FTPShell Client 6.53 - Remote Buffer Overflow

Exploit Title: FTPShell Client 6.53 buffer overflow on making initial connection Date: 2017-03-04 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.ftpshell.com/downloadclient.htm Version: Windows Server 2008 R2 x64 Tested on: Windows Server 2008...

WordPress Core < 4.7.1 - Username Enumeration

!usr/bin/php...

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)

Linux/x86-64 - Polymorphic Setuid0 & Execve/bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation file...

Joomla! Component Coupon 3.5 - SQL Injection

Exploit Title: Joomla! Component Coupon v3.5 - SQL Injection Google Dork: inurl:index.php?option=comcoupon Date: 03.03.2017 Vendor Homepage: http://joomla6teen.com/ Software: https://extensions.joomla.org/extensions/extension/e-commerce/gifts-a-coupons/coupon/ Demo:...

pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell Access Google dork: Tested on: FreeBSD pfSense firewall/router...

EPSON TMNet WebConfig 1.00 - Cross-Site Scripting

Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link: https://c4b.epson-biz.com/modules/community/index.php?contentid=50 Versio...

Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes)

Linux/x86-64 - Polymorphic Flush IPTables Shellcode 47 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the...

Multiple WordPress Plugins - Arbitrary File Upload

import requests import random import string print "---------------------------------------------------------------------" print "Multiple Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir Njiru\nCWE: 434\n\n1. Zen App Mobile Native =3.0...

Php Classified OLX Clone Script - 'category' SQL Injection

Exploit Title: Php Classified OLX Clone Script - SQL Injection Google Dork: N/A Date: 02.03.2017 Vendor Homepage: https://wptit.com/ Software: https://wptit.com/portfolio/php-classified-website-sale/ Demo: http://www.adsthem.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author:...

Joomla! Component Abstract 2.1 - SQL Injection

Exploit Title: Joomla! Component Abstract v2.1 - SQL Injection Google Dork: inurl:index.php?option=comabstract Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/abstract-manager/ Demo:...

Joomla! Component StreetGuessr Game 1.0 - SQL Injection

Exploit Title: Joomla! Component StreetGuessr Game v1.0 - SQL Injection Google Dork: inurl:index.php?option=comstreetguess Date: 02.03.2017 Vendor Homepage: https://www.nordmograph.com/ Software: https://extensions.joomla.org/extensions/extension/sports-a-games/streetguessr-game/ Demo:...

Joomla! Component Guesser 1.0.4 - 'type' SQL Injection

Exploit Title: Joomla! Component Guesser v1.0.4 - SQL Injection Google Dork: inurl:index.php?option=comguesser Date: 02.03.2017 Vendor Homepage: http://www.bitsgeo.com/ Software: https://extensions.joomla.org/extensions/extension/marketing/guesser/ Demo: http://www.bitsgeo.com/guesson/ Version:...

Joomla! Component Recipe Manager 2.2 - 'id' SQL Injection

Exploit Title: Joomla! Component Recipe Manager v2.2 - SQL Injection Google Dork: inurl:index.php?option=comrecipe Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/recipe-manager/ Demo:...

Conext ComBox 865-1058 - Denial of Service

Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost Password" Date: March 02, 2017 Exploit Author:...

MDwiki < 0.6.2 - Cross-Site Scripting

Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwiki universal system. MDwiki is a wiki/CMS system built entirely on HTML5/Javascript technology and runs...

D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery

Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing ‘admin’ privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-2730U Affected version : Hardware ver C1, Firmware ver: IN1.0.0...

Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)

Windows x86 - Reverse TCP Staged Alphanumeric Shellcode 332 Bytes. Shellcode exploit for Winx86 platform Windows x86 Reverse TCP Staged Alphanumeric Shellcode CreateProcessA cmd.exe Author: Snir Levi, Applitects 332 Bytes For Educational Purposes Only Date: 01.03.17 Author: Snir Levi Email:...

Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE, Reflected Cross Site Scripting product: Aruba AirWave vulnerable version: =8.2.3 fixed version: 8.2.3.1 CVE number: CVE-2016-8526,...

WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting

!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgerycrosssitescriptingincontactformmanagerwordpressplugin.html Abstract It was discovered that Contact Form Manager does not protect against Cross-Site Request Forgery. This allows an attacker to change arbitrary Contact Form Manage...

WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting

Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityinuserloginlogwordpressplugin.html Abstract A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress Plugin. This issue can be exploited by Subscriber or higher and allows an attacker to...

WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery

!-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This vulnerablity allows attackers to add and modify scripting code that will...

WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting

Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this vulnerability an attacker can inject malicious JavaScript cod...

WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery

!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to update a content block t...

WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery

!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue can be used to upload arbitrary PHP files to the server. Contact...

SchoolDir - SQL Injection

Exploit Title: SchoolDir - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.brynamics.xyz/ Software: https://codecanyon.net/item/schooldir/19326269 Demo: http://www.brynamics.xyz/schooldir/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...

Rage Faces Script 1.3 - SQL Injection

Exploit Title: Rage Faces Script v1.3 - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.memesoftware.com/ Software: http://www.memesoftware.com/ragefaces.php Demo: http://ragefaces.memesoftware.com/ Version: 1.3 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...

Meme Maker Script 2.1 - 'user' SQL Injection

Exploit Title: Meme Maker Script 2.1 - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.memesoftware.com/ Software: http://www.memesoftware.com/mememaker.php Demo: http://www.memefaces.me/ Version: 2.1 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...

Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery

Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 CSRF which leads to RCE through CVE-2017-6334 Date: 2017-02-28 Exploit Author: SivertPL Vendor Homepage: http://netgear.com/ Software Link:...

BlueIris 4.5.1.4 - Denial of Service

import socket Title: BlueIris - Denial of Service Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://blueirissoftware.com/blueiris.exe Version: 4.5.1.4 Tested on: Windows Server 2008 R2 Standard x64 Start this fake FTP server and crea...

Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation

Exploit Title: Cisco AnyConnect Start Before Logon SBL local privilege escalation. CVE-2017-3813 Date: 02/27/2017 Exploit Author: @Pcchillin Software Link: http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/tsd-products-support-series-home.html Version: 4.3.04027 and...

Synchronet BBS 3.16c - Denial of Service

Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip Version: 3.16c for Windows Tested on: Windows 7 Pro SP1 x64, Windows Serv...

Linux/x86-64 - Reverse Shell Shellcode (84 bytes)

Linux/x86-64 - Reverse Shell Shellcode 84 bytes. Shellcode exploit for Linux platform / Title: Linux/x86-64 - Reverse TCP shellcode - 84 bytes Author: Manuel Mancera @sinkmanu Tested on: 3.16.0-4-amd64 1 SMP Debian 3.16.39-1 2016-12-30 x8664 GNU/Linux ----------------- Assembly code...

SysGauge 1.5.18 - Remote Buffer Overflow

Exploit Title: SysGauge 1.5.18 – buffer overflow in SMTP connection verification function leads to code execution Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.sysgauge.com/setups/sysgaugesetupv1.5.18.exe Version: 1.5.18 Test...

SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysGauge SMTP Validation Buffer Overflow', 'Description' = %q This module will setup an SMTP server expecting a connection from SysGauge 1.5.18 vi...

Sophos Web Appliance 4.3.1.1 - Session Fixation

Exploit Title: Sophos Secure Web Appliance Session Fixation Vulnerability Date: 28/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: https://www.sophos.com/en-us/products/secure-web-gateway.aspx Version: Tested on Sophos Web Appliance version 4.3.1.1. Older versions may...

Joomla! Component OneVote! 1.0 - SQL Injection

Exploit Title: Joomla! Component OneVote! v1.0 - SQL Injection Google Dork: inurl:index.php?option=comonevote Date: 27.02.2017 Vendor Homepage: http://advcomsys.com/ Software: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/polls/onevote/ Demo:...

MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /JAWS/1.0/ def initializeinfo = superupdateinfoinfo, 'Name' = 'MVPower DVR Shell Unauthenticated Command Execution', 'Description' = %q This module...

WePresent WiPG-1500 - Backdoor Account

Exploit Title: CVE-2017-6351 - WePresent undocumented privileged manufacturer backdoor account Date: 27/02/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.wepresentwifi.com/ or http://www.awindinc.com/productswepresentwipg1500.html Software Link:...

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

// // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A trigger for CVE-2017-6074, crashes kernel. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Andrey Konovalov define GNUSOURCE include include...

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

// // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-607...

Windows x86 - Executable Directory Search Shellcode (130 bytes)

Windows x86 - Executable Directory Search Shellcode 130 bytes. Shellcode exploit for Winx86 platform Title: Windows x86 - Executable directory search Shellcode 130 bytes Date: 26-02-2017 Author: Krzysztof Przybylski Platform: Winx86 Tested on: WinXP SP1 Shellcode Size: 130 bytes / Description:...

Linux/x86_64 - Random Listener Shellcode (54 bytes)

Linux/x8664 - Random Listener Shellcode 54 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to...

Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection

Exploit Title: Joomla! Component Intranet Attendance Track v2.6.5 - SQL Injection Google Dork: inurl:index.php?option=comintranet Date: 25.02.2017 Vendor Homepage: http://thagatpam.in/ Software Buy:...

Netgear DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution

!/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all versions - by manipulating the httpd config files to trick the...

Joomla! Component Gnosis 1.1.2 - 'id' SQL Injection

Exploit Title: Joomla! Component Gnosis v1.1.2 - SQL Injection Google Dork: inurl:index.php?option=comgnosis Date: 25.02.2017 Vendor Homepage: http://hypermodern.org/ Software : https://extensions.joomla.org/extensions/extension/directory-a-documentation/glossary/gnosis/ Demo:...

Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection

Exploit Title: Joomla! Component Appointments for JomSocial v3.8.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : https://www.cmsplugin.com/products/components/1-appointments-for-jomsocial Demo:...

Joomla! Component My MSG 3.2.1 - SQL Injection

Exploit Title: Joomla! Component My MSG v3.2.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : https://www.cmsplugin.com/products/components/10-my-msg Demo: http://extensions.cmsplugin.com/extensions/j3demo/my-msg Version: 3.2.1 Tested on:...

Joomla! Component Spinner 360 1.3.0 - SQL Injection

Exploit Title: Joomla! Component Spinner 360 v1.3.0 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : https://www.cmsplugin.com/products/components/13-spinner360 Demo: http://extensions.cmsplugin.com/extensions/j3demo/spinner-360 Version: 1.3...

Joomla! Component JomSocial - SQL Injection

Exploit Title: Joomla! Component JomSocial - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : http://extensions.cmsplugin.com/extensions/j3demo/jomsocial Demo: http://extensions.cmsplugin.com/extensions/j3demo/jomsocial Version: N/A Tested on:...

Joomla! Component GPS Tools 4.0.1 - SQL Injection

Exploit Title: Joomla! Component GPS Tools v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comgpstools Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/gps-tools/ Demo:...