Lucene search
+L
ExploitdbRecent

47904 matches found

exploitdb
exploitdb
added 2018/02/05 12:0 a.m.35 views

Wonder CMS 2.3.1 - Unrestricted File Upload

Affected Code: public static function uploadFile + - if ! wCMS::$loggedIn && ! isset$FILES'uploadFile' && ! isset$REQUEST'token' return; + private static function uploadFileAction - if isset$REQUEST'token' && $REQUEST'token' == wCMS::generateToken && isset$FILES'uploadFile' Proof of Concept Steps...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.23 views

Matrimonial Website Script 2.1.6 - 'uid' SQL Injection

Exploit Title: Matrimonial Website Script 2.1.6 - 'uid' SQL Injection Dork: N/A Date: 2018-02-03 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/matrimonial-website-script/ Version: 2.1.6 Category: Webapps CVE: N/A...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.49 views

Netis WF2419 Router - Cross-Site Scripting

Exploit Title: Netis-WF2419 HTML Injection Date: 20/01/2018 Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV : CVE-2018-6190 HTML Injection in Netis-WF2419...

5.4CVSS5.7AI score0.01579EPSS
Exploits4
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.17 views

Student Profile Management System Script 2.0.6 - Authentication Bypass

Exploit title: Student Profile Management System Script 2.0.6 - Admin Panel Authentication Bypass Dork: "Powered by: i-Net Solution" Date: 2018-02-06 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.38 views

Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection

input name="id" value="-11 UNION ALL SELECT...

9.8CVSS9.6AI score0.02759EPSS
Exploits5
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.36 views

BOCHS 2.6-5 - Local Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Program...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.303 views

Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.50 views

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

input name="id" value="-11 UNION ALL SELECT...

9.8CVSS9.6AI score0.58324EPSS
Exploits5
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.36 views

Claymore Dual GPU Miner 10.5 - Format String

Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. After reading about the recent vulnerabilities with previous version...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.46 views

MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation

/ Title : MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date : 02/02/2018 Author : Souhail Hammou Vendor Homepage : https://www.malwarefox.com/ Version : 2.74.0.150 Tested on : Windows 7 32-bit / Windows 10 64-bit CVE : CVE-2018-6593 / include include include include pragma...

7.8CVSS7AI score0.01115EPSS
Exploits6
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.42 views

Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection

input name="id" value="-11 UNION ALL SELECT...

9.8CVSS7AI score0.02703EPSS
Exploits5
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.124 views

Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apport / ABRT chroot Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by invoking the...

7.2CVSS7AI score0.04187EPSS
Exploits12
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.403 views

WordPress Core - 'load-scripts.php' Denial of Service

EDB Note: python doser.py -g...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.49 views

Wonder CMS 2.3.1 - 'Host' Header Injection

Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE : CVE-2017-14523 Category: Webapp CMS 1...

7.5CVSS7.6AI score0.08045EPSS
Exploits5
exploitdb
exploitdb
added 2018/02/05 12:0 a.m.34 views

Online Voting System - Authentication Bypass

Exploit Title: Online Voting System - Authentication Bypass Date: 02.02.2018 Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-6180 Description A...

9.8CVSS9.7AI score0.04014EPSS
Exploits5
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.41 views

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Linux/x64 - Twofish Encoded + DNS CNAME Password + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform /----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.27 views

Advance Loan Management System - 'id' SQL Injection

Exploit Title: Advance Loan Management System - 'id' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/advance-loan-management-system-with-savings-system-and-sms-notification/21283070 Version: 1.0 Tested on:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.38 views

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation

define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.29 views

Joomla! Component JMS Music 1.1.1 - SQL Injection

Exploit Title: Joomla! Component JMS Music 1.1.1 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: https://www.joommasters.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/jms-music/ Version: 1.1.1 Category: Webapps Tested on:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.35 views

FiberHome AN5506 - Remote DNS Change

FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability Software Version RP2617 Device Model AN5506-04-F Vendor Homepage: www.fiberhome.com/ Date: 01/02/2018 Exploit Author: r0ots3c http://wandoelmo.com.br https://www.facebook.com/wsec.info Description: Vulnerability exists in web...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.91 views

Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal

Exploit Title: Oracle Hospitality Simphony MICROS directory traversal Date: 30.01.2018 Exploit Author: Dmitry Chastuhin https://twitter.com/chipik Vendor Homepage: http://www.oracle.com/ Version: 2.7, 2.8 and 2.9 Tested on: Win, nix CVE : CVE-2018-2636 !/usr/bin/env python...

8.1CVSS8.2AI score0.13725EPSS
Exploits5
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.38 views

Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload

Exploit Title: Joomla! Component Jimtawl 2.2.5 - Arbitrary File Upload Dork: N/A Date: 01.02.2018 Vendor Homepage: http://janguo.de/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/streaming-a-broadcasting/jimtawl/ Software Download:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.68 views

Real Estate Custom Script - 'route' SQL Injection

Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13.3 Email:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.28 views

Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection

Exploit Title: Joomla! Component JEXTN Classified 1.0.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/jextn-classified/ Version: 1.0.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.33 views

IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting

Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Date: 1-31-2017 Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author: 1N3@CrowdShield - https://crowdshield.com Early...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.31 views

Fancy Clone Script - 'search_browse_product' SQL Injection

Exploit Title: Fancy Clone Script - 'searchbrowseproduct' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://pofitec.com/ Software Link: https://pofitec.com/fancy-clone-script.php Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13.3 Email: [email protected] Contac...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.28 views

Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection

...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.23 views

Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection

Exploit Title: Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/jextn-reverse-auction/ Version: 3.1.0 Category: Webapps Tested on:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.21 views

Event Manager 1.0 - SQL Injection

Exploit Title: Event Manager PHP Script 1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...

7AI score
Exploits0
exploitdb
exploitdb
added 2018/02/02 12:0 a.m.27 views

Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection

...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/01 12:0 a.m.28 views

Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access

STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis November 2017 PoC: https://github.com/mcw0/PoC Python...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/01 12:0 a.m.53 views

Geovision Inc. IP Camera & Video - Remote Command Execution

!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/01 12:0 a.m.186 views

BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC Server Automation RSCD Agent NSH Remote ' \ 'Command Execution', 'Description' = %q This module exploits a weak access control check in the B...

7.7AI score
Exploits0
exploitdb
exploitdb
added 2018/02/01 12:0 a.m.57 views

WebKit - 'detachWrapper' Use-After-Free

::detachWrapper /Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x8664+0xfe2b9f...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/01 12:0 a.m.69 views

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.4.18.exe Version: 10.4.18 Tested on:...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/01 12:0 a.m.41 views

WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free

function jsfuzzer var b = document.createElement"body"; a.appendb; ta.autofocus = true; var iframe = document.createElement"iframe"; b.appendChildiframe; li.appendChilddd; iframe.contentDocument.caretRangeFromPoint; function eventhandler ta.insertAdjacentElement"beforeBegin",a; ::operator...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.61 views

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow

!/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/nfsaxe.exe Tested on: Windows 7 x86...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.58 views

Hotspot Shield - Information Disclosure

Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.”...

7.5CVSS7.6AI score0.1098EPSS
Exploits3
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.53 views

Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Exploit Title: Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/picture-calendar-for-joomla/ Version:...

7.5CVSS7.8AI score0.1195EPSS
Exploits5
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.77 views

HPE iMC 7.3 - RMI Java Deserialization

Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability Date: 01-28-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

9.8CVSS9.8AI score0.34882EPSS
Exploits4
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.40 views

Advantech WebAccess < 8.3 - SQL Injection

!/usr/bin/python2.7 Exploit Title: Advantech WebAccess BWSCADARest Login Method SQL Injection Authentication Bypass Vulnerability Date: 01-13-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...

9.8CVSS9.8AI score0.06009EPSS
Exploits4
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.45 views

Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection

Exploit Title: Joomla! Component Visual Calendar 3.1.3 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/visual-calendar/ Version: 3.1.3 Category: Webapps Tested o...

9.8CVSS9.8AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.51 views

System Shield 5.0.0.136 - Privilege Escalation

/ Exploit Title - System Shield AntiVirus & AntiSpyware Arbitrary Write Privilege Escalation Date - 29th January 2018 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.iolo.com/ Tested Version - 5.0.0.136 Driver Version - 5.4.11.1 - amp.sys Tested on OS - 64bit Windows 7 and...

10CVSS9.8AI score0.18455EPSS
Exploits8
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.57 views

Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection

Exploit Title: Joomla! Component CP Event Calendar 3.0.1 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/cp-event-calendar/ Version: 3.0.1 Category: Webapps Test...

9.8CVSS9.8AI score0.02652EPSS
Exploits5
exploitdb
exploitdb
added 2018/01/30 12:0 a.m.76 views

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-5063 Vendor...

5.3CVSS5.7AI score0.08368EPSS
Exploits5
exploitdb
exploitdb
added 2018/01/29 12:0 a.m.599 views

Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic wls-wsat Component Deserialization RCE', 'Description' = %q The Oracle WebLogic WLS WSAT Component is vulnerable to a XML...

7.5CVSS7.9AI score0.99993EPSS
Exploits45
exploitdb
exploitdb
added 2018/01/29 12:0 a.m.44 views

Arq 5.10 - Local Privilege Escalation (1)

!/usr/bin/env ruby Arq USE AT YOUR OWN RISK - THIS WILL OVERWRITE THE ROOT USER'S CRONTAB! $binarytarget = "/tmp/arq510exp" class Arq510PrivEsc def i...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/01/29 12:0 a.m.50 views

iBall WRA150N - Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connectio...

9CVSS8.9AI score0.05882EPSS
Exploits3
exploitdb
exploitdb
added 2018/01/29 12:0 a.m.36 views

Arq 5.10 - Local Privilege Escalation (2)

!/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xargs \ |cut -d ' ' -f2\ if "$pid" != "" ; then ki...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/01/29 12:0 a.m.44 views

macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding

/ The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg1; namelen = arg2; check for namelen==1 mountlistlock; for vfsp...

7.4AI score
Exploits0
Total number of security vulnerabilities47904