41207 matches found
Apache Axis 1.4 - Remote Code Execution
Apache Axis 1.4 - Remote Code Execution +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis...
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
Tenda N11 Wireless Router 5.07.43enNEX01 - Remote DNS Change !/bin/bash Tenda N11 Wireless Router V5.07.43enNEX01 Cookie Session Weakness Remote DNS Change PoC Exploit Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign...
BigACE 2.5 - SQL Injection
BigACE 2.5 - SQL Injection !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...
phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion
phpCOIN 1.2.2 - CCFGPKGPATHDBSE Remote File Inclusion source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode =...
60CycleCMS - news.php SQL Injection
60CycleCMS - news.php SQL Injection Exploit Title: 60CycleCMS - 'news.php' Multiple vulnerability Google Dork: N/A Date: 2020-02-10 Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...
Counter Strike: GO - .bsp Memory Control (PoC)
Counter Strike: GO - .bsp Memory Control PoC So I’ve been holding onto this neat little gem of a .bsp that has four bytes very close to the end of the file that controls the memory allocator. See above picture. Works on all supported operating systems last I checked so Linux, Windows, and macOS,...
Palo Alto Networks Firewalls - Root Remote Code Execution
Palo Alto Networks Firewalls - Root Remote Code Execution This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface...
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
Squid Analysis Report Generator 2.3.10 - Remote Code Execution Exploit Title: RCE/Arbitrary file write in Squid Analysis Report Generator SARG Google Dork: inurl:sarg-php Date: 01 September 2017 Exploit Author: Pavel Suprunyuk Vendor Homepage: https://sourceforge.net/projects/sarg/ Software Link:...
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection !/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages a...
CoolZip 2.0 - zip Buffer Overflow
CoolZip 2.0 - zip Buffer Overflow !/usr/bin/perl +Exploit Title: Exploit Buffer Overflow CoolZip 2.0 +Date: 12\03\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.brothersoft.com/coolzip-download-7097.html +Version: 2.0 +Tested On WIN-XP SP3 Portugues Brasil +CVE: N/A xxx xxx xxxxxxxxxxx...
PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution
PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/...
Google Chrome 70 - SQLite Magellan Crash (PoC)
Google Chrome 70 - SQLite Magellan Crash PoC This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page:...
Linux Kernel (Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611) - ldso_hwcap_64 Stack Clash Local Privilege Escalation
Linux Kernel Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611 - ldsohwcap64 Stack Clash Local Privilege Escalation / Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C...
PHP - openssl_x509_parse() Memory Corruption
PHP - opensslx509parse Memory Corruption SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4...
FileThingie 2.5.7 - Arbitrary File Upload
FileThingie 2.5.7 - Arbitrary File Upload Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Discovery Date: 2019-09-03 Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS:...
DynoRoot DHCP Client - Command Injection
DynoRoot DHCP Client - Command Injection Exploit Title: DynoRoot DHCP - Client Command Injection Date: 2018-05-18 Exploit Author: Kevin Kirsche Exploit Repository: https://github.com/kkirsche/CVE-2018-1111 Exploit Discoverer: Felix Wilhelm Vendor Homepage: https://www.redhat.com/ Version: RHEL 6....
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll not...
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow (PoC)
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow PoC Exploit Title: BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS Crash only Date: 09/21/2017 Exploit Author: Marcin Kozlowski Version: Kernel version v3.3-rc1, and thus affects all version from there on Tested on: Linux 4.4.0-93-generic...
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass (Metasploit)
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass Metasploit Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd...
Adobe ColdFusion - Directory Traversal
Adobe ColdFusion - Directory Traversal Working GET request courtesy of carnal0wnage: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm"...
GeekLog 2.x - ImageImageMagick.php Remote File Inclusion
GeekLog 2.x - ImageImageMagick.php Remote File Inclusion -------------------------------- 05/18/2007 --------------------------------- GeekLog 2. ImageImageMagick.php RFI Vuln ----------------------------------- ASCII ----------------------------------- / / / / / / / / / / / / / / / / / / / / / /...
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free var vars = new Array2; function main vars0 = Array1000000.joinString.fromCharCode0x41; vars1 = String.prototype.substring.callvars0, 1, vars0.length; String.prototype.replace.callvars1, RegExp, f; function farg1, arg2,...
EA Battlefield 2 Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities
EA Battlefield 2 Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities Source: http://aluigi.org/adv/bf2urlz-adv.txt Luigi Auriemma Application: Refractor 2 engine Games: Battlefield 2 = 1.50 aka 1.5.3153-802.0 http://www.battlefield.ea.com/battlefield/bf2/ Battlefield 2142 = 1.50 aka...
MiladWorkShop VIP System 1.0 - lang SQL Injection
MiladWorkShop VIP System 1.0 - lang SQL Injection Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Date: 2020-03-03 Exploit Author: AYADI Mohamed email : [email protected] Vendor Homepage: https://miladworkshop.ir/ Softwar...
Joomla 3.9.13 - Host Header Injection
Joomla 3.9.13 - Host Header Injection Exploit Title: Joomla 3.9.13 - 'Host' Header Injection Author: Pablo Santiago Date: 2019-11-12 Vendor Homepage: https://www.joomla.org/ Source: https://downloads.joomla.org/cms/joomla3/3-9-13/Joomla3-9-13-Stable-FullPackage.zip?format=zip Version: 3.9.13 CVE ...
EA Origin 10.5.38 - Remote Code Execution
EA Origin 10.5.38 - Remote Code Execution Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on:...
Linux - Broken uidgid Mapping for Nested User Namespaces
Linux - Broken uidgid Mapping for Nested User Namespaces commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switching to a different data structure if the number of mappings excee...
OpenBSD HTTPd 6.0 - Memory Exhaustion Denial of Service
OpenBSD HTTPd 6.0 - Memory Exhaustion Denial of Service Advisory Information Title: Remote DoS against OpenBSD http server up to 6.0 Advisory URL: https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt Blog URL: https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.htm...
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow
Nginx 1.4.0 Generic Linux x64 - Remote Overflow nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs...
Absolute Image Gallery 2.0 - gallery.asp?categoryId SQL Injection
Absolute Image Gallery 2.0 - gallery.asp?categoryId SQL Injection Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug :...
MetaCart2 - IntCatalogID SQL Injection
MetaCart2 - IntCatalogID SQL Injection source: https://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. An attacker may exploit this issue to...
UliCMS 2020.1 - Persistent Cross-Site Scripting
UliCMS 2020.1 - Persistent Cross-Site Scripting Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows...
YzmCMS 5.5 - url Persistent Cross-Site Scripting
YzmCMS 5.5 - url Persistent Cross-Site Scripting Exploit Title: YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-03-10 Exploit Author: En Vendor Homepage: https://github.com/yzmcms/yzmcms Software Link: https://github.com/yzmcms/yzmcms Version: V5.5 Category: Web...
PHP Ticket System Beta 1 - Cross-Site Request Forgery
PHP Ticket System Beta 1 - Cross-Site Request Forgery 1. 2. 3. + Exploit Title : php ticket system csrf 4. + Author : Pablo '7days' Riberio 5. + Team: So Good Security 6. + Other 0days : http://pastebin.com/u/7days 7. + Version : = BETA 1 8. + Tested on : windows/internet explorer 9. + Details:...
CPCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion
CPCommerce 1.2.x - GLOBALSprefix Arbitrary File Inclusion !/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation...
CaLogic Calendars 1.2.2 - langsel SQL Injection
CaLogic Calendars 1.2.2 - langsel SQL Injection /---------------------------------------------------------------\ \ / / CaLogic Calendars V1.2.2 Remote SQL injection \ \ / ---------------------------------------------------------------/ Author : His0k4 ALGERIAN HaCkEr Dork : "CaLogic Calendars...
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password =...
Linux Kernel 4.14.7 (Ubuntu 16.04 CentOS 7) - (KASLR SMEP Bypass) Arbitrary File Read
Linux Kernel 4.14.7 Ubuntu 16.04 CentOS 7 - KASLR SMEP Bypass Arbitrary File Read // A proof-of-concept exploit for CVE-2017-18344. // Includes KASLR and SMEP bypasses. No SMAP bypass. // No support for 1 GB pages or 5 level page tables. // Tested on Ubuntu xenial 4.4.0-116-generic and...
Cisco Unified Communications Manager - Multiple Vulnerabilities
Cisco Unified Communications Manager - Multiple Vulnerabilities Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: ------...
Java Web Start Launcher ActiveX Control - Memory Corruption
Java Web Start Launcher ActiveX Control - Memory Corruption SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version...
BigACE 2.4 - Multiple Remote File Inclusions
BigACE 2.4 - Multiple Remote File Inclusions / \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ | |--------------------/--|-voV---|'/--Vov-|-----------------------|-| |-| '^ o o '^ | | | | \Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| ||| | @ l /\ / \ /\ l |-| l / V \ \ V \ l @ l/ \I \ /'...
VWar 1.5.0 R15 - mvcw.php Remote File Inclusion
VWar 1.5.0 R15 - mvcw.php Remote File Inclusion '/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected:...
RobotFTP Server 1.02.0 - Remote Denial of Service
RobotFTP Server 1.02.0 - Remote Denial of Service source: https://www.securityfocus.com/bid/9732/info It has been reported that Opt-X may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable...
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrar...
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Date: 2020-02-29 Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
zzzphp CMS 1.6.1 - Cross-Site Request Forgery Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip...
siu guarani - Multiple Vulnerabilities
siu guarani - Multiple Vulnerabilities multiple remote vulnerabilities siu guarani general information ------------------- bug type : multiple remote vulnerabilities software name : SIU Guarani vendor : SIU www.siu.edu.ar authors : proudhon & Ubik date : the 341st day of the year 2008 contact : N...