47904 matches found
Linux/x86 - Kill Process Shellcode (20 bytes)
Linux/x86 - Kill Process Shellcode 20 bytes. Shellcode exploit for Linuxx86 platform / Exploit Title: Kill PID shellcode Date: 07/09/2018 Exploit Author: Nathu Nandwani Platform: Linux/x86 Size: 20 bytes Compile: gcc -fno-stack-protector -z execstack killproc.c -o killproc / include include int...
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HID discoveryd commandblinkon Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote command execution...
Tor Browser < 0.3.2.10 - Use After Free (PoC)
Exploit Title: Tor Browser - Use After Free PoC Date: 09.07.2018 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.torproject.org/ Software Link: https://www.torproject.org/download/download-easy.html.en Version: Tor 0.3.2.x before 0.3.2.10 Tested on: Kali Linux CVE : CVE-2018-0491 Run...
Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)
Exploit Title: Boxoft wav-wma Converter - Local Buffer Overflow SEH Date: 2018-07-08 Software Link: http://www.boxoft.com/wav-to-wma/ Software Version:1.0 Exploit Author: Achilles Target: Windows 7 x64 CVE: Description: A malicious .wav file cause this vulnerability. Category: Local Exploit buffe...
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Date : 01/07/2018 Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website : https://soetemansoftware.nl/seo-checker Description SeoChecker Umbraco CMS Plug-in version...
HP VAN SDN Controller - Root Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP VAN SDN Controller Root Command Injection', 'Description' = %q This module exploits a hardcoded service token or default credentials in HPE VA...
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow
Exploit Title: Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 Date: 14-12-2017 Exploit Author: Maurice Heumann Contact: https://twitter.com/momo5502?lang=en Website: https://momo5502.com/ CVE: CVE-2018-10718 Category: webapps 1. Description By sending a...
GitList 0.6.0 - Argument Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GitList v0.6.0 Argument Injection Vulnerability", 'Description' = %q This module exploits an argument injection vulnerability in GitList v0.6.0...
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
!/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' -------------------------------------------------------------------------------------- Developped by bobsecq: [email protected]...
Airties AIR5444TT - Cross-Site Scripting
Exploit Title: Airties AIR5444TT - Cross-Site Scripting Date: 2018-07-06 Exploit Author: Raif Berkay Dincel Vendor Homepage: airties.com Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 CVE-ID: CVE-2018-8738 Tested on: MacOS High Sierra / Linux Mint / Windows 10 Vulnerable...
PolarisOffice 2017 8 - Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/POLARISOFFICE-2017-v8-REMOTE-CODE-EXECUTION.txt + ISR: Apparition Security Vendor: ============= www.polarisoffice.com Product: =========== PolarisOffice 2017 v8 Polaris...
SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAILS A SQL injection vulnerability in the SoftExpert SE...
VLC media player 2.2.8 - Arbitrary Code Execution (PoC)
Exploit Title: VLC media player 2.2.8 - Arbitrary Code Execution PoC Date: 2018-06-06 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link: http://download.videolan.org/pub/videolan/vlc/2.2.8/win64/vlc-2.2.8-win64.exe Version: 2.2.8 Tested on: Windows 1...
ADB Broadband Gateways / Routers - Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N...
ADB Broadband Gateways / Routers - Local Root Jailbreak
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202...
ADB Broadband Gateways / Routers - Authorization Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N, DV2210, VV2220, VV5522, etc...
ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube:...
Online Trade - Information Disclosure
Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on: Win 10...
CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://www.cmsmadesimple.org/downloads/cmsms/ Version: 2.2.5 CVE: CVE-2018-1000094 import requests...
ShopNx - Arbitrary File Upload
Exploit Title: ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload Date: 2018-07-03 Exploit Author: L0RD Email: [email protected] Vendor Homepage: http://codenx.com/ Version: 1 CVE: CVE-2018-12519 Tested on: Win 10...
Gitea 1.4.0 - Remote Code Execution
pip install PyJWT requests pip install dulwich==0.19.0 from requests import Request, Session, get, post import jwt import time import base64 import os import re import time import threading import random import string import urlparse import urllib from dulwich import porcelain print "Gitea 1.4.0"...
ModSecurity 3.0.0 - Cross-Site Scripting
ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...
ntop-ng < 3.4.180617 - Authentication Bypass
''' Vulnerability title: ntop-ng 3.4.180617 - Authentication Bypass Author: Ioannis Profetis Contact: me at x86.re Vulnerable versions: 3.4.180617-4560 Fixed version: 3.4.180617 Link: ntop.org Date: 2.07.2018 CVE-2018-12520 Product Details ntopng is the next generation version of the original nto...
Boxoft WAV to MP3 Converter 1.1 - Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Boxoft WAV to MP3 Converter v1.1 Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter...
OpenSLP 2.0.0 - Double-Free
''' | | | | | | | || | | | | -| | . | . | | . | . | | | . | | -| | | | -| -| ||| || ||||||| || || ||| || 2018-06-28 SLPD DOUBLE FREE ================ CVE-2018-12938 An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's...
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
Exploit Title: Delta Electronics Delta Industrial Automation COMMGR - Remote STACK-BASED BUFFER OVERFLOW Date: 02.07.2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.deltaww.com/ Software Link:...
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
!/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start Vendor Homepage: https://www.vmware.com Security...
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode 37 bytes. Shellcode exploit for Linuxx86 platform...
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck simpleloglistjs.cgi Remote Command Execution', 'Description' = %q This module exploits a an arbitrary command execution vulnerability...
FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTPShell client 6.70 Enterprise edition Stack Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in the FTPShell client...
Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-EMET-XML-INJECTION.txt + ISR: Apparition Security Greetz: indoushka|Eduardo|Dirty0tis|cor3sm4sh3r Vendor: ================ www.microsoft.com Product:...
Core FTP LE 2.2 - Buffer Overflow (PoC)
Exploit Title: Core FTP LE 2.2 - Buffer Overflow PoC Date: 2018-06-28 Exploit Author: Berk Cem Göksel Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download Version: Core FTP Client LE v2.2 Build 1921 Tested on: Windows 10 Category: Dos CVE : CVE-2018-12113 coding...
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
history.pushState'', '', '/'...
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Chained Remote Code Execution', 'Description' = %q This module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to ga...
Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection
Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested on: Unix, Windows Technical Details...
SIPp 3.6 - Local Buffer Overflow (PoC)
Exploit Title: SIPp 3.6 - Local Buffer Overflow PoC Date: 2018-06-30 Exploit Author: Fakhri Zulkifli Vendor Homepage: http://sipp.sourceforge.net/ Software Link: https://github.com/SIPp/sipp/releases Version: 3.6-dev and earlier Tested on: 3.6-dev $ ./sipp -3pcc python -c ‘print “A” 300' 0 0x4483...
HongCMS 3.0.0 - (Authenticated) SQL Injection
Exploit Title: HongCMS 3.0.0 - SQL Injection Google Dork: if applicable Date: 2018/06/26 Exploit Author: Hzllaga Vendor Homepage: https://github.com/Neeke/HongCMS/ Software Link: https://github.com/Neeke/HongCMS/ Version: 3.0.0 Tested on: php5.4 mysql5 CVE : CVE-2018-12912 POC Administrator...
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category: Hardware Exploit Author: Adipta Basu Tested on: Mac OS High...
hycus CMS 1.0.4 - Authentication Bypass
Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass Google Dork:N/A Date: 28.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://www.hycus.com/ Software Link: http://demosite.center/hycus/ Version: 1.0.4 Tested on: Pardus / Debian Web Server CVE : N/A Proof Of Concept...
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Date: 2018-06-25 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/ Version: BEESCMS - V4.0 CVE : CVE-2018-12739 A CSRF...
Cisco Adaptive Security Appliance - Path Traversal
''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...
Quest KACE Systems Management - Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Quest KACE Systems Management Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Quest KACE Systems...
HPE VAN SDN 2.7.18.0503 - Remote Root
''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
Exploit Title: Wordpress = 4.9.6 Arbitrary File Deletion Vulnerability Date: 2018-06-27 Exploit Author: VulnSpy Vendor Homepage: http://www.wordpress.org Software Link: http://www.wordpress.org/download Version: = 4.9.6 Tested on: php7 mysql5 CVE : Step 1: curl -v...
Liferay Portal < 7.0.4 - Server-Side Request Forgery
ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
PoDoFo 0.9.5 - Buffer Overflow (PoC)
Exploit Title: PoDoFo 0.9.5 - Stack-Based Buffer Overflow PoC Date: 25.06.2018 Software Link: https://sourceforge.net/projects/podofo/ Vuln Version: 0.9.5 CVE: cve-2018-8002 Vulnerability Details: https://bugzilla.redhat.com/showbug.cgi?id=1548930 Exploit Author: r4xis https://github.com/r4xis...
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Affected Version: 1.5.4 and before Category: Plugins and Extensions...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Tested on: lighttpd/1.4.35 Summary: Intern...
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Intex Router N-150 - Cross-Site Request Forgery Add Admin Date: 2018-06-23 Exploit Author: Navina Asrani Version: N-150 CVE : N/A Category: Router Firmware 1. Description The firmware allows malicious request to be executed without verifying source of request. This leads to...
KVM (Nested Virtualization) - L1 Guest Privilege Escalation
When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is enforced by hardware. However, for code running in L...