41207 matches found
mxBB Module kb_mods 2.0.2 - Remote File Inclusion
mxBB Module kbmods 2.0.2 - Remote File Inclusion | \ | / | \ \ / | | | | | \ / | \ \ / / | | | | '| | |/| |/ \ / / \ / / | | '| | | / | | || | | | | | | | | \ / | | | | || \ \ |/|| || ||,//\ / ||| ,|/...
A-Cart Pro 2.0 - product.asp?ProductID SQL Injection
A-Cart Pro 2.0 - product.asp?ProductID SQL Injection source: https://www.securityfocus.com/bid/21166/info A-Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Joomla! Component Link Directory 1.0.3 - Remote File Inclusion
Joomla! Component Link Directory 1.0.3 - Remote File Inclusion .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Link Directory...
FUDForum 3.0.9 - Remote Code Execution
FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...
Whatsapp 2.19.216 - Remote Code Execution
Whatsapp 2.19.216 - Remote Code Execution Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls...
AppXSvc - Privilege Escalation
AppXSvc - Privilege Escalation ----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version:...
Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting Details ================ Software: Prinect Archive System Version: v2015 Release 2.6 Homepage: https://www.heidelberg.com Advisory report: https://github.com/alt3kx/CVE-2019-10685 CVE:...
Redis 5.0 - Denial of Service
Redis 5.0 - Denial of Service Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the xgroupCommand...
Linux Kernel (Ubuntu 17.04) - XFRM Local Privilege Escalation
Linux Kernel Ubuntu 17.04 - XFRM Local Privilege Escalation Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer...
Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution function asmjsmodule "use asm"; / huge jitted nop sled / function payloadcode var val = 0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val + 0xa8909090|0; val = val +...
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
ASUSWRT RT-AC53 3.0.0.4.380.6038 - Remote Code Execution Remote Code Execution Component: networkmap CVE: CVE-2017-6548 networkmap is responsible for generating a map of computers connected to the router. It continuously monitors the LAN to detect ARP requests submitted by unknown computers. When...
Microsoft Internet Explorer - CTreeNode::GetCascadedLang Use-After-Free (MS15-079)
Microsoft Internet Explorer - CTreeNode::GetCascadedLang Use-After-Free MS15-079 meta http-equiv="X-UA-Compatible" content="IE=10...
Password Manager Pro Pro MSP - Blind SQL Injection
Password Manager Pro Pro MSP - Blind SQL Injection Authenticated blind SQL injection in Password Manager Pro / Pro MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Last...
TYPO3 - Arbitrary File Retrieval
TYPO3 - Arbitrary File Retrieval ?php / TYPO3-SA-2010-022.php Exploit Title: TYPO3 Unauthenticated Arbitrary File Retrieval TYPO3-SA-2010-020, TYPO3-SA-2010-022 Date: 29/12/2010 Author: ikki Software Link: http://typo3.org/download/, http://sourceforge.net/projects/typo3/files/ Version: 4.2.15,...
vBulletin Blog 4.0.2 - Title Cross-Site Scripting
vBulletin Blog 4.0.2 - Title Cross-Site Scripting Vbulletin Blog 4.0.2 XSS Vulnerability Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin™ Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved. The script is affected by Permanent XSS vulnerability, ...
ProductCart 1.x2.x - Custva.asp?redirectUrl Cross-Site Scripting
ProductCart 1.x2.x - Custva.asp?redirectUrl Cross-Site Scripting source: https://www.securityfocus.com/bid/9669/info EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues...
Genexis Platinum-4410 2.1 - Authentication Bypass
Genexis Platinum-4410 2.1 - Authentication Bypass Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass Date: 20220-01-08 Exploit Author: Husinul Sanub Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/ Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Route...
NoMachine 5.3.27 - Remote Code Execution
NoMachine 5.3.27 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com...
Android Bluetooth - Blueborne Information Leak (2)
Android Bluetooth - Blueborne Information Leak 2 from pwn import import bluetooth if not 'TARGET' in args: log.info"Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX" exit target = args'TARGET' servicelong = 0x0100 serviceshort = 0x0001 mtu = 50 n = 30 def packetservice, continuationstate: pkt =...
OpenNetAdmin 13.03.01 - Remote Code Execution
OpenNetAdmin 13.03.01 - Remote Code Execution Exploit Title: OpenNetAdmin Remote Code Execution Date: 03/04/13 Exploit Author: Mandat0ry aka Matthew Bryant Vendor Homepage: http://opennetadmin.com/ Software Link: http://opennetadmin.com/download.html Version: 13.03.01 Tested on: Ubuntu CVE : No C...
Oracle WebCenter Sites (FatWire Content Server) - Multiple Vulnerabilities
Oracle WebCenter Sites FatWire Content Server - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in Oracle WebCenter Sites product: Oracle WebCenter Sites former FatWire...
Freepbx 2.11.1.5 - Remote Code Execution
Freepbx 2.11.1.5 - Remote Code Execution Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/...
OpenX 2.8.10 - Multiple Vulnerabilities
OpenX 2.8.10 - Multiple Vulnerabilities Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion...
Joomla! Component mod_spo - SQL Injection
Joomla! Component modspo - SQL Injection Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x Tested on:...
IPComp - encapsulation Kernel Memory Corruption
IPComp - encapsulation Kernel Memory Corruption // source: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080031.html BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload -------------------------------------------------------------------------------...
PozScripts Classified Auctions - gotourl.php?id SQL Injection
PozScripts Classified Auctions - gotourl.php?id SQL Injection | | | Classified Auctions gotourl.php id Remote SQL Injection Vulnerability | | |---------------- Hussin X ------------------ | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | script :...
paBugs 2.0 Beta 3 - class.mysql.php Remote File Inclusion
paBugs 2.0 Beta 3 - class.mysql.php Remote File Inclusion ?php / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:...
Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting
Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this...
qdPM 9.1 - Remote Code Execution
qdPM 9.1 - Remote Code Execution !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically...
Windows Kernel - Information Disclosure
Windows Kernel - Information Disclosure PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant ...
Joomla! Component JoomRecipe 1.0.3 - SQL Injection
Joomla! Component JoomRecipe 1.0.3 - SQL Injection Exploit Title: Joomla! Component JoomRecipe 1.0.3 - SQL Injection Dork: N/A Date: 15.06.2017 Vendor : http://joomboost.com/ Software: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/ Demo:...
CUPS 2.0.3 - Remote Command Execution
CUPS 2.0.3 - Remote Command Execution !/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link: https://github.com/apple/cups/releases/tag/release-2.0.2 Version: 2.0....
3editor CMS 0.42 - index.php Local File Inclusion
3editor CMS 0.42 - index.php Local File Inclusion script Name: 3editor CMS index.php Local File Include Exploit Download:http://www.matteolucarelli.net/3editor/index.htm Author : Dr Max Virus Contact :[email protected] Bug & Problem In file index.php Let's Take a look; if !isset$GET'page'...
Joomla! Component Artlinks 1.0b4 - Remote File Inclusion
Joomla! Component Artlinks 1.0b4 - Remote File Inclusion .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Artlinks v1.0 Beta 4...
aSc TimeTables 2020.11.4 - Denial of Service (PoC)
aSc TimeTables 2020.11.4 - Denial of Service PoC Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Teste...
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Exploit Title: Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Google Dork: site:..com "Web File Manager" inurl:?login= Shodan Dork: Server: Rumpus Date: 2019-12-14 Exploit Author: Harshit Shukla, Sudeepto R...
Linux Kernel 2.6.x 3.10.x 4.14.x (RedHat Debian CentOS) (x64) - Mutagen Astronomy Local Privilege Escalation
Linux Kernel 2.6.x 3.10.x 4.14.x RedHat Debian CentOS x64 - Mutagen Astronomy Local Privilege Escalation / EDB-Note: Systems with less than 32GB of RAM are unlikely to be affected by this issue, due to memory demands during exploitation. EDB Note: poc-exploit.c / / poc-exploit.c for CVE-2018-1463...
Oracle Solaris 11.111.3 (RSH) - Stack Clash Local Privilege Escalation
Oracle Solaris 11.111.3 RSH - Stack Clash Local Privilege Escalation / Solarisrsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published ...
packetstormsecurity.com
Pentest notes for: packetstormsecurity.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:27:33 2019 as: /usr/bin/nmap -sV -A -oA log/exploitpack.com exploitpack.com Nmap scan report for exploitpack.com 132.148.22.104 Host is up 0.18s latency. rDNS record for 132.148.22.104:...
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x...
Modx Revolution 2.6.4 - Remote Code Execution
Modx Revolution 2.6.4 - Remote Code Execution Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload = 'ctx':...
Microsoft Windows - .LNK Shortcut File Code Execution
Microsoft Windows - .LNK Shortcut File Code Execution !/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER:...
Odoo CRM 10.0 - Code Execution
Odoo CRM 10.0 - Code Execution Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project...
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution !/usr/bin/env python coding: utf8 EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution Vendor: EnGenius Technologies Inc. Product web page: https://www.engeniustech.com Affected version: ESR300 1.4.9...
WordPress Plugin Mail Masta 1.0 - SQL Injection
WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...
Microsoft Windows Kernel - win32k Denial of Service (MS16-135)
Microsoft Windows Kernel - win32k Denial of Service MS16-135 / Source: https://github.com/tinysec/public/tree/master/CVE-2016-7255 Full Proof of Concept: https://github.com/tinysec/public/tree/master/CVE-2016-7255...
Flash ActiveX 28.0.0.137 - Code Execution (1)
Flash ActiveX 28.0.0.137 - Code Execution 1 CVE-2018-4878 flash exploit Pop up a calculator - tested with installation of flash activeX plugin 28.0.0.137 Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44744.xlsx...
Python CGIHTTPServer - Encoded Directory Traversal
Python CGIHTTPServer - Encoded Directory Traversal Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute...
Apache Commons FileUpload and Apache Tomcat - Denial of Service
Apache Commons FileUpload and Apache Tomcat - Denial of Service CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in...