47904 matches found
PHP File Browser Script 1 - Directory Traversal
Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software Link:https://www.hscripts.com/scripts/php/downloads/file-browser-demo.zip Version: 1....
iSmartViewPro 1.5 - 'DDNS' Buffer Overflow
Exploit Title: iSmartViewPro 1.5 - 'DDNS/IP/DID' Buffer Overflow Discovery by: Luis Martinez Discovery Date: 2018-09-03 Vendor Homepage: https://securimport.com/ Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1.5...
Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection
Exploit Title: Simple POS 4.0.24 - 'columns0searchvalue' SQL Injection Google Dork: N/A Date: 2018-08-31 Exploit Author: Renos Nikolaou Software Link: https://codecanyon.net/item/simple-pos-point-of-sale-made-easy/3947976 Vendor Homepage: https://tecdiary.com/ Version: 4.0.24 Tested on: Windows 1...
mooSocial Store Plugin 2.6 - SQL Injection
Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...
Logicspice FAQ Script 2.9.7 - Remote Code Execution
Exploit Title: Logicspice FAQ Script 2.9.7 - Remote Code Execution Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.logicspice.com/products/faq-script Software Link: https://www.logicspice.com/app/webroot/files/document/phpmyfaq-2.9.7.zip Version:...
Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (20 Bytes)
Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 20 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 20 Bytes Date: 2018-08-31 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara Syste...
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
!/usr/bin/python import sys import requests import os import re import readline def usage: print "\nRPi Cam Web Interface Exploit\n" print "Usage: %s http://host/path/to/preview.php \n" % sys.argv0 print "Options: " print " -h, --help Show this help message and exit" print "" sys.exit0 def...
Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)
Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service PoC Date: 2018-09-01 Exploit Author: Ghaaf Vendor Homepage: http://www.microsoft.com Version: Windows 7x86/x64 Tested on: 6.1.7601 Service Pack 1 Build 7601 CVE: N/A buffer = '' buffer +=...
Online Quiz Maker 1.0 - 'catid' SQL Injection
Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php Software Link:https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip Version: 1.0 Category:...
FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
Title: FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection Author: hyp3rlinx Date: 2018-09-01 Vendor: www.eventlogxp.com Software: https://eventlogxp.com/download.php Affected Component: elex.exe CVE: N/A Description: Upon opening a specially crafted .ELX file in Event Log...
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Date: 2018-09-01 Vendor Homepage: https://www.admidio.org/ Software Link: https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download Version: 3.3.5 Tested on: PHP CVE...
Wikipedia 12.0 - Denial of Service (PoC)
Exploit Title: Wikipedia 12.0 - Denial of Service PoC Date: 9/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/en-us/p/wikipedia/9wzdncrfhwm4?activetab=pivot%3aoverviewtab Version: 12.0 Tested on: Windows 10 Proof of Concept: Run the python scrip...
Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)
Exploit Title: Visual Ping 0.8.0.0 - 'Host' Denial of Service PoC Date: 2018-08-30 Exploit Author: Uriel Corral Salinas Vendor Homepage: http://www.itlights.com Software Link: http://www.scanwith.com/download/FreeVisualPing.htm Version: Free Visual Ping Version 0.8.0.0 Tested on: Windows 10 Pro x...
D-Link DIR-615 - Denial of Service (PoC)
Exploit Title: D-Link DIR-615 - Denial of Service PoC Date: 2018-08-09 Vendor Homepage: http://www.dlink.co.in Hardware Link: https://www.amazon.in/D-Link-DIR-615-Wireless-N300-Router-Black/dp/B0085IATT6 Version: D-Link DIR-615 Category: Hardware Exploit Author: Aniket Dinda Tested on: Linux kali...
Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)
Exploit Title: Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-02 Vendor Homepage: https://www.symantec.com/ Software Link: https://itunes.apple.com/mx/app/symantec-mobile-encryption/id450235714?mt=8 Tested Version:...
VSAXESS V2.6.2.70 build 20171226_053 - 'Nickname' Denial of Service (PoC)
Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'Nickname' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-08-31 Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link: https://www.visionistech.com/en/vsaxess-desktop-software/ Tested Version:...
Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)
Exploit Title: Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-01 Vendor Homepage: http://www.trendmicro.com.tr/media/ds/virtual-mobile-infrastructure-datasheet-en.pdf Software Link: App Store for iOS...
Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
Exploit Title: Acunetix WVS Reporter 10.0 - Denial of Service PoC Exploit Author: Ali Alipour Date: 2018-08-22 Vendor Homepage : https://www.acunetix.com/ Tested on : Windows 10 - 64-bit Steps to Reproduce Run the python exploit script, it will create a new file with the name "exploit.txt" just...
Network Manager VPNC 1.2.6 - 'Username' Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Network Manager VPNC Username Privilege Escalation', 'Description' = %q This module exploits an injection vulnerability in the Network Manager VP...
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
/ Exploit Title: Argus Surveillance DVR 4.0.0.0 - Privilege Escalation Author: John Page aka hyp3rlinx Date: 2018-08-29 Vendor: Argus Surveillance DVR - 4.0.0.0 Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Tested on: Windows 7 x86 Description: Argus Surveillance DV...
Vox TG790 ADSL Router - Cross-Site Scripting
Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to create a persistent Cross-Site scriptin...
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0.0 CVE: CVE-2018-15844 Description: DamiCMS v6.0.0 allows CSRF to...
Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)
Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-08-30 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara...
DLink DIR-601 - Credential Disclosure
Exploit Title: DLink DIR-601 - Credential Disclosure Google Dork: N/A Date: 2018-06-24 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla Firefox CVE : CVE-2018-12710 1. Description...
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description : Quizlord is prone to Stored Cross Site Scripting...
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
Exploit Title: WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting Google Dork: inurl:"/wp-content/plugins/jibu-pro" Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/jibu-pro.1.7.zip Version: 1.7 Tested on: Kali Linux CVE: N/A Description: Jin...
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link: http://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip Version: v1.0.3 Tested on: Windows 7 - 64-bit...
NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)
Exploit Title: NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-08-30 Vendor Homepage: https://www.networkactiv.com/WebServer.html Software Link: https://www.networkactiv.com/Dev/ Tested Version: 4.0 Pre-Alpha-3.7.2...
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link: http://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip Version: v1.0.3 Tested on: Windows CVE:...
Nord VPN 6.14.31 - Denial of Service (PoC)
Exploit Title: Nord VPN = 6.14.31 - Denial of Service PoC Exploit Author : L0RD borna nematzadeh Contact: [email protected] Date: 2018-08-30 Vendor Homepage : https://nordvpn.com Software link: https://nordvpn.com/download/ Version: = 6.14.31 Tested on: Windows 10 CVE: N/A Steps to...
Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)
Windows/x64 10 - WoW64 Egghunter w00tw00t Shellcode 50 bytes. Shellcode exploit for Windowsx86-64 platform include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd -...
Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes. Shellcode exploit for LinuxMIPS platform / Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Date: 2018-08-10 Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc...
Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes)
Linux/x86 - Bind 1337/TCP Shell /bin/sh + Dual IPv4 and IPv6 Shellcode 146 bytes. Shellcode exploit for Linuxx86 platform / Exploit Title: Linux x86 Dual Network Stack IPv4 and IPv6 Bind TCP Shellcode Date: 2018-08-18 Shellcode Author: Kevin Kirsche Shellcode Repository:...
SIPP 3.3 - Stack-Based Buffer Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the configuration file and parsing the malicious...
HD Tune Pro 5.70 - Denial of Service (PoC)
Exploit Title: HD Tune Pro 5.70 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v5.70 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Date: 2018-08-28 Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on: php7 mysql5 CVE: CVE-2017-1000499 -- Original...
Episerver 7 patch 4 - XML External Entity Injection
Exploit Title: Episerver 7 patch 4 - XML External Entity Injection Google Dork: N/A Date: 2018-08-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.episerver.se/ Version: Episerver 7 patch 4 and below CVE : N/A episploit.py - Blind XXE file read exploit for Episerver 7 patch 4 and below...
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Exploit Title: Easy PhotoResQ 1.0 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...
Trillian 6.1 Build 16 - 'Sign In' Denial of service (PoC)
Exploit Title: Trillian 6.1 Build 16 - "Sign In" Denial of service PoC Discovery by: Jose Miguel Gonzalez Discovery Date; 2018-08-29 Vendor Homepage: https://www.trillian.im/ Software Link: https://www.trillian.im/download/ Tested Version: 6.1 Build 16 Tested on OS: Windows 10 Single Language x64...
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Exploit Title: Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service PoC Discovery by: Samuel Cruz Discovery Date; 2018-08-29 Vendor Homepage: https://www.skype.com/es/business/ Tested Version: 16.0.10730.20053 Tested on OS: Windows 10 Pro x64 es/home/...
R 3.4.4 - Buffer Overflow (SEH)
-------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] Website:...
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
Exploit Title: Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Date: 2018-07-16 WebPage: https://CTRLu.net/ Vendor Homepage: http://www.eaton.com/ Vendor Advisory: http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf Software Link...
Immunity Debugger 1.85 - Denial of Service (PoC)
Exploit Title: Immunity Debugger 1.85 - Denial of Service PoC Author: Gionathan "John" Reale Date: 2018-08-28 Homepage: https://www.immunityinc.com/ Software Link: https://www.immunityinc.com/products/debugger/index.html Tested Version: v1.85 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run...
Fathom 2.4 - Denial Of Service (PoC)
Exploit Title: Fathom 2.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-28 Homepage: https://fathom.concord.org/ Software Link: https://fathom.concord.org/download/ Tested Version: v2.4 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit scrip...
NASA openVSP 3.16.1 - Denial of Service (PoC)
Exploit Title: NASA openVSP 3.16.1 - Denial of Service PoC Exploit Author : L0RD Date: 2018-08-28 Vendor Homepage : https://software.nasa.gov/software/LAR-17491-1 Software link: https://github.com/nasa/OpenVSP Version: 3.16.1 Tested on: Windows 10 CVE: N/A Description : The Vehicle Sketch Pad VSP...
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Exploit Title: ipPulse 1.92 - 'TCP Port' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-08-28 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link: http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability Type: Denial of...
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Software Link: App Store for iOS devices Tested Version: 4.6.01099 Vulnerability Type: Denial of...
Drive Power Manager 1.10 - Denial Of Service (PoC)
Exploit Title: Drive Power Manager 1.10 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v1.10 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Exploit: Argus Surveillance DVR 4.0.0.0 - Directory Traversal Author: John Page aka hyp3rlinx Date: 2018-08-28 Vendor: www.argussurveillance.com Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Description: Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated...
Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)
Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes Date: 2018-08-16 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi...