47904 matches found
Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution
import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" if name == "main": if lensys.argv != 4: print """S2-053 Exploit...
HiSilicon DVR Devices - Remote Code Execution
!/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host', required=True parser.addargument'--rport',...
Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'Gh0st Client buffer Overflow', 'Description' = %q This module exploits a Memory buffer overflow in the Gh0st client C2 server ,...
Online Invoice System 3.0 - SQL Injection
Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo: http://www.onlineinvoicesystem.com/onlineinvoicesystem3/index.php Version: 3.0 Category:...
EzInvoice 6.02 - SQL Injection
Exploit Title: EzInvoice - Invoice Management System 6.0.2 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezinvoicedemo.zip Demo: http://www.mysticdreams.net/products/ezinvoice/ Version: 6.0.2 Category:...
Huawei HG255s - Directory Traversal
Exploit Title: Server Directory Traversal at Huawei HG255s Date: 07.09.2017 Exploit Author: Ahmet Mersin Vendor Homepage: www.huawei.com Software Link: Not published this modem just used by Turkey Version: V100R001C163B025SP02 POC: https://www.youtube.com/watch?v=n02toTFkLOU&feature=youtu.be...
EzBan 5.3 - 'id' SQL Injection
Exploit Title: EzBan - Banner Management System 5.3 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezbandemo.zip Demo: http://www.mysticdreams.net/products/ezban/ Version: 5.3 Category: Webapps Tested o...
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows 7, 8.1, 10 CVE-2017-14219 For more info:...
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. McAfee...
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...
Tor (Linux) - X11 Linux Sandbox Breakout
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2 EDIT: I mixed up two different sandboxes; see the comment below for a correction. From inside the Linux sandbox described in , it is still possible to talk to the X server without any restrictions. This means that a...
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1)
-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1: 0f212075d86ef7e859c1941f8e5b9e7a6f2558ad CVE: CVE-2017-14153...
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo: http://dijiteol.com/demos/pbtla Version: 1.0.6.1...
Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)
Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo:...
Cory Support - 'pr' SQL Injection
Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo : http://coryapp.com/demo/support/ Tested On :...
Jungo DriverWizard WinDriver < 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation
-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1:...
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
Exploit Title: HRM - Workable Zone : Ultimate HR System Last Name Other vulnerable fields include: First Name, Contact Number Unauthenticated Directory Traversal: http://localhost.com/download?type=document&filename=../../../../../etc/passwd Credits & Authors: ================== 8bitsec -...
The Car Project 1.0 - SQL Injection
Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
A2billing 2.x - SQL Injection
Title : A2billing 2.x , Sql injection vulnerability Vulnerable software : A2billing 2.x Author : Ahmed sultan 0x4148 Email : [email protected] Linkedin : https://www.linkedin.com/in/0x4148/ If you're looking for deep technical stuff , overcoming sanitization/hardening . . etc you can check out the...
FiberHome ADSL AN1020-25 - Improper Access Restrictions
Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHome Technologies is a leading equipment vendor and global...
Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow
!/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Input Directory' Local Buffer Overflow Date : 04 Sept, 2017 Exploit Author : Touhid M.Shaikh - www.touhidshaikh.com Contact : https://github.com/touhidshaikh Vendor Homepage: http://www.dupscout.com/ Version : v9.9.14 Software Link ...
iGreeting Cards 1.0 - SQL Injection
Exploit Title: iGreeting Cards 1.0 - SQL Injection Dork: N/A Date: 04.09.2017 Vendor Homepage: http://coryapp.com/ Software Link: http://coryapp.com/?product&index Demo: http://coryapp.com/demo/greetingcards/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...
A2billing 2.x - Backup File Download / Remote Code Execution
Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain multiple flaws which can be chained together to achieve shell...
Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server Free Edition...
Wireless Repeater BE126 - Remote Code Execution
Exploit Title: WIFI Repeater BE126 – Remote Code Execution Date Publish: 09/09/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-13713 1...
RubyGems < 2.6.13 - Arbitrary File Overwrite
There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...
CodeMeter 6.50 - Cross-Site Scripting
Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/...
Joomla! Component CheckList 1.1.0 - SQL Injection
Exploit Title: Joomla! Component CheckList 1.1.0 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Demo: http://checklistdemo.joomplace.com/ Version: 1.1.0 Category:...
Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' SQL Injection
Exploit Title: Joomla! Component Survey Force Deluxe 3.2.4 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/surveys/survey-force-deluxe/ Demo:...
IBM Notes 8.5.x/9.0.x - Denial of Service
Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: https://www-01.ibm.com/support/docview.wss?uid=swg24037141 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-1129...
Lotus Notes Diagnostic Tool 8.5/9.0 - Local Privilege Escalation
Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor CVE URL: http://www-01.ibm.com/support/docview.wss?uid=swg2170002...
WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting
Exploit Title: Wordpress Plugin Participants Database 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link: https://wordpress.org/plugins/participants-database/ Version: 1.7.5.9...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...
OpenJPEG - 'mqc.c' Heap Buffer Overflow
DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. TESTED VERSION Master version of OpenJPEG 805972f,...
IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If...
Sitefinity CMS 9.2 - Cross-Site Scripting
Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description ------------------ Progress® Sitefinity™ is a...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ Software Link: Version: 1.0.6 Tested on: Linux CVE : CVE-2016-1000124 Advisory:...
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/ Software Link: Version: 1.0.9 Tested on: Linux CVE :...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-catalog/ Software Link: Version: 1.0.7 Tested on: Linux CVE : CVE-2016-1000125 Advisory:...
IBM Notes 8.5.x/9.0.x - Denial of Service (2)
Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: http://www-01.ibm.com/support/docview.wss?uid=swg21999384 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-1130...
Git < 2.7.5 - Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...
Linux/x86 - Fork Bomb Shellcode (9 bytes)
Linux/x86 - Fork Bomb Shellcode 9 bytes. Shellcode exploit for Linx86 platform / ;Title: Linux/x86 - Fork Bomb Shellcode ; Author: Touhid M.Shaikh ; Contact: https://github.com/touhidshaikh ; Category: Shellcode ; Architecture: Linux x86 ; Description: This shellcode may crash ur system if execut...
Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery
Exploit Title: CSRF Date: Wed, Aug 30, 2017 Software Link: https://www.metasploit.com/ Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-15084 R7-2017-22 Category: Metasploit Pro, Express, Ultimate, and Community 1...
Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)
======================================================== Invoice Manager v3.1 Cross site request forgery Add Admin Description : Invoice Manager v3.1 is vulnerable to CSRF attack No CSRF token in place which if an admin user can be tricked to visit a crafted URL created by attacker via spear...
PHP-SecureArea < 2.7 - Multiple Vulnerabilities
Exploit Title: PHP-SecureArea = v2.7 - SQL Injection Date: 30-08-2017 Exploit Author: Cryo Contact: https://twitter.com/KernelEquinox Vendor Homepage: https://www.withinweb.com Software Link: https://www.withinweb.com/phpsecurearea/ Version: 2.7 and below Tested on: Windows, Linux, Mac OS X 1...
Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection
Exploit Title: Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection Dork: N/A Date: 30.08.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/ Demo:...
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC)
Exploit Title: Joomla! Component Joomanager 2.0.0 - Arbitrary File Download Dork: N/A Date: 30.08.2017 Vendor Homepage: http://www.joomanager.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/joomanager/ Demo:...
Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service
Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection with no...
Brickcom IP Camera - Credentials Disclosure
Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af, OB-500Af Remotely Exploitable: Yes...