47904 matches found
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on TCP/81 CVE ID: CVE-2018-10088 DISCLAIMER: Thi...
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScriptum' Remote Code Execution
!/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit a.k.a "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 +...
Red Hat JBoss EAP - Deserialization of Untrusted Data
Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untrusted data via the JMX Invoker Servlet. This can lead to a...
Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Portable UPnP SDK uniqueservicename...
Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)
$Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft IIS - ASP Stack Overflow (MS06-034)
include include / Microsoft IIS ASP Stack Overflow ExploitMS06-034 by cocoruderfrankruderathotmail.com,2006/7/13 page:http://ruder.cdut.net/default.asp successfully test on Windows 2000 Server SP4+IIS5.0, On Windows 2003 Server+IIS6.0,because the new SEH protection mechanisms, you should set the...
Multiple Vendor - TCP Sequence Number Approximation (4)
source: https://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to more easily approximate TCP sequen...
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)
/ E-DB Note: Updated exploit https://www.exploit-db.com/exploits/47080 E-DB Note: Updating OpenFuck Exploit http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ OF version r00t VERY PRIV8 spabam Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free ...
Smart School v1.0 - SQL Injection
Exploit Title: Smart School v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/smart-school-school-management-system/19426018 Demo Site: https://demo.smart-school.in Tested on: Kali Linux CVE: N/A Request POST /course/filterRecords/ HTTP/1....
Screen SFT DAB 600/C - Authentication Bypass Account Creation
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Compro Technology IP Camera - 'Multiple' Credential Disclosure
Exploit Title: Compro Technology IP Camera - 'Multiple' Credential Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40380 There are unauthorized acce...
Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection Authenticated Date: 04-03-2021 Exploit Author: Deepak Kumar Bharti Vendor Homepage: https://www.sourcecodester.com Software Download Link:...
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
Exploit Title: Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/11238/sales-and-inventory-system-grocery-store.html Software Link:...
Victor CMS 1.0 - File Upload To RCE
Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...
Socket.io-file 2.0.31 - Arbitrary File Upload
Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload Date: 2020-07-02 Exploit Author: Cr0wTom Vendor Homepage: https://www.npmjs.com/package/socket.io-file Software Link: https://www.npmjs.com/package/socket.io-file/v/2.0.31 Version: = v2.0.31 Tested on: node v10.19.0, Socket.io-file...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome https://www.domoticz.com/wiki/ImperiHome https://docs.imperihome.com/app/iss Affected version: 0.2.40...
Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
Title: Launch Manager 6.1.7600.16385 'DsiWMIService' Unquoted Service Path Author: Gustavo Briseño Date: 2019-11-03 Vendor Homepage: https://www.acer.com/ Software Link:...
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple Vulnerabilities Date: 14/06/2019 Author: Alex Akinbi Twitter: @alexakinbi 1...
ProShow 9.0.3797 - Local Privilege Escalation
!/usr/bin/python coding:utf-8 Exploit Title: ProShow v9.0.3797 Local Exploit Exploit Author: @YonatanCorrea website with details: https://risataim.blogspot.com/2019/06/exploit-local-para-proshow.html Vendor Homepage: http://www.photodex.com/ProShow Software Link:...
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting
Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho ManageEngine ServiceDesk Plus 9.3 CVE :...
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Date: 12/04/2018 Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected Versions: KACE SMA versions prior to 9.0.270 PATCH SEC201820180410 Tested on:...
Redis 5.0 - Denial of Service
Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the xgroupCommand function in tstream.c in...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer Overflow Exploitation Acknowledgments...
ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection
ABB Cylon Aspect 3.08.03 CookieDB SQL Injection Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable building energy management and control soluti...
PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
Exploit Title: PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery CSRF Date: 2024-07-01 Exploit Author: Vuln Seeker Cybersecurity Team Vendor Homepage: https://wordpress.org/plugins/pz-frontend-manager/ Version: = 1.0.5 Tested on: Firefox Contact me: [email protected] The...
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
Exploit Title: Container Breakout with NVIDIA Container Toolkit Date: 17/02/2025 Exploit Author: r0binak Software Link Homepage: https://github.com/NVIDIA/nvidia-container-toolkit Version: 1.16.1 Tested on: NVIDIA Container Tooklit 1.16.1 CVE: CVE-2024-0132 Description: NVIDIA Container Toolkit...
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
Exploit Title: ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting XSS Date: 2023-03-30 CVE: CVE-2023-26692 Exploit Author: Abdulaziz Saad @b4zb0z Vendor Homepage: https://www.zcbs.nl Version: 4.14k Tested on: LAMP, Ubuntu Google Dork: inurl:objecten.pl?ident=3D --- Vulnerability : $GET'ident'...
Roxy WI v6.1.0.0 - Improper Authentication Control
Exploit Title: Roxy WI v6.1.0.0 - Improper Authentication Control Date of found: 21 July 2022 Application: Roxy WI = v6.1.0.0 Author: Nuri Çilengir Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Advisory:...
rconfig 3.9.7 - Sql Injection (Authenticated)
Exploit Title: rconfig 3.9.7 - Sql Injection Authenticated Exploit Author: azhen Date: 10/12/2022 Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: " sys.exit1 host=sys.argv1 Enter the hostname def getdatahost: print"+ Get db data..." vulur...
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
Exploit Title: NEX-Forms WordPress plugin =5.0.12 AND time-based blind query SLEEP Payload: page=nex-forms-dashboard&formid=1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...
Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...
GLPI 9.4.5 - Remote Code Execution (RCE)
Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...
WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Bastijn Ouwendijk Vendor Homepage: https://reservationdiary.eu/ Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ Version: 21.03...
LayerBB 1.1.4 - 'search_query' SQL Injection
Exploit Title: LayerBB 1.1.4 - 'searchquery' SQL Injection Date: 2021-02-19 Exploit Author: Görkem Haşin Version: 1.1.4 Tested on: Linux/Windows POST /search.php HTTP/1.1 Host: Target Payload: searchquery=Lffd' AND 8460=SELECT CASE WHEN 8460=8460 THEN 8460 ELSE SELECT 1560 UNION SELECT 2122 END--...
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
Exploit Title: WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/digital-publications-by-supsystic.1.6.9.zip Version: 1.6...
Resumes Management and Job Application Website 1.0 - Authentication Bypass
Exploit Title: Resumes Management and Job Application Website 1.0 - Authentication Bypass Sql Injection Date: 2020-12-27 Exploit Author: Kshitiz Raj manitorpotterk Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/...
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version: Flexmonster Pivot Table & Charts 2.7.17 Tested on: Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20139...
vCloud Director 9.7.0.15498291 - Remote Code Execution
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)
Exploit Title: Rubo DICOM Viewer 2.0 - Buffer Overflow SEH Exploit Author: bzyo Date: 2020-04-17 Vulnerable Software: Rubo Medical Imaging - DICOM Viewer 2.0 Vendor Homepage: http://www.rubomedical.com/ Version: 2.0 Software Link : http://www.rubomedical.com/download/index.php Tested Windows 7 SP...
Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution
Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link: https://engindemirbilek.github.io/centreon-19.10-rce Corresponding pull...
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2020-03-02 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 CVE:CVE-2020-7991 Category: Webapps Tested on:...
BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)
Exploit Title: BOOTP Turbo 2.0 - Denial of Service SEHPoC Exploit Author: boku Date: 2020-01-22 Software Vendor: Wierd Solutions Vendor Homepage: https://www.weird-solutions.com Software Link: https://www.weird-solutions.com/download/products/bootptdemoIA32.exe Version: BOOTP Turbo x86 Version 2....
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)
Exploit: AVE DOMINAplus 1.10.x - Cross-Site Request Forgery enable/disable alarm Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5547 Advisory URL:...
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow
Details ======= An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex and getFromName methods of ZipArchive, resulting in a heap overflow. php-7.0.5/ext/zip/phpzip.c ,---- | 2679 static void phpzipgetfromINTERNALFUNCTIONPARAMETERS, int type / / |...
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation
/ based on the exploit by SynQ Modified PoC for CVE-2013-1763 with SMEP bypass Presentation: Practical SMEP Bypass Techniques on Linux Vitaly Nikolenko [email protected] Target: Linux ubuntu 3.5.0-23-generic 35precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x8664 x8664 x8664 GNU/Linux gcc...
Fuse 2.9.3-15 - Local Privilege Escalation
Source: https://gist.github.com/taviso/ecb70eb12d461dd85cba Tweet: https://twitter.com/taviso/status/601370527437967360 Recommend Reading: http://seclists.org/oss-sec/2015/q2/520 YouTube: https://www.youtube.com/watch?v=V0i3uJJPJ88 Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet...
Microsoft Windows Server - Code Execution (PoC) (MS08-067)
In vstudio command prompt: mk.bat next: attach debugger to services.exe 2k or the relevant svchost xp/2k3/... net use \IPADDRESS\IPC$ /user:user creds die \IPADDRESS \pipe\srvsvc In some cases, /user:"" "", will suffice i.e., anonymous connection You should get EIP - 00 78 00 78, a stack overflow...
WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...