47885 matches found
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link: https://wordpress.org/plugins/contact-form-7-to-database-extension Version: 2.10.32...
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Allok soft WMV to AVI MPEG DVD WMV Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Talented Pentesters Hut Vulnerable Software: Allok WMV to...
MiniCMS 1.10 - Cross-Site Request Forgery
test document.forms0.submit;...
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
Exploit Title: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Route Authentication Bypass CVE: CVE-2018-9032 Date: 24-03-2018 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router...
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload', 'Description' = %q Vtiger 6.3.0 CRM's administration interface allows for the upload of ...
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
!/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change
Tenda W308R v2 Wireless Router V5.07.48 Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable...
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/ Affected Version: 3.5...
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Alloksoft Video joiner 4.6.1217 - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Video joiner Vendor Homepage:...
Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)
!/usr/bin/env python Exploit Title : Allok AVI DivX MPEG to DVD Converter - Buffer Overflow SEH Date : 3/27/18 Exploit Author : wetw0rk Vulnerable Software : Allok AVI DivX MPEG to DVD Converter Vendor Homepage : http://alloksoft.com/ Version : 2.6.1217 Software Link :...
Homematic CCU2 2.29.23 - Arbitrary File Write
!/usr/bin/ruby Exploit Title: Homematic CCU2 Arbitrary File Write Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7300 Description:...
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
Exploit Title: Open-AuditIT Professional 2.1 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/ Software Link :...
osCommerce 2.3.4.1 - Remote Code Execution
Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Component Fields SQLi Remote Code Execution', 'Description' = %q This module exploits a SQL injection vulnerability in the comfields...
GitStack - Unsanitized Argument Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unsanitized Argument RCE', 'Description' = %q This module exploits a remote code execution vulnerability that exists in GitStack through...
Cisco Smart Install - Crash (PoC)
smiibcinitdiscoveryBoF.py import socket import struct from optparse import OptionParser Parse the target options parser = OptionParser parser.addoption"-t", "--target", dest="target", help="Smart Install Client", default="192.168.1.1" parser.addoption"-p", "--port", dest="port", type="int",...
Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code Execution', 'Description' = %q This module exploits a Remote...
TeamCity < 9.0.2 - Disabled Registration Bypass
var login = 'testuser'; //логин пользователя var password = 'SuperMEgaPa$$'; //пароль var email = '[email protected]'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass = BS.Encrypt.encryptDatapassword, $F"publicKey"; var parameters =...
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
--------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Persistent XSS Date: 2018-03-27 Exploit Author: Sven Fassbender Contact: https://twitter.com/mezdanak...
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
''' --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Directory Traversal Date: 2018-03-27 Exploit Author: Sven Fassbender Contact:...
Open-AuditIT Professional 2.1 - Cross-Site Scripting
Exploit Title: Open-AuditIT Professional 2.1 - Stored Cross site scripting XSS Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/ Version: 2.1 CVE : CVE-2018-8903...
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
!/bin/bash Tenda N11 Wireless Router V5.07.43enNEX01 Cookie Session Weakness Remote DNS Change PoC Exploit Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Use...
Microsoft Windows Remote Assistance - XML External Entity Injection
Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident ------------------------ /xxe.xml" %remote;%root;%oob; xxe.xml ----------------------...
DLINK DCS-5020L - Remote Code Execution (PoC)
“The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to see a wider area with a single camera,...
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ClipBucket beatsuploader Unauthenticated Arbitrary File Upload", 'Description' = %q This module exploits a vulnerability found in ClipBucket...
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC. CVE-2018-7466. Remote exploit for Linux platform Title: TestLink Open Source Test Management= 1.9.16 Remote Code Execution By Manish error1046 Vendor Home Page: http://testlink.org Disovered At: Indishell Lab CVE ID:...
Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Stack Based Buffer Overflow in Allok Fast AVI MPEG Splitter 1.2 Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Fast AVI MPEG Splitter 1.2 Vendor Homepage:...
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall pfnHMValidateHandleHANDLE, BYTE = NULL; static constexpr UINT...
LabF nfsAxe 3.7 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested On: Windows 7 x86 and x64 Requires Windo...
Acrolinx Server < 5.2.5 - Directory Traversal
Exploit Title: Acrolinx Dashboard Directory Traversal CVE: CVE 2018-7719 Date: 19.02.2017 Exploit Author: Berk Dusunur Vendor Homepage: www.acrolinx.com Version:Before 5.2.5 PoC Acrolinx dashboard windows works on the server...
Laravel Log Viewer < 0.13.0 - Local File Download
Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1. Description Unauthorized user can access Laravel lo...
Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
import os import sys import struct import bluetooth BNEPPSM = 15 BNEPFRAMECONTROL = 0x01 Control types parsed by bnepprocesscontrolpacket in bneputils.cc BNEPSETUPCONNECTIONREQUESTMSG = 0x01 def oobreadsrcbdaddr, dst: bnep = bluetooth.BluetoothSocketbluetooth.L2CAP bnep.settimeout5...
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title : Easy CD DVD Copy v1.3.24 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.divxtodvd.net/index.htm Vulnerable Software: http://www.divxtodvd.net/easycddvdcopy.exe Test...
Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure
import os import sys import struct import bluetooth BNEPPSM = 15 BNEPFRAMECOMPRESSEDETHERNET = 0x02 LEAKATTEMPTS = 20 def leaksrcbdaddr, dst: bnep = bluetooth.BluetoothSocketbluetooth.L2CAP bnep.settimeout5 bnep.bindsrcbdaddr, 0 print 'Connecting to BNEP...' bnep.connectdst, BNEPPSM...
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS Date: 3/19/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=910 Version: v1.2 Tested on: Ubuntu 17.10 1. Description:...
WM Recorder 16.8.1 - Denial of Service
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: WM Recorder 16.8.1 - Denial of Service Date: 03-20-2018 Vulnerable Software: WM Recorder 16.8.1 Vendor Homepage: http://wmrecorder.com/home/ Version: 16.8.1 Software Link: http://wmrecorder.com/download/wm-recorder/ Tested On:...
Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)
Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could exploit this vulnerability to execute arbitrary code in t...
Dell EMC NetWorker - Denial of Service
''' Exploit Title: Dell EMC NetWorker DoS PoC Date: 18.03.2018 Exploit Author: Marek Cybul Vendor Homepage: https://www.emc.com/data-protection/networker.htm Versions: Dell EMC NetWorker versions prior to 9.2.1.1 Dell EMC NetWorker versions prior to 9.1.1.6 Dell EMC NetWorker 9.0.x Dell EMC...
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitra...
XenForo 2 - CSS Loader Denial of Service
Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForo™" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenForo 2 Tested on: Linux...
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
!/usr/bin/python Exploit Title : Easy Avi Divx Xvid to DVD Burner v2.9.11 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.divxtodvd.net/index.htm Vulnerable Software:...
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Allok Video Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Video Converter Vendor Homepage:...
Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
Linux/x86 - EggHunter + Null-Free Shellcode 11 Bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - EggHunter Shellcode 11 Bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 11 Description: Smallest Null-Free Egg Hunter Shellcode - 11 Bytes Details: 1. Work...
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
/ Exploit Title: TL-WR720N 150Mbps Wireless N Router - CSRF Date: 21-3-2018 Exploit Author: Mans van Someren Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/resources/software/TL-WR720NV1130719.zip Version: All versions because its a 0day Testen on: Google Chro...
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass
Exploit Title: Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds: 140721 - 170109 Backdoor Date: 15-03-2018 Vendor Homepage: http://www.hikvision.com/en/ Exploit Author: Matamorphosis Category: Web Apps Description: Exploits a backdoor in Hikvision camera firmware versions 5.2.0 - 5.3.9 Builds:...
Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
include include include include include include include include include include static int driveselectorint head return head 2; void fdrecalibrateint fd struct floppyrawcmd rawcmd; int tmp; rawcmd.flags = FDRAWINTR; rawcmd.cmdcount = 2; // set up the command rawcmd.cmdrawcmd.cmdcount++ = 0x07;...
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation
Windows: Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write EoP Platform: Windows 1703 version 1709 seems to have fixed this bug Class: Elevation of Privilege Summary: The handling of the virtual registry NtLoadKey callback reloads registry hives insecurely leading to arbitrary...
Vehicle Sales Management System - Multiple Vulnerabilities
Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Exploit Title: INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include Google Dork: Date: 16/03/2018 Exploit Author: Matheus Goncalves - anhax0r Vendor Homepage: https://www.facebook.com/anhaxteam/ Software Link: Version: 60.0.75.29 REQUIRED Tested on: Debian CVE : if applicable Remember that yo...
Internet Explorer - 'RegExp.lastMatch' Memory Disclosure
/ There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: ========================================= / function main RegExp.input = toString: f; alertRegExp.lastMatc...