47884 matches found
Exchange Control Panel - Viewstate Deserialization (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
Exploit Title: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Date: 2020-02-04 Exploit Author: NgoAnhDuc Vendor Homepage: https://github.com/UniSharp/laravel-filemanager Software Link:...
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
Exploit Title: RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Discovery by: Paulina Girón Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/re2/model/sp52s/sp52s.htm Product Version: RICOH Aficio SP 5200S Printer...
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2020-03-02 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...
Alfresco 5.2.4 - Persistent Cross-Site Scripting
Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting Date: 2020-03-02 Exploit Author: Romain LOISEL & Alexandre ZANNI https://pwn.by/noraj - Pentesters from Orange Cyberdefense France Vendor Homepage: https://www.alfresco.com/ Software Link: https://www.alfresco.com/ecm-software Versio...
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
Exploit Title: RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection Discovery by: Olga Villagran Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/rc3/model/sp52s/sp52s.htm?lang=es Product Version: RICOH Aficio SP...
Microsoft Windows - 'WizardOpium' Local Privilege Escalation
include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx, sizeofwcx; wcx.hInstance = hInstance; wcx.cbSize = sizeofwcx;...
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.intelbras.com/ Software Link: http://en.intelbras.com.br/node/1033 Version: Intelbras Wireless N 150Mbps - WRN240 Tested on: linux,...
TP LINK TL-WR849N - Remote Code Execution
Exploit Title: TP LINK TL-WR849N - Remote Code Execution Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/Firmware Version: TL-WR849N 0.9.1 4.16 Tested on: linux, windows CVE : CVE-2020-93...
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Date: 2020-02-28 Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...
Joplin Desktop 1.0.184 - Cross-Site Scripting
Exploit Title: Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Author: Javier Olmedo Date: 2020-02-27 Vendor: Laurent Cozic Software Link: https://github.com/laurent22/joplin/archive/v1.0.184.zip Affected Version: 1.0.184 and before Patched Version: 1.0.185 Category: Remote Platform: Window...
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
Exploit Title: TL-WR849N 0.9.1 4.16 - Authentication Bypass Upload Firmware Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/Firmware Version: TL-WR849N 0.9.1 4.16 Tested on: linux, window...
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
Exploit Title: CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Exploit Author: wetw0rk Exploit Version: Public POC Vendor Homepage: https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en Software Version : 7.80 Tested on: Windows 10 Pro x64, Windows Server...
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Exploit Title: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Date: 2020-02-28 Exploit Author: Andrey Stoykov Version: Cyberoam General Authentication Client 2.1.2.7 Tested on: Windows Vista SP2 x86 Steps to Reproduce: 1 Run the POC 2 Copy the contents of "sploit.txt" into the...
Netis WF2419 2.2.36123 - Remote Code Execution
Exploit Title: Netis WF2419 2.2.36123 - Remote Code Execution Exploit Author: Elias Issa Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/75 Date: 2020-02-11 Version: WF2419 V2.2.36123 = V2.2.36123 Tested on: NETIS WF2419...
netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
!/usr/bin/env python3 BraveStarr ========== Proof of Concept remote exploit against Fedora 31 netkit-telnet-0.17 telnetd. This is for demonstration purposes only. It has by no means been engineered to be reliable: 0xff bytes in addresses and inputs are not handled, and a lot of other constraints...
Wing FTP Server 6.2.5 - Privilege Escalation
Exploit Title: Wing FTP Server 6.2.5 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-03 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.5 and...
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Date: 2020-02-29 Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module requires Metasploit: https://metasploit.com/download Current...
Wing FTP Server 6.2.3 - Privilege Escalation
Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.3 Tested...
qdPM < 9.1 - Remote Code Execution
!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...
Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Date: 2020-02-26 Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.php Version: V-1.0 Tested on: ubuntu...
Comtrend VR-3033 - Command Injection
Title: Comtrend VR-3033 - Authenticated Command Injection Date: 2020-02-26 Author: Author : Raki Ben Hamouda Vendor: https://us.comtrend.com Product link: https://us.comtrend.com/products/vr-3030/ CVE: CVE-2020-10173 The Comtrend VR-3033 is prone to Multiple Authenticated Command Injection...
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
/ LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...
Core FTP LE 2.2 - Denial of Service (PoC)
Exploit Title: Core FTP LE 2.2 - Denial of Service PoC Date: 2020-25-02 Exploit Author: Ismael Nava Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download.html Version: 2.2 build 1947 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program Core FTP LE In...
PhpIX 2012 Professional - 'id' SQL Injection
Title: PhpIX 2012 Professional - 'id' SQL Injection Date: 2020-02-26 Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search Enggine. + /productdetail.php?id=448578 ====|...
OpenSMTPD 6.6.3 - Arbitrary File Read
Title: OpenSMTPD 6.6.3 - Arbitrary File Read Date: 2020-02-20 Author: qualys Vendor: https://www.opensmtpd.org/ CVE: 2020-8793 / Local information disclosure in OpenSMTPD CVE-2020-8793 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the...
Odin Secure FTP Expert 7.6.3 - Denial of Service (PoC)
Exploit Title : Odin Secure FTP Expert 7.6.3 - Denial of Service PoC Exploit Author : Berat Isler Date : 2020-02-25 Vendor Homepage : https://odin-secure-ftp-expert.jaleco.com/ Software Link Download : http://tr.oldversion.com/windows/odin-secure-ftp-expert-7-6-3 Version : Odin Secure FTP Expert...
SpotFTP-FTP Password Recover 2.4.8 - Denial of Service (PoC)
Exploit Title: SpotFTP-FTP Password Recover 2.4.8 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nsauditor.com/spotftp.html Version: 2.4.8 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program...
aSc TimeTables 2020.11.4 - Denial of Service (PoC)
Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open th...
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...
DotNetNuke 9.5 - Persistent Cross-Site Scripting
Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip Version: . For instance, uploadi...
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
Exploit Title: I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://www.revotec.com/ Product Link: CVE: N/A !/usr/bin/perl Revotech I6032B-P POE 1920x1080P 2.0MP Outdoor Camera Remote Configuration Disclosure Copyright 2020 c Tod...
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774 Vulnerability Name: Authenticated Information Disclosure in...
ATutor 2.2.4 - 'id' SQL Injection
Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE: N/A !/usr/bin/perl ESCAM QD-900 WIFI HD Camera Remote...
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...
Go SSH servers 0.0.2 - Denial of Service (PoC)
Exploit Title: Go SSH servers 0.0.2 - Denial of Service PoC Author: Mark Adams Date: 2020-02-21 Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py CVE: CVE-2020-9283 Running this script may crash the remote SSH server if it is vulnerable. The GitHub repository contains ...
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Diamorphine Rootkit Signal Privilege Escalation', 'Description' = %q This module uses Diamorphine rootkit's privesc feature using signal 64 to...
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
Exploit Title: Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://acesecurity.jp Product Link: https://acesecurity.jp/support/top/wipseries/wip-90113 CVE: N/A !/usr/bin/perl ACE SECURITY WiP-90113 HD Camera Remote Configuration...
Android Binder - Use-After-Free (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Binder Use-After-Free Exploit", 'Description' = %q , 'License' = MSFLICENSE, 'Author' = 'Jann Horn', discovery and exploit 'Maddie Stone'...
DotNetNuke 9.5 - File Upload Restrictions Bypass
Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip Version: = 9.5 CVE : N/A More...
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
Title: CandidATS 2.1.0 - Cross-Site Request Forgery Add Admin Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/auieo/profile/ Software Link: https://sourceforge.net/projects/candidats/files/Version 2.1.0 Tested on Ubuntu 19/Kali Rolling The Candid ATS Web...
Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
Title: Quick N Easy Web Server 3.3.8 - Denial of Service PoC Date: 2019-12-25 Author: Cody Winkler Vendor Homepage: https://www.pablosoftwaresolutions.com/ Software Link: https://www.pablosoftwaresolutions.com/html/quickneasywebserver.html Version: $ python exploit.py 127.0.0.1 80 """ from future...
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
Exploit Title: SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831nh1.html CVE: N/A SecuSTATION IPCAM-130 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev...
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
Exploit Title: SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831.html CVE: N/A !/usr/bin/perl SecuSTATION SC-831 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor...
AMSS++ v 4.31 - 'id' SQL Injection
Title : AMSS++ v 4.31 - 'id' SQL Injection Author : indoushka Tested on: windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor: http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork: แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++" CVE: N/A poc : + Dorking İn Google...
AMSS++ 4.7 - Backdoor Admin Account
Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork : แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"...