47904 matches found
Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)
Exploit Title: Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow SEH DEP Bypass Date: 2018-10-08 Exploit Author: Matteo Malvica Vendor: Cleanersoft Software Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested Version: 2.8 Tested on OS: Windows 7 -...
Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer...
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...
360 3.5.0.1033 - Sandbox Escape
360 3.5.0.1033 - Sandbox Escape. Local exploit for Windows platform Exploit Title: 360 3.5.0.1033 - Sandbox Escape Date: 2018-10-08 Exploit Author: vrsystem Vendor Homepage: https://www.360.cn/ Software Link: https://dl.360safe.com/360/inst.exe Version: 3.5.0.1033 Tested on: 3.5.0.1033 CVE : None...
net-snmp 5.7.3 - (Unauthenticated) Denial of Service (PoC)
Exploit Title: net-snmp 5.7.3 - Unauthenticated Denial of Service PoC Date: 2018-10-08 Exploit Author: Magnus Klaaborg Stubman Website: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos Vendor Homepage: http://www.net-snmp.org/ Software Link:...
Linux - Kernel Pointer Leak via BPF
/ Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if srcreg-type != SCALARVALUE if dstreg-type != SCALARVALU...
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB http api remote code execution', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...
Android - sdcardfs Changes current->fs Without Proper Locking
Tested on a Pixel 2 walleye: ro.build.abupdate: true ro.build.characteristics: nosdcard ro.build.date: Mon Jun 4 22:10:18 UTC 2018 ro.build.date.utc: 1528150218 ro.build.description: walleye-user 8.1.0 OPM2.171026.006.G1 4820017 release-keys ro.build.display.id: OPM2.171026.006.G1...
net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
/ | | | / / | | -| || -| | | . | ||/ ||||| ||||||| | || 2018-10-08 NET-SNMP REMOTE DOS =================== Second bug is remotely exploitable only with knowledge of the community string in this case "public" leading to Denial of Service: echo -n...
Navigate CMS - (Unauthenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...
Imperva SecureSphere 13 - Remote Command Execution
Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Date: 2018-10-08 Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS is a component in SecureSphere v13, which consists...
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0, Websocket/13 RFC 6455 Affected firmware version: V1.01-0bb5b27...
Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Date: 201-10-04 Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-u...
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Linux/MIPS Big Endian - execve/bin/sh + Reverse TCP 192.168.2.157/31337 Shellcode 181 bytes. Shellcode exploit for LinuxMIPS platform / Linux/MIPS Big Endian - execve/bin/sh + Reverse TCP 192.168.2.157/31337 Shellcode 181 bytes Author: cq674350529 Date: 2018-10-07 - execve'/bin/sh', tcp -...
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
Exploit Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: https://www.flir.com Link: https://www.flir.com/security/best-practices-for-cybersecurity/ CVE: N/A Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...
Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS:...
Git Submodule - Arbitrary Code Execution (PoC)
These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0010 Advisory URL:...
Chamilo LMS 1.11.8 - Cross-Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-05 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS: Kali Linux...
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery Add Admin Author: Cakes Discovery Date: 2018-10-01 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CV...
ISPConfig < 3.1.13 - Remote Command Execution
Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...
virtualenv 16.0.0 - Sandbox Escape
Exploit Title: virtualenv 16.0.0 - Sandbox Escape Date: 2018-10-02 Exploit Author: vrsystem Vendor Homepage: https://virtualenv.pypa.io/en/stable/ Software Link: https://virtualenv.pypa.io/en/stable/ Version: 16.0.0 Tested on: kali linux CVE : CVE-2018-17793 1 Install root@kali:pip install...
Cisco Prime Infrastructure - (Unauthenticated) Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Unauthenticated Remote Code Execution', 'Description' = %q Cisco Prime Infrastructure CPI contains two basic flaws that...
LayerBB Forum 1.1.1 - 'search_query' SQL Injection
Exploit Title: LayerBB Forum 1.1.1 - 'searchquery' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-04 Vendor Homepage: https://layerbb.com/ Software Link: https://demo.layerbb.com/ Version: 1.1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 POST /search.php...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
Title: NICO-FTP 3.0.1.19 - Buffer Overflow SEHASLR Date: 2018-10-04 Platforms: Windows Author: Miguel Mendez Z Vendor: Nico-FTP Version: 3.0.1.19 Tested on: Windows XPsp3 es/ Windows 7x86 eng !/usr/bin/python import struct Bad Byte: \x0a\x0b\x0c\x0d\x0e\x0f\x5d happy =...
Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)
Linux/x86 - execve/bin/sh + NOT/SHIFT-N/XOR-N Encoded Shellcode 50 byes. Shellcode exploit for Linuxx86 platform / Title: Linux\x86 NOT +SHIFT-N+ XOR-N + encoded /bin/sh Shellcode 50 byes Author: Pedro Cabral Purpose: spawn /bin/sh shell Tested On: Ubuntu 16.04.01 LTS Arch: x86 Size: 50 bytes...
Zechat 1.5 - 'uname' SQL Injection
Exploit Title: Zechat 1.5 - 'uname' SQL Injection Exploit Author: Ihsan Sencan Date: 2018-10-02 Dork: N/A Vendor Homepage: https://bylancer.com/ Software Link: https://bylancer.com/products/zechat-php-script/index.php Version: 1.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442,...
RICOH MP C1803 JPN Printer - Cross-Site Scripting
Exploit Title: RICOH MP C1803 JPN Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.co.jp/mfp/mpc/1803/ Software : RICOH Printer Product Version: MP C1803 JPN Vulernability Type : Code Injectio...
FTP Voyager 16.2.0 - Denial of Service (PoC)
Exploit Title: FTP Voyager 16.2.0 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-10-2 Vendor notified : 2018-10-2 Homepage: https://www.serv-u.com/ Software Link: https://www.serv-u.com/ftp-voyager Tested Version: 16.2.0 Tested on OS: Windows XP Professional sp3 ENG Steps to...
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
Exploit Title: Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-03 Vendor Homepage: https://janguo.de/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/ Software...
Coaster CMS 5.5.0 - Cross-Site Scripting
Exploit Title: Coaster CMS 5.5.0 - Cross-Site Scripting Date: 2018-10-01 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.web-feet.co.uk/ Software Link : https://github.com/Web-Feet/coastercms Software : Coaster CMS Product Version: v5.5.0 Vulernability Type : Cross-site Scripting...
OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection
Exploit Title: OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection Dork: inurl:"index.php?scelta=campi" Date: 2018-10-02 Exploit Author: Dino Barlattani Vendor Homepage: http://www.nexusfi.it/ Software Link: http://www.nexusfi.it/easyweb.php Version: 5.7 Category: Webapps Platform: PHP CVE: N/A POC:...
OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
Exploit Title: OPAC EasyWeb Five 5.7 - 'nome' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-02 Vendor Homepage: http://www.nexusfi.it/ Software Link: http://www.nexusfi.it/easyweb.php Version: 5.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 POST...
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
/ CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target, it requires modifications! Compile with: gcc -fpic -O0 -std=c99 -Wall...
Binary MLM Software 1.0 - 'pid' SQL Injection
Exploit Title: Binary MLM Software 1.0 - 'pid' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://mlmsoftwarez.in/ Software Link: http://mlmdemo.biz/binary/root.html Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC:...
Fork CMS 5.4.0 - Cross-Site Scripting
Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type : Code Injection Vulenrability : HTML...
WUZHICMS 2.0 - Cross-Site Scripting
Title: WUZHICMS 2.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-10-01 Vendor: http://www.wuzhicms.com Software: WUZHICMS 2.0 CVE: CVE-2018-17832 Technical Details & Description: A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0 web-application. The...
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Exploit Title: ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/asset-explorer/ Software : ZOHO Corp ManageEngine AssetExplorer 6.2.0 Produc...
Snes9K 0.0.9z - Denial of Service (PoC)
Exploit Title: Snes9K 0.0.9z - Denial of Service PoC Date: 2018-09-28 Exploit Author: crashmanucoot Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on: Windows 7 Home Premium x86 SPANISH...
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
Exploit Title: Flippa Marketplace Clone 1.0 - 'datestarted' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/15 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-01 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-N/A PO...
Education Website 1.0 - 'subject' SQL Injection
Exploit Title: Education Website 1.0 - 'subject' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/34 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC:...
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on OS: Kali Linux CVE: N/A Description: Improper input...
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Exploit Title: Singleleg MLM Software 1.0 - 'msgid' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://mlmsoftwarez.in/ Software Link: http://mlmdemo.biz/singleleg/root.html Software Link: http://mlmdemo.biz/autopool/root.html Software Link:...
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...
H2 Database 1.4.196 - Remote Code Execution
Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux CVE: N/A This takes...
PCProtect 4.8.35 - Privilege Escalation
Exploit Title: PCProtect 4.8.35 - Privilege Escalation Date: 2018-09-11 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.pcprotect.com/ Vulnerable Software: https://www.pcprotect.com/download Tested on: Windows 7 Enterprise SP1 x64 Description: PCProtect Anti-Virus v4.8....
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
Exploit Title: ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Date: 2018-09-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/desktop-central/ Software : ZOHO Corp ManageEngine Desktop Central 10...