47904 matches found
Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)
Windows/x64 10 - WoW64 Egghunter w00tw00t Shellcode 50 bytes. Shellcode exploit for Windowsx86-64 platform include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd -...
Instagram App 41.1788.50991.0 - Denial of Service (PoC)
Exploit Title: Instagram App 41.1788.50991.0 - Denial of Service PoC Exploit Author : Ali Alipour Date: 2018-08-25 Vendor Homepage : https://www.instagram.com/ Software Link Download : https://www.microsoft.com/en-us/p/instagram/9nblggh5l9xt?ocid=blitzwindowsblog&activetab=pivot%3aoverviewtab Abo...
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation
Note: PoC will now hijack the print spooler service - spoolsv.exe - as it required less code then hijacking printfilterpipelinesvc.exe, which was shown in the original video demo Description of the vulnerability The task scheduler service has an alpc endpoint, supporting the method...
Microsoft Windows - JScript RegExp.lastIndex Use-After-Free
alert'start'; var vars = ; var r = new RegExp; forvar i=0; i20000; i++ varsi = "aaaaa"; r.lastIndex = "aaaaa"; for...
Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)
Exploit Title: Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-27 Vendor Homepage: https://www.cisco.com/ Software Link : https://software.cisco.com/download/home/286277276/type/280775097/release/6.3.3 Tested Version: 6.3.3...
VirtualBox 5.2.6.r120293 - VM Escape
Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBVA feature works on top of VirtualBox Host-Guest Shared...
CuteFTP 5.0 - Buffer Overflow
Exploit Title: CuteFTP 5.0 - Buffer Overflow Author: Matteo Malvica Date: 2018-08-26 Vendor homepage: www.globalscape.com Software: CuteFTP 5.0.4 XP - build 54.8.6.1 Software Link: http://installer.globalscape.com/pub/cuteftp/archive/english/cuteftp50.exe Tested on: Windows XP Profesional SP3...
Firefox 55.0.3 - Denial of Service (PoC)
Exploit Title: Firefox 55.0.3 - Denial of Service PoC Date: 2018-08-26 Exploit Author: L0RD Vendor Homepage: mozilla.org Software Link: https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/ Version: 55.0.3 Tested on: Windows 10 CVE: N/A Description : An issue was discovered in firefox 55.0.3...
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Exploit Title: Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-26 Vendor Homepage: https://www.trendmicro.com/ense/business/products/user-protection/sps/mobile.html Software Link: App Store for iOS devices...
Libpango 1.40.8 - Denial of Service (PoC)
Exploit Title: Libpango 1.40.8 - Denial of Service PoC Date: 2018-08-06 Exploit Author: Jeffery M Vendor Homepage: https://www.pango.org/ Software Link: http://ftp.gnome.org/pub/GNOME/sources/pango/1.40/pango-1.40.9.tar.xz Version: 1.40.8+ Tested on: Windows 7, Gentoo CVE : CVE-2018-15120 Patch :...
Electron WebPreferences - Remote Code Execution
CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions 3.0.0-beta.6, 2.0.7,...
Adobe Flash - AVC Processing Out-of-Bounds Read
The attached fuzz file causes an out-of-bounds read in AVC processing. To reproduce the issue, put both attached files on a server, and vist: http://127.0.0.1/LoadMP4.swf?file=transpose.mp4 This issue reproduces on Chrome and Firefox for Linux. Proof of Concept:...
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...
LiteCart 2.1.2 - Arbitrary File Upload
Exploit Title: LiteCart 2.1.2 - Arbitrary File Upload Date: 2018-08-27 Exploit Author: Haboob Team Software Link: https://www.litecart.net/downloading?version=2.1.2 Version: 2.1.2 CVE : CVE-2018-12256 1. Description admin/vqmods.app/vqmods.inc.php in LiteCart 2.1.2 allows remote authenticated...
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version:...
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule 'HP Jetdirect Path Traversal Arbitrary Code Execution', 'Description' = %q The module exploits a path traversal via...
Responsive FileManager < 9.13.4 - Directory Traversal
The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...
WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
!-- Wordpress Plainview Activity Monitor RCE + Version: 20161228 and possibly prior + Description: Combine OS Commanding and CSRF to get reverse shell + Author: LydAcric LEFEBVRE + CVE-ID: CVE-2018-15877 + Usage: Replace 127.0.0.1 & 9999 with you ip...
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Gleez CMS 1.2.0 - Cross-Site Request Forgery Add Admin Date: 2018-08-24 Exploit Author: GunEggWang Vendor Homepage: https://gleezcms.org/ Software Link: https://github.com/gleez/cms Version: 1.2.0 CVE : CVE-2018-15845 Description: There is a CSRF vulnerability that can add an...
WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection
Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Date: 2018-08-23 Exploit Author: Renos Nikolaou Software Link: https://wordpress.org/plugins/gift-voucher/ Vendor Homepage: http://www.codemenschen.at/ Version:...
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
!/usr/bin/env python3 coding=utf-8 struts-pwn: Apache Struts CVE-2018-11776 Exploit Author: Mazin Ahmed This code uses a payload from: https://github.com/jas502n/St2-057 import argparse import random import requests import sys try: from urllib import parse as urlparse except ImportError: import...
ManageEngine ADManager Plus 6.5.7 - HTML Injection
Exploit Title: ManageEngine ADManager Plus 6.5.7 - HTML Injection Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Version: 6.5...
UltimatePOS 2.5 - Remote Code Execution
Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Date: 2018-08-22 Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link: https://codecanyon.net/item/saas-superadmin-module-for-ultimatepos-advance/22394431 Version: 2.5...
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)
!/usr/bin/python -- coding: utf-8 -- hook-s3c github.com/hook-s3c, @hooks3c on twitter import sys import urllib import urllib2 import httplib def exploithost,cmd: print "Execute: ".formatcmd ognlpayload = "$" ognlpayload += "memberAccess'allowStaticMethodAccess'=true." ognlpayload +=...
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
Title: Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper session management low privilege users are able to create administrator accoun...
SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)
Exploit Title: SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-23 Vendor Homepage: https://www.skype.com/es/home/ Tested Version: 12.8.487.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10 Pro x...
StyleWriter 4 1.0 - Denial of Service (PoC)
Exploit Title: StyleWriter 4 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-23 Homepage: http://www.editorsoftware.com Software Link: http://www.editorsoftware.com/StyleWriterDownload.php Tested Version: 1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run...
Twitter-Clone 1 - 'code' SQL Injection
Exploit Title: Twitter-Clone 1 - 'code' SQL Injection Date: 2018-08-22 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 vulnerable files : mailactivation.php , stalkers.php , search.php vulnerable parameters : name , code , id...
PCViewer vt1000 - Directory Traversal
Exploit Title: PCViewer vt1000 - Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Date: 2018-07-21 Vendor Homepage: N/A Software Link: http://www.softpedia.com/get/System/File-Management/Pc-Viewer.shtml Affected Version: vt1000 Tested on: Parrot OS CVE : N/A Proof ...
CuteFTP 8.3.1 - Denial of Service (PoC)
Exploit Title : CuteFTP 8.3.1 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : http://www.cuteftp.com/ Software Link Download : https://filehippo.com/downloadcuteftppro/4518/ Tested on : Windows 10 - 64-bit Steps to Reproduce Run the...
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service PoC Author: Dhiraj Mishra Date: 2018-08-23 Software: https://projects-old.gnome.org/epiphany/ Version: 3.28.1 CVE: N/A Tested on: Ubuntu 18 64bit Steps to reproduce: 1. Open epiphany browser 2. Bookmark any random page 3. Then navigat...
Softdisk 3.0.3 - Denial Of Service (PoC)
Exploit Title: Softdisk 3.0.3 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: http://www.ezbsystems.com/ Software Link: https://www.ezbsystems.com/softdisc/download.htm Tested Version: 3.0.3 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the pyth...
Geutebrueck re_porter 16 - Cross-Site Scripting
Exploit Title: Geutebrueck reporter 16 - Cross-Site Scripting Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior 7.8.974.20 CVE-2018-15533 Attack Vectors...
KingMedia 4.1 - File Upload
Exploit Title: KingMedia 4.1 - Remote Code Execution Author: Efren Diaz Exploit Date: 2018-08-15 Software: KingMedia Version: 1.x, 2.x, 3.x, 4.1 Link: https://codecanyon.net/item/king-media-video-image-upload-and-share/7877877 CVE: N/A \n\n"; echo " -target: http://site.com/... required\n"; echo ...
Ghostscript - Multiple Vulnerabilities
http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussion to oss-security. You might recall I...
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation
SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 2017 Summary The Diagnostics Hub Packaging library, used by Windows Standard Collector...
Textpad 7.6.4 - Denial Of Service (PoC)
Exploit Title: Textpad 7.6.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: https://textpad.com Software Link: https://textpad.com/download/v76/win32/txpeng764-32.zip Tested Version: 7.6.4 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the pytho...
ZyXEL VMG3312-B10B - Cross-Site Scripting
Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B10B Tested on: Mozilla Firefox 61.0.2 &...
Easyboot 6.6.0 - Denial Of Service (PoC)
Exploit Title: Easyboot 6.6.0 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: http://www.ezbsystems.com/ Software Link: http://www.ezbsystems.com/easyboot/download.htm Tested Version: 6.6.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the pytho...
Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
Exploit Title: Geutebrueck reporter 7.8.974.20 - Credential Disclosure Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior 7.8.974.20 CVE-2018-15534 PoC GET...
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
Exploit Title : UltraISO 9.7.1.3519 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : https://www.ultraiso.com Software Link Download : https://www.ultraiso.com/download.html Tested on : Windows 10 - 64-bit Steps to Reproduce Run the pyth...
Project64 2.3.2 - Buffer Overflow (SEH)
Exploit Title: Project64 2.3.2 - Local BufferOverflow SEH Date: 2018-08-21 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows XP Service Pack 3 x86 , Windows 7 ultimate x8...
OpenSSH 2.3 < 7.7 - Username Enumeration
Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Date: 2018-08-20 Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | | | | ' \ / \ ' \ \ \ | | | || | | | /...
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection
Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active...
Twitter-Clone 1 - 'userid' SQL Injection
Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable parameters : userid , username 1...
Project64 2.3.2 - Denial Of Service (PoC)
Exploit Title: Project64 2.3.2 - Denial Of Service PoC. Author: Gionathan "John" Reale Discovey Date: 2018-08-21 Homepage: https://www.pj64-emu.com Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the...
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was discovered in Twitter-Clone 1 which allows a remote attacker ...