47884 matches found
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
Exploit Title: Voting System 1.0 - File Upload RCE Authenticated Remote Code Execution Date: 19/01/2021 Exploit Author: Richard Jones Vendor Homepage:https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Life Insurance Management System 1.0 - Multiple Stored XSS
Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS Date: 4/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version: 1.0...
Alumni Management System 1.0 - "Course Form" Stored XSS
Exploit Title: Alumni Management System 1.0 - "Course Form" Stored XSS Exploit Author: Aakash Madaan Date: 2020-12-10 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...
Content Management System 1.0 - 'First Name' Stored XSS
Exploit Title:Content Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...
Artica Proxy 4.3.0 - Authentication Bypass
Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass Google Dork: N/A Date: 2020-08-13 Exploit Author: Dan Duffy Vendor Homepage: http://articatech.net/ Software Link: http://articatech.net/download2x.php?IsoOnly=yes Version: 4.30.00000000 REQUIRED Tested on: Debian CVE : CVE-2020-17506 impo...
webERP 4.15.1 - Unauthenticated Backup File Access
Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
Exploit Title: I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://www.revotec.com/ Product Link: CVE: N/A !/usr/bin/perl Revotech I6032B-P POE 1920x1080P 2.0MP Outdoor Camera Remote Configuration Disclosure Copyright 2020 c Tod...
Liferay CE Portal 6.0.2 - Remote Command Execution
Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link: https://sourceforge.net/projects/lportal/files/Liferay%20Portal/6.0.2/...
TextCrawler Pro3.1.1 - Denial of Service (PoC)
Exploit Title: TextCrawler Pro3.1.1 - Denial of Service PoC Date: 2020-05-01 Vendor Homepage:https://www.digitalvolcano.co.uk/index.html Software Link: https://www.digitalvolcano.co.uk/download/TextCrawlerPro=setup.exe Exploit Author: Achilles Tested Version: 3.1.1 Tested on: Windows 7 x64 1.- Ru...
Crystal Live HTTP Server 6.01 - Directory Traversal
Title: Crystal Live HTTP Server 6.01 - Directory Traversal Date of found: 2019-11-17 Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- GET...
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Exploit Title: Joomla! component comjssupportticket - Authenticated SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Date: 10.08.19 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.6 Tested on:...
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Unauthenticated Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added by Redis 4.x and...
phpMyAdmin 4.8 - Cross-Site Request Forgery
Exploit Title: Cross Site Request Forgery CSRF Date: 11 June 2019 Exploit Author: Riemann Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: 4.8 Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:4.8 CVE ...
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its execution 1. With this, it is then possible for the compiler to determine whether there...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before...
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (1)
// EDB Note: Source https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 // EDB Note: Source https://github.com/bindecy/HugeDirtyCowPOC // Author Note: Before running, make sure to set transparent huge pages to "always": // echo always | sudo tee...
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)
/ dirtyc0w.c $ sudo -s echo this is not a test foo chmod 0404 foo $ ls -lah foo -r-----r-- 1 root root 19 Oct 20 15:23 foo $ cat foo this is not a test $ gcc -pthread dirtyc0w.c -o dirtyc0w $ ./dirtyc0w foo m00000000000000000 mmap 56123000 madvise 0 procselfmem 1800000000 $ cat foo...
Cisco ASA / PIX - 'EPICBANANA' Local Privilege Escalation
Exploit Title: Cisco ASA / PIX - Privilege Escalation EPICBANANA Date: 19-08-2016 Exploit Author: Shadow Brokers Vendor Homepage: http://www.cisco.com/ Full Exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40271.zip...
IBM Cognos - 'tm1admsd.exe' Remote Overflow (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'IBM Cognos...
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML o...
Weblogicnet - 'files_dir' Multiple Remote File Inclusions
Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-02.txt Greetz:...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...
Spid 1.3 - 'lang_path' File Inclusion
source: https://www.securityfocus.com/bid/14208/info SPiD is a gallery management application written in PHP. SPiD is prone to a remote file include vulnerability, due to lack of validation of user input. An attacker may leverage this issue to execute arbitrary server-side script code on an...
Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation
/ Linux kernel ptrace/kmod local root exploit This code exploits a race condition in kernel/kmod.c, which creates kernel thread in insecure manner. This bug allows to ptrace cloned process, allowing to take control over privileged modprobe binary. Should work under all current 2.2.x and 2.4.x...
e107 v2.3.2 - Reflected XSS
Exploit Title: e107 v2.3.2 - Reflected XSS Date: 11/05/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.2 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1...
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow
Exploit Title: Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow Exploit Date: 22.01.2023 Discovered and Written by: Knursoft Vendor Homepage: https://www.rockstargames.com/ Version: v1.1 Tested on: Windows XP SP2/SP3, 7, 10 21H2 CVE : N/A 1 - Run this python script to generate...
Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 12 July 2021 Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14858/invoice-system-using-phpoop-free-source-code.html Tested...
Piwigo 11.3.0 - 'language' SQL
Exploit Title: Piwigo 11.3.0 - 'language' SQL Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty Debug:...
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc.c - Solaris/SPARC FMT PoC...
PHPKB Multi-Language 9 - Authenticated Directory Traversal
Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on:...
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
!/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Siz...
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'reportsid' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/...
Pandora 7.0NG - Remote Code Execution
Exploit Title: Pandora 7.0NG - Remote Code Execution Date: 2019-11-14 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2019-20224 Vendor Homepage: https://pandorafms.org/ Software link: https://pandorafms.org/features/free-download-monitoring-software/ Version: v7.0NG Tested on: CentOS 7.3 / PHP...
WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path
Exploit Title : WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path Date : 2019-10-15 Exploit Author : Cakes Vendor: Softalk Version : 7.5.1 Software: http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3 Tested on Windows 10 CVE : N/A c:\sc qc WorkgroupMail SC...
docPrint Pro 8.0 - SEH Buffer Overflow
import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe...
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76 CVE : 2019-14974 The application fails to sanitiz...
WordPress Plugin Form Maker 1.13.3 - SQL Injection
-- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Date: 22-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link: https://wordpress.org/plugins/form-maker/ Version: 1.13.3 Tested on: Ubuntu 18.04 CVE :...
Google Chrome < M72 - FileWriterImpl Use-After-Free
There's a use-after-free in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in https://cs.chromium.org/chromium/src/thirdparty/blink/public/mojom/filesystem/filewriter.mojom?type=cs&sq=package:chromium&g=0...
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...
lighttpd 1.4.31 - Denial of Service (PoC)
!/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested on: Debian Linux, Gentoo Linux, Arch...
DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit)
$Id: ddwrtcgibinexec.rb 9719 2010-07-07 17:38:59Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
SCO UnixWare Merge - 'mcd' Local Privilege Escalation
/ 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local Root Exploit By qaaz / include include include include include include define TARGET "/usr/lib/merge/mcd" define DIR "/proc/%d/object", getpid define BIN "a.out" define LNK "hrc;"...
AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)
Exploit Title: AmazCart CMS 3.4 - Cross-Site-Scripting XSS Date: 17/01/2023 Exploit Author: Sajibe Kanti Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link: https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179 Version: 3.4 Tested on: Live Demo Demo...
ProLink PRS1841 PLDT Home fiber - Default Password
Exploit Title: Router backdoor - ProLink PRS1841 PLDT Home fiber Date: 12/8/2022 Exploit Author: Lawrence Amer @zux0x3a Vendor Homepage: https://prolink2u.com/product/prs1841/ Firmware : PRS1841 U V2 research:...
Aruba Instant (IAP) - Remote Code Execution
import socket import sys import struct import time import threading import urllib3 import re import telnetlib import xml.etree.ElementTree as ET import requests urllib3.disablewarnings CONTINUERACE = True SNPRINTFCREATEFILEMAXLENGTH = 245 def racepapimessageip: global CONTINUERACE payload =...
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
Exploit Title: Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service PoC + SEH Overwrite Date: 2020-07-20 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/463c9e7fe9a39888d3c01bc9ad756bba-UpSetup.exe Version: 3.5 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Sad...
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
Exploit Title: Dameware Remote Support 12.1.1.273 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-13 Vulnerable Software: Solarwinds Dameware Remote Support 12.1.1.273 Vendor Homepage: https://www.solarwinds.com/ Version: 12.1.1.273 Software Link:...
Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting
Exploit Title: Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting Exploit Author: gurbanli Date: 2020-05-13 Vendor Homepage: https://www.sellacious.com Version: 4.6 Software Link: https://www.sellacious.com/free-open-source-ecommerce-software Document Title: =============== Sellacious...