47885 matches found
Gitea 1.4.0 - Remote Code Execution
pip install PyJWT requests pip install dulwich==0.19.0 from requests import Request, Session, get, post import jwt import time import base64 import os import re import time import threading import random import string import urlparse import urllib from dulwich import porcelain print "Gitea 1.4.0"...
Online Trade - Information Disclosure
Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on: Win 10...
ntop-ng < 3.4.180617 - Authentication Bypass
''' Vulnerability title: ntop-ng 3.4.180617 - Authentication Bypass Author: Ioannis Profetis Contact: me at x86.re Vulnerable versions: 3.4.180617-4560 Fixed version: 3.4.180617 Link: ntop.org Date: 2.07.2018 CVE-2018-12520 Product Details ntopng is the next generation version of the original nto...
OpenSLP 2.0.0 - Double-Free
''' | | | | | | | || | | | | -| | . | . | | . | . | | | . | | -| | | | -| -| ||| || ||||||| || || ||| || 2018-06-28 SLPD DOUBLE FREE ================ CVE-2018-12938 An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's...
Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Boxoft WAV to MP3 Converter v1.1 Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter...
ModSecurity 3.0.0 - Cross-Site Scripting
ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...
Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection
Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested on: Unix, Windows Technical Details...
SIPp 3.6 - Local Buffer Overflow (PoC)
Exploit Title: SIPp 3.6 - Local Buffer Overflow PoC Date: 2018-06-30 Exploit Author: Fakhri Zulkifli Vendor Homepage: http://sipp.sourceforge.net/ Software Link: https://github.com/SIPp/sipp/releases Version: 3.6-dev and earlier Tested on: 3.6-dev $ ./sipp -3pcc python -c ‘print “A” 300' 0 0x4483...
Core FTP LE 2.2 - Buffer Overflow (PoC)
Exploit Title: Core FTP LE 2.2 - Buffer Overflow PoC Date: 2018-06-28 Exploit Author: Berk Cem Göksel Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download Version: Core FTP Client LE v2.2 Build 1921 Tested on: Windows 10 Category: Dos CVE : CVE-2018-12113 coding...
FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTPShell client 6.70 Enterprise edition Stack Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in the FTPShell client...
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck simpleloglistjs.cgi Remote Command Execution', 'Description' = %q This module exploits a an arbitrary command execution vulnerability...
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode 37 bytes. Shellcode exploit for Linuxx86 platform...
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Chained Remote Code Execution', 'Description' = %q This module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to ga...
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
Exploit Title: Delta Electronics Delta Industrial Automation COMMGR - Remote STACK-BASED BUFFER OVERFLOW Date: 02.07.2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.deltaww.com/ Software Link:...
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
history.pushState'', '', '/'...
Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-EMET-XML-INJECTION.txt + ISR: Apparition Security Greetz: indoushka|Eduardo|Dirty0tis|cor3sm4sh3r Vendor: ================ www.microsoft.com Product:...
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
!/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start Vendor Homepage: https://www.vmware.com Security...
HongCMS 3.0.0 - (Authenticated) SQL Injection
Exploit Title: HongCMS 3.0.0 - SQL Injection Google Dork: if applicable Date: 2018/06/26 Exploit Author: Hzllaga Vendor Homepage: https://github.com/Neeke/HongCMS/ Software Link: https://github.com/Neeke/HongCMS/ Version: 3.0.0 Tested on: php5.4 mysql5 CVE : CVE-2018-12912 POC Administrator...
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Date: 2018-06-25 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/ Version: BEESCMS - V4.0 CVE : CVE-2018-12739 A CSRF...
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category: Hardware Exploit Author: Adipta Basu Tested on: Mac OS High...
Cisco Adaptive Security Appliance - Path Traversal
''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...
hycus CMS 1.0.4 - Authentication Bypass
Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass Google Dork:N/A Date: 28.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://www.hycus.com/ Software Link: http://demosite.center/hycus/ Version: 1.0.4 Tested on: Pardus / Debian Web Server CVE : N/A Proof Of Concept...
HPE VAN SDN 2.7.18.0503 - Remote Root
''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
Exploit Title: Wordpress = 4.9.6 Arbitrary File Deletion Vulnerability Date: 2018-06-27 Exploit Author: VulnSpy Vendor Homepage: http://www.wordpress.org Software Link: http://www.wordpress.org/download Version: = 4.9.6 Tested on: php7 mysql5 CVE : Step 1: curl -v...
Quest KACE Systems Management - Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Quest KACE Systems Management Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Quest KACE Systems...
PoDoFo 0.9.5 - Buffer Overflow (PoC)
Exploit Title: PoDoFo 0.9.5 - Stack-Based Buffer Overflow PoC Date: 25.06.2018 Software Link: https://sourceforge.net/projects/podofo/ Vuln Version: 0.9.5 CVE: cve-2018-8002 Vulnerability Details: https://bugzilla.redhat.com/showbug.cgi?id=1548930 Exploit Author: r4xis https://github.com/r4xis...
Liferay Portal < 7.0.4 - Server-Side Request Forgery
ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Tested on: lighttpd/1.4.35 Summary: Intern...
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Affected Version: 1.5.4 and before Category: Plugins and Extensions...
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Date: 2018-06-25 Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link: https://wordpress.org/plugins/better-wp-security/...
Travel Agency 1.1 - 'cid' SQL Injection
Travel Agency 1.1 - 'cid' SQL Injection. Webapps exploit for PHP platform Exploit Title: Travel Agency 1.1 - 'cid' SQL Injection Data: 2018-06-23 Exploit Author: Ashkan Moghaddas Tested on: Windows - Linux Google Dork: N/A CVE: N/A Vulnerable Page: /add.city.php Vulnerable Source:...
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit title: Ecessa WANWorx WVR-30 input type="hidden" nam...
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Date: 2018-06-23 Exploit Author: Wadeek Vendor Homepage: https://www.asus.com/ Firmware Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC750GF/FWRTAC750GF30043806038.zip Firmware Version: 3.0.0.4.380.6038...
Intex Router N-150 - Arbitrary File Upload
Exploit Title: Intex Router N-150 - Arbitrary File Upload Date: 2018-06-23 Exploit Author: Samrat Das Version: N-150 CVE : N/A Category: Router Firmware 1. Description The firmware allows malicious files to be uploaded without any checking of extensions and allows filed to be uploaded. 2. Proof...
KVM (Nested Virtualization) - L1 Guest Privilege Escalation
When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is enforced by hardware. However, for code running in L...
Foxit Reader 9.0.1.1049 - Remote Code Execution
%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Summary: Ecessa's ShieldLink 60, 175, 600,12...
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Category Hardware Exploit Author Adipta Basu...
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Intex Router N-150 - Cross-Site Request Forgery Add Admin Date: 2018-06-23 Exploit Author: Navina Asrani Version: N-150 CVE : N/A Category: Router Firmware 1. Description The firmware allows malicious request to be executed without verifying source of request. This leads to...
DIGISOL DG-BR4000NG - Cross-Site Scripting
Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Date: 2018-06-24 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta Basu Contact :...
QEMU Guest Agent 2.12.50 - Denial of Service
Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50 CVE : CVE-2018-12617 QEMU Guest Agent 2.12.5...
Opencart < 3.0.2.0 - Denial of Service
!/usr/bin/perl -w Opencart https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Tested store with added more than 1000 products todor@adamantium cartkiller torsocks perl killcart.pl example.com Opencart = 3.0.2.0 googlesitemap Remote Denial of Service resource exhaustion Connecting...
phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)
Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Google Dork:N/A Date: 21.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Version: 1.2.2 Tested on: Pardus / Debian Web Server CVE : N...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...
GreenCMS 2.3.0603 - Information Disclosure
Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information Date: 2018-06-21 Exploit Author: vrsystem Vendor Homepage: https://github.com/GreenCMS/GreenCMS/ Software Link: https://github.com/GreenCMS/GreenCMS/ Version: GreenCMS 2.3.0603 Tested on: windows 7 CVE : CVE-2018-12604...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Lin...
Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution
Exploit Title: Dell EMC RecoverPoint &2 root@recoverpoint:/ id uid=0root gid=0root groups=0root root@recoverpoint:/...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)
Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: users can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html Version: 3.7.0 CVE : CVE-2018-12602 A...
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution
Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB: https://support.emc.com/kb/521234 Github:...