47904 matches found
SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities
Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID:...
Photos in Wifi 1.0.1 - Path Traversal
Document Title: =============== Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ===================================...
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BARCODEWIZ-v6.7-ACTIVEX-COMPONENT-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.barcodewiz.com Product: ============= BarcodeWiz ActiveX Control 6.7...
DiskBoss Enterprise 8.5.12 - Denial of Service
Exploit Title: DiskBoss Enterprise Server 8.5.12 - Denial of Service Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http:///www.diskboss.com/setups/diskbosssrvsetupv8.5.12.exe Version: v10.1.16 Category; Windows Remote DOS CVE: CVE-2017-15665 Author Homepage: www.unixawy.com...
VX Search Enterprise 10.1.12 - Denial of Service
Exploit Title: VX Search Enterprise Server v10.1.12 - Denial of Service Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http://www.vxsearch.com/setups/vxsearchsrvsetupv10.1.12.exe Version: v10.1.12 Category; Windows Remote DOS CVE: CVE-2017-15662 Author Homepage: www.unixawy.com...
Disk Pulse Enterprise 10.1.18 - Denial of Service
Exploit Title: Disk Pulse Enterprise Server v10.1.18 - DOS, Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http://www.diskpulse.com/setups/diskpulsesrvsetupv10.1.18.exe Version: v10.1.18 Category; Windows Remote DOS CVE: CVE-2017-15663 Author Twitter: @eln1x Description In Disk Pul...
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...
Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration
Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE : CVE-2017-9554 Previously this was identified by the developer and the disclosur...
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
Synology Photostation Multiple Vulnerabilities Vendor: Synology Product: Synology Photostation Version: = 6.7.2-3429 Website: http://www.synology.com / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development Synology...
Sync Breeze Enterprise 10.1.16 - Denial of Service
Exploit Title: Sync Breeze Enterprise Server v10.1.16 - Denial of Service Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: http://www.syncbreeze.com/setups/syncbreezesrvsetupv10.1.16.exe Version: v10.1.16 Category; Windows Remote DOS CVE: CVE-2017-15664 Author Twitter: @eln1x...
Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)
Linux/x86 - Reverse TCP 127.1.1.1:8888/TCP Shell /bin/sh + Null-Free Shellcode 67/69 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Reverse TCP Shell /bin/sh 127.1.1.1:8888/TCP Null-Free Shellcode 69 bytes Description: Smallest /bin/sh Reverse TCP ShellcodeNull Free, No...
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...
GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow
Exploit Title: Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712 Date: 01-02-2018 Tested on Windows 8 64 bits Exploit Author: devcoinfet Contact: https://twitter.com/wabefet Software Link: http://www.getgosoft.com/getgodm/ Category: webapps Attack Type: Remote Impac...
Cisco IOS - Remote Code Execution
!/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco Systems on June 29th 2017 - Descriptio...
Ayukov NFTP FTP Client 2.0 - Remote Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ayukov NFTP FTP Client Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD...
Gespage 7.4.8 - SQL Injection
CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1389&desc=6 Windows maintains a DC cache in win32kbase!gpDispInfo-pdceFirst. If you create multiple windows from a shared class while switching between CSOWNDC and CSCLASSDC, you can cause cache list entries to maintain references ...
VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workstation ALSA Config File Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in VMware Workstation Pr...
Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)
Linux/x86 - chmod 777 /etc/sudoers Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissio...
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WVBR0-25 User-Agent Command Execution', 'Description' = %q The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless...
Xplico - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xplico Remote Code Execution', 'Description' = %q This module exploits command injection vulnerability. Unauthenticated users can register a new...
Multiple CPUs - 'Spectre' Information Disclosure
/ EDB Note: - https://spectreattack.com/ - https://spectreattack.com/spectre.pdf - https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html / include include include ifdef MSCVER include / for rdtscp and clflush / pragma optimize"gt",on else include / for rdtscp a...
Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution
!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github: https://github.com/kkirsche/CVE-2017-10271 Exploit is based off of POC by Luffin fr...
WDMyCloud < 2.30.165 - Multiple Vulnerabilities
WDMyCloud Multiple Vulnerabilities Vendor: Western Digital Product: WDMyCloud Version: = 2.30.165 Website: https://www.wdc.com/products/network-attached-storage.html / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development...
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access
DNS-320L ShareCenter Backdoor Vendor: D-Link Product: DNS-320L ShareCenter Version: = 1.06 -- Table of contents 00 - Introduction 00.1 Background 01 - Hard coded backdoor 01.1 - Vulnerable code analysis 01.2 - Remote exp...
EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection
Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018 CVE: CVE-2017-14960 Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable. SQL Injection Vulnerability: ============================== This...
Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation
""" Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720ENUDOWN33102010.rar Internet Security: http://www.kingsoft.co/downloads/kis/kis.rar Summary: ======== This vulnerability allows loc...
WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/ Software Link: https://wordpress.org/plugins/smart-google-code-inserter/ Version: 3.4...
HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution", 'Description' = %q This module exploits a remote command execution...
Apple macOS - IOHIDSystem Kernel Read/Write
Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13...
Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP1000 'getchart' Shell via Command Injection v3.1-3.5-RC7", 'Description' = % This module exploits an OS Command Injection vulnerabilit...
Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP1000 'ping' Shell via Command Injection up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...
PHP Melody 2.7.1 - 'playlist' SQL Injection
Exploit Title: PHP Melody v2.7.1 - SQL Injection Date: 30/12/2017 Exploit Author: Ahmad Mahfouz Contact: http://twitter.com/eln1x Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelodyorder.html Version: 2.7.1 Tested on: Mac OS SQL Injection Type: time-based blind...
D3DGear 5.00 Build 2175 - Buffer Overflow (PoC)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: D3DGear 5.00 Build 2175 - Buffer Overflow Date: 07-11-2017 Vulnerable Software: D3DGear 5.00 Build 2175 Vendor Homepage: http://www.d3dgear.com/ Version: 5.00 Build 2175 Software Link: http://www.d3dgear.com/products.htm Tested O...
NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)
!/usr/bin/python Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor...
ALLMediaServer 0.95 - Remote Buffer Overflow (Metasploit)
require 'msf/core' class Metasploit4 'ALLMediaServer 0.95 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of HTTP request. , 'License' = MSFLICENSE, 'Author' = 'Anurag...
SysGauge Server 3.6.18 - Denial of Service
Exploit Title: SysGauge Server 3.6.18 - DOS Date: 2017-10-20 Exploit Author: Ahmad Mahfouz Software Link: hhttp://www.sysgauge.com/setups/sysgaugesrvsetupv3.6.18.exe Version: v3.6.18 Category; Windows Remote DOS CVE: CVE-2017-15667 Author Homepage: www.unixawy.com Description: SysGauge Server...
Easy!Appointments 1.2.1 - Cross-Site Scripting
Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities Vendor: Alex Tselegidis Product web page: http://www.easyappointments.org Affected version: 1.2.1 Summary: Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web...
Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader
PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does...
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE router which ...
SAP BusinessObjects launch pad - Server-Side Request Forgery
Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack !/usr/bin/env python SAP BusinessObjects launch pad SSRF Timing Atta...
ALLMediaServer 0.95 - Buffer Overflow (PoC)
Exploit Title: Buffer overflow in ALLPlayer ALLMediaServer 0.95 and earlier CVE: CVE-2017-17932 Date: 27-12-2017 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.allmediaserver.org/ Category: webapps Attack Type: Remote Impact: Code execution...
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)
Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork: inurl:/DesktopModules/DreamSlider/ CVE: Description DotNetNuke DreamSlider Module prior to version...
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
!/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce...
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE...
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...
COMTREND ADSL Router CT-5367 - Remote Code Execution
COMTREND ADSL Router CT-5367 - Remote Code Execution. Remote exploit for Hardware platform Exploit Title: Globalnet COMTREND ADSL Router CT-5367 Remote Code Execute Date: 11-12-2017 Exploit Author: TnMch Software Link : null Type : HardWare Risk of use : High Type to use : Remote 1. Description A...
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
Exploit Title: SilverStripe CMS - 3.6.2 CSV Excel Macro Injection Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: web...
Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection
Exploit Title: Joomla! Component JEXTN FAQ Pro 4.0.0 - SQL Injection Dork: N/A Date: 24.12.2017 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/faq/jextn-faq-pro/ Version: 4.0.0 Category: Webapps Tested on:...
Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution
import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "", ""+"".joinhtmlescapetable.getc, c for c in commandin+"" payload1 = " \...