47904 matches found
D-Link DIR-850L - OS Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'DIR-850L Unauthenticated OS Command Exec', 'Description' = %q This module leverages an unauthenticated credential disclosure...
D-Link DIR-605L < 2.08 - Denial of Service
Exploit Title: D-Link DIR605L ROUTER=$1 if "$" -ne 1 ; then echo "usage: $0 " exit fi curl http://$ROUTER/Tools/...
Ulterius Server < 1.9.5.0 - Directory Traversal
Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d Version: 1.9.5.0 Tested on: Windows...
Kirby CMS < 2.5.7 - Cross-Site Scripting
Exploit Title: KirbyCMS 2.5.7 Stored Cross Site Scripting Vendor Homepage: https://getkirby.com/ Software Link: https://getkirby.com/try Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform: PHP CVE:...
IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation
/ Exploit Title - IKARUS anti.virus Arbitrary Write Privilege Escalation Date - 13th November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.ikarussecurity.com/ Tested Version - 2.16.7 Driver Version - 0.18780.0.0 - ntguardx64.sys Tested on OS - 64bit Windows 7 and...
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com Version: Web Viewer 1.0.0.193 on Samsung SRN-1670D Tested on: Web...
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes)
Linux/x64 - Reverse TCP 127.0.0.1:4444/TCP Shell /bin/sh + Password 1234567 Shellcode 104 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq...
MyBB 1.8.13 - Cross-Site Scripting
Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which...
MyBB 1.8.13 - Remote Code Execution
Exploit Title: RCE in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn't require it in some special cases. The...
osCommerce 2.3.4.1 - Arbitrary File Upload
Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload Date: 11.11.2017 Exploit Author: Simon Scannell - https://scannell-infosec.net Vendor Homepage: https://www.oscommerce.com/ Software Link: https://www.oscommerce.com/Products&Download=oscom234 Version: 2.3.4.1, 2.3.4 - Other...
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt + ISR: ApparitionSec Vendor: ======= www.symantec.com Product: =========== Symantec Endpoint...
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
Linux/x64 - Bind TCP 4444/TCP Shell /bin/sh + Password 1234567 Shellcode 136 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; cop...
Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free
var e = new Error; var o = toString:function //alert'in toString'; e.name = 1; CollectGarbage; //reallocate forvar i=0;i !-- ========================================= This is a use-after-free in jscript!JsErrorToString that can lead to a heap overflow. The PoC above crashes in memcpy when...
PHP 7.1.8 - Heap Buffer Overflow
Description: ------------ A heap out-of-bound read vulnerability in timelibmeridian can be triggered via wddxdeserialize or other vectors that call into this function on untrusted inputs. $ /php-7.1.8/sapi/cli/php --version PHP 7.1.8 cli built: Aug 9 2017 21:42:13 NTS Copyright c 1997-2017 The PH...
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...
Ametys CMS 4.0.2 - Password Reset
Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system CMS written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented...
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Xlight FTP Server x86/x64 - Buffer Overflow Crash PoC Date: 07-11-2017 Vulnerable Software: Xlight FTP Server v3.8.8.5 x86/x64 Vendor Homepage: http://www.xlightftpd.com/ Version: v3.8.8.5 x86/x64 Software Link:...
ManageEngine Applications Manager 13 - SQL Injection
ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host: 192.168.1.190:9090 User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64;...
pfSense 2.3.1_1 - Command Execution
Exploit Title: pfSense User Manager--Groups in the handling of the members parameter. This allows an authenticated WebGUI user with privileges for systemgroupmanager.php to execute commands in the context of the root user. 2. Proof of Concept 'ifconfig/usr/local/www/ifconfig.txt'...
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...
Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt + ISR: ApparitionSec Vendor: ============= www.avaya.com Product: =========== Avaya IP Office IPO...
Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt + ISR: apparitionSec Vendor: ============= www.avaya.com Product: =========== Avaya IP Office IPO...
SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: SMPlayer 17.11.0 - '.m3u' Crash PoC Date: 05-11-2017 Vulnerable Software: SMPlayer v17.11.0 Vendor Homepage: http://www.smplayer.info Version: v17.11.0 Software Link: http://www.smplayer.info/en/downloads Tested On: Windows 7 x64...
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass
Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?srank=9...
Actiontec C1000A Modem - Backdoor Account
Exploit Title: Actiontec C1000A backdoor account Google Dork: NA Date: 11/04/2017 Exploit Author: Joseph McDonagh Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us Software Link: N/A Hardware Version: Firmware CAC003-31.30L.86 Tested on: Linux CVE : NA The Actiontec C1000A Modem...
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service...
GraphicsMagick - Memory Disclosure / Heap Overflow
'''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of source code in the base package or 1,225K including...
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...
Jnes 1.0.2 - Stack Buffer Overflow
!/usr/bin/env python coding: utf-8 Exploit Title: Jnes Version 1.0.2 Stack Buffer Overflow Date: 3-11-2017 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: http://www.jabosoft.com/home Software Link: http://www.jabosoft.com/categories/3 Version: v1.0.2.15 Tested o...
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection
Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link: https://wordpress.org/plugins/jtrt-responsive-tables/ Contact: http://twitter.com/lenonleite Website:...
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied For. POC: 1. Access and go to the Radio URL...
Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH)
!/usr/bin/python Title: Ipswitch WSFTP Professional Local Buffer Overflow SEH Author: Kevin McGuigan. Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: https://www.ipswitch.com Date: 03/11/2017 Version: 12.6.03 CVE: CVE-2017-16513 Tested on: Windows 7 32-bit Use scrip...
tnftp - 'savefile' Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...
Debut Embedded HTTPd 1.20 - Denial of Service
Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedded http server contains a remotely exploitable...
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
Exploit Title: OctoberCMS 1.0.426 - CSRF to Admin Account Takover Vendor Homepage: https://octobercms.com Software Link: https://octobercms.com/download Exploit Author: Zain Sabahat Website: https://about.me/ZainSabahat Category: webapps CVE: CVE-2017-16244 1. Description Cross-Site Request Forge...
Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine VM. The VM includes software that emulates...
Vir.IT eXplorer Anti-Virus 8.5.39 - 'VIAGLT64.SYS' Local Privilege Escalation
/ Exploit Title - Vir.IT eXplorer Anti-Virus Arbitrary Write Privilege Escalation Date - 1st November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.tgsoft.it Tested Version - 8.5.39 Driver Version - 1.0.0.11 - VIAGLT64.SYS Tested on OS - 64bit Windows 7 and Windows 10...
Ingenious School Management System 2.3.0 - 'friend_index' SQL injection
Exploit Title: Ingenious School Management System 2.3.0 - SQL injection Date: 01.11.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo: http://iloveprograming.com/view/login.php Version: 2.3.0 Category:...
WhatsApp 2.17.52 - Memory Corruption
!/usr/bin/env python -- coding: utf-8 -- Found this and more exploits on my open source security project: http://www.exploitpack.com Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: 11 October 2017 Tested on: iPhone 5/6s iOS 10.3.3 and 11 Description:...
ZyXEL PK5001Z Modem - Backdoor Account
Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux About: ZyXEL PK5001Z Modem is used by...
MyBuilder Clone 1.0 - 'subcategory' SQL Injection
Exploit Title: MyBuilder Clone 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.contractorscripts.com/ Software Link: http://order.contractorscripts.com/ Demo: http://demo.contractorscripts.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Same Sex Dating Software Pro 1.0 - SQL Injection
Exploit Title: Same Sex Dating Software Pro 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/same-date-pro-same-sex-dating-software/4530959 Demo: http://www.ss.softdatepro.com/ Version: 1.0 Category: Webapps...
SoftDatepro Dating Social Network 1.3 - SQL Injection
Exploit Title: SoftDatepro Dating Social Network 1.3 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/softdatepro-build-your-own-dating-social-network/3650044 Demo: http://demo.softdatepro.com/ Version: 1.3 Category...
Adult Script Pro 2.2.4 - SQL Injection
Exploit Title: Adult Script Pro 2.2.4 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.adultscriptpro.com/ Software Link: http://www.adultscriptpro.com/order.html Demo: http://www.adultscriptpro.com/demo.html Version: 2.2.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Sokial Social Network Script 1.0 - SQL Injection
Exploit Title: Sokial Social Network Script 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.sokial.net/ Software http://www.sokial.net/demonstrations-social-network.sk Demo: http://demo.sokial.net/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection
Exploit Title: Vastal I-Tech Dating Zone 0.9.9 - 'productid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/dating-zone-the-dating-software.html Demo: http://datingzone.vastal.com/demo/ Version: 0.9.9 Category: Webapps Tested on:...
iStock Management System 1.0 - Arbitrary File Upload
Exploit Title: iStock Management System 1.0 - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/istock-management-system/20405084 Demo: http://project.ikodes.com/basicims/ Version: 1.0 Category: Webapps Tested on:...
ZeeBuddy 2x - 'groupid' SQL Injection
Exploit Title: ZeeBuddy 2x - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.zeescripts.com/ Software Link: http://www.zeebuddy.com/ Demo: http://www.zeebuddy.com/demo/ Version: 2x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-15976 Exploit Author: Ihsan...
Protected Links - SQL Injection
Username Password...
AROX School ERP PHP Script - 'id' SQL Injection
Exploit Title: AROX School ERP PHP Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://arox.in/ Software Link: https://www.codester.com/items/4908/arox-school-erp-php-script Demo: http://erp1.arox.in/ Version: CVE-2017-15978 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...