41207 matches found
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation 2 / Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / / CVE-2016-0728 local root exploit modified by...
PHP Ticket System Beta 1 - Cross-Site Request Forgery
PHP Ticket System Beta 1 - Cross-Site Request Forgery 1. 2. 3. + Exploit Title : php ticket system csrf 4. + Author : Pablo '7days' Riberio 5. + Team: So Good Security 6. + Other 0days : http://pastebin.com/u/7days 7. + Version : = BETA 1 8. + Tested on : windows/internet explorer 9. + Details:...
Pandora FMS 3.1 - Authentication Bypass
Pandora FMS 3.1 - Authentication Bypass + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers,...
MetaCart2 - IntCatalogID SQL Injection
MetaCart2 - IntCatalogID SQL Injection source: https://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. An attacker may exploit this issue to...
Linux Kernel 4.14.7 (Ubuntu 16.04 CentOS 7) - (KASLR SMEP Bypass) Arbitrary File Read
Linux Kernel 4.14.7 Ubuntu 16.04 CentOS 7 - KASLR SMEP Bypass Arbitrary File Read // A proof-of-concept exploit for CVE-2017-18344. // Includes KASLR and SMEP bypasses. No SMAP bypass. // No support for 1 GB pages or 5 level page tables. // Tested on Ubuntu xenial 4.4.0-116-generic and...
FileRun 2017.09.18 - SQL Injection
FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...
Cisco Unified Communications Manager - Multiple Vulnerabilities
Cisco Unified Communications Manager - Multiple Vulnerabilities Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: ------...
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in t...
CaLogic Calendars 1.2.2 - langsel SQL Injection
CaLogic Calendars 1.2.2 - langsel SQL Injection /---------------------------------------------------------------\ \ / / CaLogic Calendars V1.2.2 Remote SQL injection \ \ / ---------------------------------------------------------------/ Author : His0k4 ALGERIAN HaCkEr Dork : "CaLogic Calendars...
rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution
rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp//...
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Date: 2020-02-29 Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module...
microsoft.com
Pentest notes for: microsoft.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:27:33 2019 as: /usr/bin/nmap -sV -A -oA log/exploitpack.com exploitpack.com Nmap scan report for exploitpack.com 132.148.22.104 Host is up 0.18s latency. rDNS record for 132.148.22.104:...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
zzzphp CMS 1.6.1 - Cross-Site Request Forgery Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip...
Apache Tomcat 5.5.25 - Cross-Site Request Forgery
Apache Tomcat 5.5.25 - Cross-Site Request Forgery +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti...
Java Web Start Launcher ActiveX Control - Memory Corruption
Java Web Start Launcher ActiveX Control - Memory Corruption SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version...
Book Gallery - aboutbook.php SQL Injection
Book Gallery - aboutbook.php SQL Injection Title: Book Gallery aboutbook.php SQL Injection Vulnerability Version: 1.0 Author: Mr.P3rfekT Software Link:N/A Tested on Lunix CVE : N/A Founded By Mr.P3rfekT Helllo Allz Exploit : http://127.0.0.1/path/aboutbook.php?id= == SQLi sh done MaiL...
VWar 1.5.0 R15 - mvcw.php Remote File Inclusion
VWar 1.5.0 R15 - mvcw.php Remote File Inclusion '/ -.- --------------------oOO------OOo-------------------- | VWar = v1.5.0 R15 mvcw.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.vwar.de ! Detected:...
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password =...
OpenBSD 6.x - Dynamic Loader Privilege Escalation
OpenBSD 6.x - Dynamic Loader Privilege Escalation Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents...
BulletProof FTP Server 2019.0.0.50 - Storage-Path Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - Storage-Path Denial of Service PoC Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link:...
vBulletin 3.6.0 4.2.3 - ForumRunner SQL Injection
vBulletin 3.6.0 4.2.3 - ForumRunner SQL Injection Exploit Title : vBulletin = 4.2.3 SQL Injection CVE-2016-6195 Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu...
TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution
TP-Link TL-WR740N v4 Router FW-Ver. 3.16.6 Build 130529 Rel.47286n - Command Execution Exploit Title: TP-Link TL-WR740N v4 router FW-Ver. 3.16.6 Build 130529 Rel.47286n arbitrary shell command execution Date: 08/03/2014 Exploit Author: Christoph Kuhl Vendor Homepage: http://www.tp-link.com Softwa...
BigACE 2.4 - Multiple Remote File Inclusions
BigACE 2.4 - Multiple Remote File Inclusions / \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ | |--------------------/--|-voV---|'/--Vov-|-----------------------|-| |-| '^ o o '^ | | | | \Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| ||| | @ l /\ / \ /\ l |-| l / V \ \ V \ l @ l/ \I \ /'...
DUclassmate 1.x - account.asp?MM-recordId Arbitrary Password Modification
DUclassmate 1.x - account.asp?MM-recordId Arbitrary Password Modification source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also...
RobotFTP Server 1.02.0 - Remote Denial of Service
RobotFTP Server 1.02.0 - Remote Denial of Service source: https://www.securityfocus.com/bid/9732/info It has been reported that Opt-X may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable...
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution
PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrar...
ASUS AXSP 1.02.00 - asComSvc Unquoted Service Path
ASUS AXSP 1.02.00 - asComSvc Unquoted Service Path Exploit Title: ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-10 Vendor Homepage: https://www.asus.com/ Software Link...
Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path
Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link:...
gSOAP 2.8 - Directory Traversal
gSOAP 2.8 - Directory Traversal Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET /../../../../../../../../../etc/passwd HTTP/1.1...
Ayukov NFTP client 1.71 - SYST Buffer Overflow
Ayukov NFTP client 1.71 - SYST Buffer Overflow Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested o...
vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution
vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution ?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability ---------------------------------------------------------------------...
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
AlienVault Unified Security Management USM 5.4.2 - Cross-Site Request Forgery 1. ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5...
Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping
Python smtplib 2.7.11 3.4.4 3.5.1 - Man In The Middle StartTLS Stripping VuNote ============ Author: Version: 0.2 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping mitm Overview -------- Name: python Vendor: python software foundation References: https://www.python.org/ 1 Version: 2.7.1...
siu guarani - Multiple Vulnerabilities
siu guarani - Multiple Vulnerabilities multiple remote vulnerabilities siu guarani general information ------------------- bug type : multiple remote vulnerabilities software name : SIU Guarani vendor : SIU www.siu.edu.ar authors : proudhon & Ubik date : the 341st day of the year 2008 contact : N...
PHP-Fusion 4.01 - readmore.php SQL Injection
PHP-Fusion 4.01 - readmore.php SQL Injection source: https://www.securityfocus.com/bid/30680/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Annuaire 1Two 1.01.1 - index.php Cross-Site Scripting
Annuaire 1Two 1.01.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13961/info Annuaire 1Two is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issu...
netkit-telnet-0.17 telnetd (Fedora 31) - BraveStarr Remote Code Execution
netkit-telnet-0.17 telnetd Fedora 31 - BraveStarr Remote Code Execution !/usr/bin/env python3 BraveStarr ========== Proof of Concept remote exploit against Fedora 31 netkit-telnet-0.17 telnetd. This is for demonstration purposes only. It has by no means been engineered to be reliable: 0xff bytes ...
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Exploit Title: CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Exploit Author: wetw0rk Exploit Version: Public POC Vendor Homepage:...
NEOWISE CARBONFTP 1.4 - Weak Password Encryption
NEOWISE CARBONFTP 1.4 - Weak Password Encryption Exploit Title: NEOWISE CARBONFTP 1.4 - Weak Password Encryption discovery Date: 2019-01-24 published : 2020-01-20 Exploit Author: hyp3rlinx Vendor Homepage: https://www.neowise.com Software Link: https://www.neowise.com/freeware/ Version: 1.4 +...
FaceSentry Access Control System 6.4.8 - Remote SSH Root
FaceSentry Access Control System 6.4.8 - Remote SSH Root !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2...
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
Microsoft Windows 10 Build 17134 - Local Privilege Escalation UAC Bypass include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize...
Git Submodule - Arbitrary Code Execution (PoC)
Git Submodule - Arbitrary Code Execution PoC These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the...
Cisco Network Assistant 6.3.3 - Cisco Login Denial of Service (PoC)
Cisco Network Assistant 6.3.3 - Cisco Login Denial of Service PoC Exploit Title: Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-27 Vendor Homepage: https://www.cisco.com/ Software Link :...
Apache Struts 2.3.x Showcase - Remote Code Execution
Apache Struts 2.3.x Showcase - Remote Code Execution !/usr/bin/python -- coding: utf-8 -- Just a demo for CVE-2017-9791 import requests def exploiturl, cmd: print"+ command: %s" % cmd payload = "%" payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?memberAccess=dm:"...
SquirrelMail 1.4.22 - Remote Code Execution
SquirrelMail 1.4.22 - Remote Code Execution !/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh...
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendo...
GLPI 0.85 - Blind SQL Injection
GLPI 0.85 - Blind SQL Injection Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category...
Python - socket.recvfrom_into() Remote Buffer Overflow
Python - socket.recvfrominto Remote Buffer Overflow !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-19...
PHPDirector Game Edition - game.php SQL Injection
PHPDirector Game Edition - game.php SQL Injection PHPDirector Game Edition game.php Sql Injection Vulnerability ================================================================ .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script :...
VMware Remote Console e.x.p build-158248 - Format String
VMware Remote Console e.x.p build-158248 - Format String DSECRG-09-053 VMware Remote Console - format string vulnerability http://www.dsecrg.com/pages/vul/show.php?id=153 VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where...