41207 matches found
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
Cisco Adaptive Security Appliance - Path Traversal Metasploit require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow ...
ICE HRM 23.0 - Multiple Vulnerabilities
ICE HRM 23.0 - Multiple Vulnerabilities =========================================================================================== Exploit Title: ICE HRM - ’ob’ SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link:...
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection !/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages a...
IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities
IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICO...
Linux Kernel 3.4 3.13.2 (Ubuntu 13.0413.10 x64) - CONFIG_X86_X32y Local Privilege Escalation (3)
Linux Kernel 3.4 3.13.2 Ubuntu 13.0413.10 x64 - CONFIGX86X32y Local Privilege Escalation 3 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13...
Alstrasoft AskMe Pro 2.1 - Multiple SQL Injections
Alstrasoft AskMe Pro 2.1 - Multiple SQL Injections -+================================================================================+- -+ AlstraSoft AskMe Pro = 2.1 SQL Injection Vulnerabilitys +- -+================================================================================+- Discovered By:...
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...
Palo Alto Networks Firewalls - Root Remote Code Execution
Palo Alto Networks Firewalls - Root Remote Code Execution This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface...
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll not...
PHP 5.2.6 - create_function() Code Injection (1)
PHP 5.2.6 - createfunction Code Injection 1 source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be...
VP-ASP 6.00 - shopcurrency.asp SQL Injection
VP-ASP 6.00 - shopcurrency.asp SQL Injection VP-ASP 6.00 SQL Injection / Exploit by [email protected] people claimed there is some underground sploit for vp-asp 6.00 and I was sure that if a sploit really exist in the ug i can find the bug and make a small hack for it ^^ well it didn't...
NetBackup 7.0 - NetBackup INET Daemon Unquoted Service Path
NetBackup 7.0 - NetBackup INET Daemon Unquoted Service Path Exploit Title: NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Discovery by: Alan Mondragon "El Masas" Discovery Date: 2020-03-17 Vendor Homepage: https://www.veritas.com/ Software Link : https://www.veritas.com/ Veritas...
PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution
PHPKB Multi-Language 9 - image-upload.php Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/...
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution !/bin/sh if "$" -ne 4 ; then echo '! Usage: ' 1&2 exit 1 fi BASE="$1" USERNAME="$2" PASSWORD="$3" COMMAND="$4" JAR="$mktemp" trap 'rm -f "$JAR"' EXIT echo "+ Logging in as $USERNAME:$PASSWORD" 1&2 curl -si -c "$JAR" "$BASE/login.php" ...
Counter Strike: GO - .bsp Memory Control (PoC)
Counter Strike: GO - .bsp Memory Control PoC So I’ve been holding onto this neat little gem of a .bsp that has four bytes very close to the end of the file that controls the memory allocator. See above picture. Works on all supported operating systems last I checked so Linux, Windows, and macOS,...
Apache Axis 1.4 - Remote Code Execution
Apache Axis 1.4 - Remote Code Execution +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis...
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
Tenda N11 Wireless Router 5.07.43enNEX01 - Remote DNS Change !/bin/bash Tenda N11 Wireless Router V5.07.43enNEX01 Cookie Session Weakness Remote DNS Change PoC Exploit Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign...
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
Squid Analysis Report Generator 2.3.10 - Remote Code Execution Exploit Title: RCE/Arbitrary file write in Squid Analysis Report Generator SARG Google Dork: inurl:sarg-php Date: 01 September 2017 Exploit Author: Pavel Suprunyuk Vendor Homepage: https://sourceforge.net/projects/sarg/ Software Link:...
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Local Privilege Escalation
Linux Kernel 4.6.2 Ubuntu 16.04.1 - IP6TSOSETREPLACE Local Privilege Escalation Exploit Title: Linux kernel = 4.6.2 - Local Privileges Escalation via IP6TSOSETREPLACE compat setsockopt call Date: 2016.10.8 Exploit Author: Qian Zhang@MarvelTeam Qihoo 360 Version: Linux kernel = 4.6.2 Tested on:...
PHP - openssl_x509_parse() Memory Corruption
PHP - opensslx509parse Memory Corruption SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4...
MetaCart E-Shop V-8 - IntProdID SQL Injection
MetaCart E-Shop V-8 - IntProdID SQL Injection source: https://www.securityfocus.com/bid/13376/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attack...
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode =...
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.intelbras.com/ Software Link:...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla Convert Forms version 2.0.3 - Formula Injection CSV Injection Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link:...
Linux Kernel (Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611) - ldso_hwcap_64 Stack Clash Local Privilege Escalation
Linux Kernel Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611 - ldsohwcap64 Stack Clash Local Privilege Escalation / Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C...
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow
Nginx 1.4.0 Generic Linux x64 - Remote Overflow nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs...
CoolZip 2.0 - zip Buffer Overflow
CoolZip 2.0 - zip Buffer Overflow !/usr/bin/perl +Exploit Title: Exploit Buffer Overflow CoolZip 2.0 +Date: 12\03\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.brothersoft.com/coolzip-download-7097.html +Version: 2.0 +Tested On WIN-XP SP3 Portugues Brasil +CVE: N/A xxx xxx xxxxxxxxxxx...
jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection
jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor...
BigACE 2.5 - SQL Injection
BigACE 2.5 - SQL Injection !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...
phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion
phpCOIN 1.2.2 - CCFGPKGPATHDBSE Remote File Inclusion source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...
FileThingie 2.5.7 - Arbitrary File Upload
FileThingie 2.5.7 - Arbitrary File Upload Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Discovery Date: 2019-09-03 Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS:...
DynoRoot DHCP Client - Command Injection
DynoRoot DHCP Client - Command Injection Exploit Title: DynoRoot DHCP - Client Command Injection Date: 2018-05-18 Exploit Author: Kevin Kirsche Exploit Repository: https://github.com/kkirsche/CVE-2018-1111 Exploit Discoverer: Felix Wilhelm Vendor Homepage: https://www.redhat.com/ Version: RHEL 6....
Softros Network Time System Server 2.3.4 - Denial of Service
Softros Network Time System Server 2.3.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOFTROS-NETWORK-TIME-SYSTEM-SERVER-v2.3.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============...
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow (PoC)
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow PoC Exploit Title: BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS Crash only Date: 09/21/2017 Exploit Author: Marcin Kozlowski Version: Kernel version v3.3-rc1, and thus affects all version from there on Tested on: Linux 4.4.0-93-generic...
MiladWorkShop VIP System 1.0 - lang SQL Injection
MiladWorkShop VIP System 1.0 - lang SQL Injection Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Date: 2020-03-03 Exploit Author: AYADI Mohamed email : [email protected] Vendor Homepage: https://miladworkshop.ir/ Softwar...
Linux - Broken uidgid Mapping for Nested User Namespaces
Linux - Broken uidgid Mapping for Nested User Namespaces commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switching to a different data structure if the number of mappings excee...
Eventum 2.3.4 - hostname Remote Code Execution
Eventum 2.3.4 - hostname Remote Code Execution Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor...
Adobe ColdFusion - Directory Traversal
Adobe ColdFusion - Directory Traversal Working GET request courtesy of carnal0wnage: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm"...
EA Battlefield 2 Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities
EA Battlefield 2 Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities Source: http://aluigi.org/adv/bf2urlz-adv.txt Luigi Auriemma Application: Refractor 2 engine Games: Battlefield 2 = 1.50 aka 1.5.3153-802.0 http://www.battlefield.ea.com/battlefield/bf2/ Battlefield 2142 = 1.50 aka...
CPCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion
CPCommerce 1.2.x - GLOBALSprefix Arbitrary File Inclusion !/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation...
GeekLog 2.x - ImageImageMagick.php Remote File Inclusion
GeekLog 2.x - ImageImageMagick.php Remote File Inclusion -------------------------------- 05/18/2007 --------------------------------- GeekLog 2. ImageImageMagick.php RFI Vuln ----------------------------------- ASCII ----------------------------------- / / / / / / / / / / / / / / / / / / / / / /...
Absolute Image Gallery 2.0 - gallery.asp?categoryId SQL Injection
Absolute Image Gallery 2.0 - gallery.asp?categoryId SQL Injection Absolute Image Gallery Gallery.ASP categoryid MSSQL Injection Exploit Type : SQL Injection Release Date : 2007-03-15 Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug :...
UliCMS 2020.1 - Persistent Cross-Site Scripting
UliCMS 2020.1 - Persistent Cross-Site Scripting Exploit Title: UliCMS 2020.1 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-03-24 Exploit Author: SunCSR Vendor Homepage: https://en.ulicms.de Software Link: https://en.ulicms.de/currentversions.html Version: 2020.1 Tested on: Windows...
YzmCMS 5.5 - url Persistent Cross-Site Scripting
YzmCMS 5.5 - url Persistent Cross-Site Scripting Exploit Title: YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-03-10 Exploit Author: En Vendor Homepage: https://github.com/yzmcms/yzmcms Software Link: https://github.com/yzmcms/yzmcms Version: V5.5 Category: Web...
Joomla 3.9.13 - Host Header Injection
Joomla 3.9.13 - Host Header Injection Exploit Title: Joomla 3.9.13 - 'Host' Header Injection Author: Pablo Santiago Date: 2019-11-12 Vendor Homepage: https://www.joomla.org/ Source: https://downloads.joomla.org/cms/joomla3/3-9-13/Joomla3-9-13-Stable-FullPackage.zip?format=zip Version: 3.9.13 CVE ...
EA Origin 10.5.38 - Remote Code Execution
EA Origin 10.5.38 - Remote Code Execution Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on:...
Microsoft Office - OLE Remote Code Execution
Microsoft Office - OLE Remote Code Execution Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...
SoftDatepro Dating Social Network 1.3 - SQL Injection
SoftDatepro Dating Social Network 1.3 - SQL Injection Exploit Title: SoftDatepro Dating Social Network 1.3 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/softdatepro-build-your-own-dating-social-network/3650044...
OpenBSD HTTPd 6.0 - Memory Exhaustion Denial of Service
OpenBSD HTTPd 6.0 - Memory Exhaustion Denial of Service Advisory Information Title: Remote DoS against OpenBSD http server up to 6.0 Advisory URL: https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt Blog URL: https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.htm...