploit Title: EtherMP3CDBurner 1.3.8 - Buffer Overflow SEH Date: 24.09.2021 Software Link: https://mp3-avi-mpeg-wmv-rm-to-audio-cd-burner.software.informer.com/download/?caa8ec-1.2 Software Link 2: https://anonfiles.com/X2Ff36J6ue/ethercdburnerexe Exploit Author: Achilles Tested Version: 1.3.8...
Usermin 1.820 - Remote Code Execution (RCE) (Authenticated)
Title: Usermin 1.820 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: =1820 https://www.youtube.com/watch?v=wiRIWFAhz24 !/usr/bin/python3 -- coding: utf-8 -...
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd...
Adobe Connect 10 - Username Disclosure
Title: Adobe Connect 10 - Username Disclosure Author: h4shur date:2021-02-07 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 10 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : By adding...
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)
Exploit Title: 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow SEHROP Date: 2020-03-30 Exploit Author: Hodorsec Version: 9.03 Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe Vendor Homepage: https://www.10-strike.com Teste...
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
Excploit Title: Microtik SSH Daemon 6.44.3 - Denial of Service PoC Author: Hosein Askari Date: 2020-03-18 Vendor Homepage: https://mikrotik.com/ Model: hAP lite Processor architecture: smips Affected Version: through 6.44.3 CVE: N/A Description: An uncontrolled resource consumption vulnerability ...
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Date: 2020-03-05 Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link: http://www.sumavision.com/ensite/i.php?id=29 Version: EMR 3.0.4.27 CVE : CVE-2020-10181...
SpotIM 2.2 - 'Name' Denial Of Service
Exploit Title: SpotIM 2.2 - 'Name' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotimsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
Canon PRINT 2.5.5 - Information Disclosure
Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
While fuzzing Spidermonkey, I encountered the following commented and modified JavaScript program which crashes debug builds of the latest release version of Spidermonkey from commit https://github.com/mozilla/gecko-dev/commit/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c: function O1 this.s = 'foobar...
Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection
Exploit Title: Joomla! Component vAccount 2.0.2 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/financial/cost-calculators/vaccount/ Version: 2.0.2 Category: Webapps Test...