47904 matches found
LiteManager 4.5.0 - Insecure File Permissions
Exploit Title: LiteManager 4.5.0 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2019-11-21 Vendor Homepage : LiteManager Team Software Link: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on OS: Windows 7 Proof of Concept PoC:...
GNU Mailutils 3.7 - Privilege Escalation
Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...
TestLink 1.9.19 - Persistent Cross-Site Scripting
Exploit Title: TestLink 1.9.19 - Persistent Cross-Site Scripting Date: 2019-11-20 Exploit Author: Milad Khoshdel Software Link: http://testlink.org/ Version: TestLink 1.9.19 Tested on: Linux Apache/2 PHP/7.3.11 ========= Vulnerable Pages: ========= Persistent --...
Network Management Card 6.2.0 - Host Header Injection
Exploit Title: Network Management Card 6.2.0 - Host Header Injection Google Dork: Date: 2019-11-21 Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link: https://www.apc.com/shop/in/en/products/Network-Management-Card Version: v6.2.0 Tested on: Kali...
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows Escalate UAC Protection Bypass Via Shell Open Registry Key',...
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c: ================================================================== +define vmafputvma vmadofputvma, func, LINE...
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is com.apple.audio.AudioFileServer, a fairly simple XPC service which will parse...
OpenNetAdmin 18.1.1 - Remote Code Execution
Exploit Title: OpenNetAdmin 18.1.1 - Remote Code Execution Date: 2019-11-19 Exploit Author: mattpascoe Vendor Homepage: http://opennetadmin.com/ Software Link: https://github.com/opennetadmin/ona Version: v18.1.1 Tested on: Linux Exploit Title: OpenNetAdmin v18.1.1 RCE Date: 2019-11-19 Exploit...
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this is attack surface from unprivileged userspace in the default...
Bludit - Directory Traversal Image File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...
Pulse Secure VPN - Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary Command Execution', 'Description' = %q This module exploits a post-auth command injection in the Pulse Secure VPN serv...
Xorg X11 Server - Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xorg X11 Server Local Privilege Escalation', 'Description' = %q WARNING: Successful execution of this module results in /etc/passwd being...
FreeSWITCH - Event Socket Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...
FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)
Exploit Title: scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage: https://apps.apple.com/ca/app/scadaapp/id1206266634 Software Link: App Store for iOS devices Tested Version: 1.1.4.0 Vulnerability Type: Denial of...
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.xmedia-recode.de/ Link Software : https://www.xmedia-recode.de/download.php Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] ''' Proof...
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Exploit Title: BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.filehorse.com/ Link Software : https://www.filehorse.com/download-bartvpn/ Tested on OS: Windows 7 Analyze PoC : ============== C:\Users\ZwXsc qc...
Centova Cast 3.2.12 - Denial of Service (PoC)
Exploit Title: Centova Cast 3.2.12 - Denial of Service PoC Date: 2019-11-18 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.12 Tested on: Debian 9, CentOS 7 =============================================== The Centova Cast becomes out of control and causes 100%...
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Exploit Title: Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage: https://www.rockwellautomation.com/enNA/overview.page Software Link :...
ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
Exploit Title: ipPulse 1.92 - 'Enter Key' Denial of Service PoC Discovery by: Diego Buztamante Discovery Date: 2019-11-18 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link : http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability Type: Denial of...
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...
iSmartViewPro 1.3.34 - Denial of Service (PoC)
Exploit Title: iSmartViewPro 1.3.34 - Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019 -11-16 Vendor Homepage: http://www.smarteyegroup.com/ Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071 Tested Version: 1.3.34 Vulnerability Type: Denial of Service D...
Centova Cast 3.2.11 - Arbitrary File Download
Exploit Title: Centova Cast 3.2.11 - Arbitrary File Download Date: 2019-11-17 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.11 Tested on: Debian 9, CentOS 7 !/bin/bash if "$4" = "" then echo "Usage: $0 centovacasturl user password ftpaddress" exit fi url=$1...
NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths
Exploit Title: NCPSecureEntryClient 9.2 - Unquoted Service Paths Date: 2019-11-17 Exploit Author: Akif Mohamed Ik Vendor Homepage: http://software.ncp-e.com/ Software Link: http://software.ncp-e.com/NCPSecureEntryClient/Windows/9.2x/ Version: 9.2x Tested on: Windows 7 SP1 CVE : NA C:\Users\userwm...
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service PoC Author: chuyreds Discovery Date: 2019-11-16 Vendor Homepage: https://www.foscam.es/ Software Link : https://www.foscam.es/descarga/FoscamVMS1.1.4.9.zip Tested Version: 1.1.4.9 Vulnerability Type: Denial of...
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-16 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices GE Intelligent Platforms, Inc. Tested Versio...
TemaTres 3.0 - 'value' Persistent Cross-site Scripting
Exploit Title: TemaTres 3.0 - 'value' Persistent Cross-site Scripting Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14343 Reference:...
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source Version: 0.11.10...
Crystal Live HTTP Server 6.01 - Directory Traversal
Title: Crystal Live HTTP Server 6.01 - Directory Traversal Date of found: 2019-11-17 Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- GET...
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-17 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.70 Buil...
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
Exploit Title: ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path Date: 2019-11-16 Exploit Author : Olimpia Saucedo Vendor Homepage: www.asus.com Version: 1.00.31 Tested on: Windows 10 Pro x64 but it should works on all windows version The application suffers from an unquoted servic...
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Google Dork: N/A Date: 2019-11-15 Exploit Author: Kevin Randall Vendor Homepage: https://www.lexmark.com/enus.html Software Link: https://www.lexmark.com/enus.html Version: 2.27.4.0.39 Latest Version Tested on: Window...
MobileGo 8.5.0 - Insecure File Permissions
Exploit Title: MobileGo 8.5.0 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2019-11-15 Vendor Homepage : https://www.wondershare.net/ Software Link: https://www.wondershare.net/mobilego/ Tested on OS: Windows 7 Proof of Concept PoC: ========================== C:\Program...
Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path
Exploit Title: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path Date: 2019-11-14 Exploit Author: D.Goedecke Vendor Homepage: www.shrew.net Software Link: https://www.shrew.net/download/vpn/vpn-client-2.2.2-release.exe Version: 2.2.2 Tested on: Windows 10 64bit C:\Users\userwmic service...
Xfilesharing 2.5.1 - Arbitrary File Upload
Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local File Inclusion...
Siemens Desigo PX 6.00 - Denial of Service (PoC)
Title: Siemens Desigo PX 6.00 - Denial of Service PoC Author: LiquidWorm Date: 2019-11-14 Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version:6.00 Affected version: Model: PXC00-E.D, PXC50-E.D,...
oXygen XML Editor 21.1.1 - XML External Entity Injection
Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m...
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
EDB Note Download: - https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47684-1.exe - https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47684-2.zip COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo...
Fastweb Fastgate 0.00.81 - Remote Code Execution
Exploit Title: Fastweb Fastgate 0.00.81 - Remote Code Execution Date: 2019-11-13 Exploit Author: Riccardo Gasparini Vendor Homepage: https://www.fastweb.it/ Software Link: http://59.0.121.191:8080/ACS-server/file/0.00.81FW200Askey only from Fastweb ISP network Version: 0.00.81 Tested on: Linux CV...
Linear eMerge E3 1.00-06 - Remote Code Execution
Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a Advisory:...
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
Exploit Title: Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-11-11 Exploit Author: Luis Stefan Vendor Homepage: https://www.technicolor.com/ Software Link: N/A Version: TC7300.B0 - STFA.51.20 Tested on: macOS Mojave and Catalina CVE : !/usr/bin/env...
Technicolor TD5130.2 - Remote Command Execution
Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST /mntping.cgi HTTP/1.1 Host: HOST User-Agent:...
FUDForum 3.0.9 - Remote Code Execution
Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...
ScanGuard Antivirus 2020 - Insecure Folder Permissions
Exploit Title: ScanGuard Antivirus 2020 - Insecure Folder Permissions Date: 2019-10-10 Exploit Author: hyp3rlinx Vendor Homepage: https://www.scanguard.com/ Software Link: https://support.scanguard.com/en/kb/22/upgrades-available Version: 2020 Tested on: Windows CVE : N/A Category: exploit...
gSOAP 2.8 - Directory Traversal
Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET /../../../../../../../../../etc/passwd HTTP/1.1 Host: 10.200.106.101 Accept:...
Joomla 3.9.13 - 'Host' Header Injection
Exploit Title: Joomla 3.9.13 - 'Host' Header Injection Author: Pablo Santiago Date: 2019-11-12 Vendor Homepage: https://www.joomla.org/ Source: https://downloads.joomla.org/cms/joomla3/3-9-13/Joomla3-9-13-Stable-FullPackage.zip?format=zip Version: 3.9.13 CVE : N/A Tested on: Windows 10 PoC curl...
eMerge50P 5000P 4.6.07 - Remote Code Execution
Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE :...
Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
Exploit Title: Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version: 5.4.0 REQUIRED Tested on: NA CVE :...