47904 matches found
Sync Breeze Enterprise 9.5.16 - 'GET' Remote Buffer Overflow (SEH)
!/usr/bin/env python Exploit Title: Sync Breeze Enterprise v9.5.16 - Remote buffer overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Vendor Homepage: http://syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv9.5.16.exe Version: 9.5.16 Tested on: Windows ...
DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow
!/usr/bin/env python Exploit Title: DiskBoss Enterprise v7.8.16 - 'Import Command' Buffer Overflow Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.diskboss.com Software Link:...
Opensource Classified Ads Script - 'keyword' SQL Injection
Exploit Title: Opensource Classified Ads Script - SQL Injection Google Dork: N/A Date: 29.03.2017 Vendor Homepage: http://www.2daybiz.com/ Software: http://www.professionalclassifiedscript.com/downloads/opensource-classified-ads-script-2/ Demo: http://198.38.86.159/classic/ Version: N/A Tested on...
Linux/x86-64 - execve("/bin/sh") Shellcode (21 Bytes)
Linux/x86-64 - execve"/bin/sh" Shellcode 21 Bytes. Shellcode exploit for Linx86-64 platform ;================================================================================ ; The MIT License ; ; Copyright c ; ; Permission is hereby granted, free of charge, to any person obtaining a copy ; of thi...
VX Search Enterprise 9.5.12 - 'Verify Email' Buffer Overflow
author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: VX Search Enterprise v9.5.12 email verify exploit Date: 2017.03.28 Exploit Author: Greg Priest Version: VX Search Enterprise v9.5.12 Tested on: Windows7 x64 HUN/ENG Professional ''' import...
Intermec PM43 Industrial Printer - Local Privilege Escalation
TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware download: http://www.intermec.com/products/prtrpm43a/downloads.as...
DzSoft PHP Editor 4.2.7 - File Enumeration
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product: ========================= DzSoft PHP Editor v4.2.7 DzSoft PHP...
Microsoft Outlook - HTML Email Denial of Service
Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that they are not going to fix it in near future, I'm...
MikroTik RouterBoard 6.38.5 - Denial of Service
!/usr/local/bin/perl use Socket; $srchost =3D $ARGV0;=20 $srcport =3D $ARGV1;=20 $dsthost =3D $ARGV2;=20 $dstport =3D $ARGV3;=20 if!defined $srchost or !defined $srcport or !defined $dsthost or !defin= ed $dstport=20 =09 =09print "Usage: $0 \n"; =09exit; =20 else=20 =09 =09main; =20 sub main=20...
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to follow symlinks. The default since CVE-2010-0926 is that wide links are...
Apple Safari - 'DateTimeFormat.format' Type Confusion
var date = new DateDate.UTC2012, 11, 20, 3, 0, 0; var i = new Intl.DateTimeFormat; //printi; var q; function f //print"in f"; //printf.caller; q = f.caller; return 10; try i.formatvalueOf : f; catche //print"problem"; //printq; q.call0x77777777;...
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
Title: Disk Sorter Server v9.5.12 - Local Stack-based buffer overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: =============== http://www.disksorter.com/ Download:...
CouponPHP CMS 3.1 - 'code' SQL Injection
Exploit Title: CouponPHP Script v3.1 - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://couponphp.com/ Software: http://couponphp.com/demos Demo: http://newdemo2.couponphp.com Demo: http://newdemo3.couponphp.com Version: 3.1 Tested on: Win7 x64, Kali Linux x64 Exploit Autho...
Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow
''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: http://" in a PROPFIND request, as...
Professional Bus Booking Script - 'hid_Busid' SQL Injection
Exploit Title: Professional Bus Booking Script - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://travelbookingscript.com/ Software: http://travelbookingscript.com/professional-bus-booking-script.html Demo: http://travelbookingscript.com/demo/professional/ Version: N/A Test...
EyesOfNetwork (EON) 5.0 - SQL Injection
CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL requests. CVE ID: CVE-2017-6088 Access...
EyesOfNetwork (EON) 5.0 - Remote Code Execution
CVE-2017-6087 EON 5.0 Remote Code Execution Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. Remote Code Execution authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to execute arbitrary code. CVE ID: CVE-2017-6087 Access...
Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)
=begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform. By crafting the upload request with a specific...
QNAP QTS < 4.2.4 - Domain Privilege Escalation
QNAP QTS Domain Privilege Escalation Vulnerability Name Sensitive Data Exposure in QNAP QTS Systems Affected QNAP QTS NAS all model and all versions 4.2.4 Severity High 7.9/10 Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L Vendor http://www.qnap.com/ Advisory...
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...
Apple Safari - Out-of-Bounds Read when Calling Bound Function
var ba; function s alert"in s"; ba = this; function g alert"in g"; return 7; funct...
Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode
var q; function g //print"in g"; //printarguments.caller; //printg.caller; q = g.caller; //printg.caller; return 7; var a = 1, 2, 3; Object.defineProperty Array.prototype, "1", get : g ; var a = 1, 2, 3;...
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
=== FOXMOLE - Security Advisory 2017-01-25 === inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Session Fixation Technical Risk: critical Likelihood of...
D-Link DCS-936L Network Camera - Cross-Site Request Forgery
Exploit Title: D-Link DCS-936L network camera incomplete/weak CSRF protection vulnerability Date: 26/03/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on DCS-936L with firmware...
Just Another Video Script 1.4.3 - SQL Injection
Exploit Title: Just Another Video Script 1.4.3 - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://justanothervideoscript.com/ Software: http://justanothervideoscript.com/demo Demo: http://javsdemo.com/ Version: 1.4.3 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Parcel Delivery Booking Script 1.0 - SQL Injection
Exploit Title: Parcel Delivery Booking Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/parcel-delivery-booking-script Demo: http://parceldelivery.phpscriptsdemo.com/ Version: 1.0 Tested on: Win7 x64,...
Php Real Estate Property Script - SQL Injection
Exploit Title: Real Estate Property Pro Script - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/php-property-portal-script Demo: http://realpro.phpscriptsdemo.com/ Version: Pro Tested on: Win7 x64, Kali Linux x64...
Courier Tracking Software 6.0 - SQL Injection
Exploit Title: Courier Tracking Software v6.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/courier-tracking-software-ver-6 Demo: http://courierv6.couriersoftwares.com/ Version: 6.0 Tested on: Win7 x64, Kali Lin...
B2B Marketplace Script 2.0 - SQL Injection
Exploit Title: B2B Marketplace Script v2.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://eaglescripts.com/php-b2b-marketplace-script-v2 Demo: http://demob2b.xyz/ Version: 2.0 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Alibaba Clone Script - SQL Injection
Exploit Title: Alibaba Clone Script - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://b2bbusinessdirectoryscript.com/alibaba-clone-script.html Demo: http://thealidemox.com Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author:...
Delux Same Day Delivery Script 1.0 - SQL Injection
Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo: http://deluxesameday.logistic-softwares.com/ Version: 1.0 Tested on: Win7 x64, Kali...
Microsoft Visual Studio 2015 update 3 - Denial of Service
/ Exploit Title: Microsoft Visual Studio 2015 update 3 – Stack overflow Date: 2017-03-26 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://www.visualstudio.com/thank-you-downloading-visual-studio/?sku=Community&rel=15 Version: Visual Studio 2015...
Tour Package Booking 1.0 - SQL Injection
Exploit Title: Tour Package Booking v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: www.eaglescripts.com/tour-package-booking-script Demo: http://tourbooking.phpscriptsdemo.com/ Version: 1.0 Tested on: Win7 x64, Kali Linux x64 Exploit...
Hotel Booking Script 1.0 - SQL Injection
Exploit Title: Hotel & Tour Package Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/hotel-booking-script Demo: http://hotelbooking.phpscriptsdemo.com/ Version: 1.0 Tested on: Win7 x64, Kali Linux x64...
Adult Tube Video Script - SQL Injection
Exploit Title: Adult Tube Video Script - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://www.boysofts.com/ Software: http://www3.boysofts.com/xxx/freeadultvideotubescript.zip Demo: http://www.boysofts.com/2013/12/free-adult-tube-video-script.html Version: N/A Tested on: Wi...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation
/ Check this out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf Tested on: - Windows 10 Pro x64 Pre-Anniversary - hal.dll: 10.0.10240.16384 - FortiShield.sys: 5.2.3.633 Thanks to master @ryujin and @ronin for helping out. / include include...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation
/ Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x64 Post-Anniversary - ntoskrnl.exe: 10.0.14393.953 - FortiShield.sys: 5.2.3.633 Thanks to...
Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)
Linux/x86 - Reverse /bin/bash Shellcode 110 bytes. Shellcode exploit for Linx86 platform / ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes...
Gr8 Tutorial Script - SQL Injection
Exploit Title: Gr8 Tutorial Script - SQL Injection Google Dork: N/A Date: 24.03.2017 Vendor Homepage: http://gr8script.com/ Software: http://gr8script.com/gr8tutorialscript.php Demo: http://www.gr8script.com/gr8tutorial/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Senca...
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...
Miele Professional PG 8528 - Directory Traversal
Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score: 5.0 CVSS Vector: CVSS2AV:N/AC:L/Au:N/C:P/I:N/A:N...
Gr8 Gallery Script - SQL Injection
Exploit Title: Gr8 Gallery Script - SQL Injection Google Dork: N/A Date: 24.03.2017 Vendor Homepage: http://gr8script.com/ Software: http://gr8script.com/gr8gallery.php Demo: http://www.gr8script.com/gr8gallery/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan Author...
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack Overflow', 'Description' = %q The NETGEAR WNR2000 router h...
A Red Teamer’s guide to pivoting
A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...
EMC Replication Manager < 5.3 - Command Execution (Metasploit)
EMC Replication Manager 5.3 - Command Execution Metasploit. CVE-2011-0647. Local exploit for Windows platform...
wifirxpower - Local Buffer Overflow (PoC)
Title: wifirxpower - Local Stack Based Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: =============== https://github.com/cnlohr/wifirxpower Download:...
Flippa Clone - SQL Injection
Exploit Title: Flippa Clone - SQL Injection Google Dork: N/A Date: 23.03.2017 Vendor Homepage: http://www.snobscript.com/ Software: http://www.snobscript.com/downloads/flippa-clone/ Demo: http://flippaportal.scriptfirm.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
// CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc -pthread exploit.c -o exploit // chown guest:guest exploit...
Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection
Exploit Title: Joomla Modern Booking - SQL Injection Author: Hamed Izadi IRAN Vendor Homepage : https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/modern-booking/ Vendor Homepage : https://www.unikalus.com/ Category: Webapps Tested on: Ubuntu Versions: 1.0...
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85 fixed...