41207 matches found
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution !/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning...
Dup Scout Enterprise 10.0.18 - Import Command Local Buffer Overflow
Dup Scout Enterprise 10.0.18 - Import Command Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Dup Scout Enterprise v10.0.18 "Import Comman...
Automated Logic WebCTRL 6.5 - Unrestricted File Upload Remote Code Execution
Automated Logic WebCTRL 6.5 - Unrestricted File Upload Remote Code Execution !/usr/bin/env python -- coding: utf8 -- Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC...
Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
Oracle OpenJDK Runtime Environment 1.8.0112-b15 - Java Serialization Denial Of Service ''' Application: Java SE Vendor: Oracle Bug: DoS Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Author: Roman Shalymov 1. ADVISORY INFORMATIO...
Mambo 4.5.3h - Multiple Vulnerabilities
Mambo 4.5.3h - Multiple Vulnerabilities Mambo Multiple Vulnerabilities Vendor: Miro International Pty Ltd Product: Mambo Version: = 4.5.3h Website: http://www.mamboserver.com BID: 16775 CVE: CVE-2006-0871 CVE-2006-1794 OSVDB: 23402 23503 23505 SECUNIA: 18935 PACKETSTORM: 44191 Description: Mambo ...
2Moons - Multiple Vulnerabilities
2Moons - Multiple Vulnerabilities Title: 2Moons - Multiple Vulnerabilities Date: 08-07-2015 Author: bRpsd skype: vegnox Vendor: 2Moons Vendor HomePage: http://2moons.cc/ CMS Download: https://github.com/jkroepke/2Moons Google Dork: intext:Powered by 2Moons 2009-2013 Affected Versions: All Current...
Microsoft Windows 8.08.1 (x64) - TrackPopupMenu Local Privilege Escalation (MS14-058)
Microsoft Windows 8.08.1 x64 - TrackPopupMenu Local Privilege Escalation MS14-058 Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation http://www.offensive-security.com Thx to Moritz Jodeit for the beautiful writeup...
Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (Metasploit)
Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit3 "Windows...
SPIP CMS 2.0.23 2.1.223.0.9 - Privilege Escalation
SPIP CMS 2.0.23 2.1.223.0.9 - Privilege Escalation !/usr/bin/env python Exploit Title: SPIP - CMS " exit baseurl = sys.argv1 login =...
PHPDug 2.0.0 - Multiple Vulnerabilities
PHPDug 2.0.0 - Multiple Vulnerabilities Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability...
GNU C library dynamic linker - $ORIGIN Expansion
GNU C library dynamic linker - $ORIGIN Expansion from: http://marc.info/?l=full-disclosure&m=128739684614072&w=2 The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is...
PHPGiggle 12.08 - CFG_PHPGIGGLE_ROOT File Inclusion
PHPGiggle 12.08 - CFGPHPGIGGLEROOT File Inclusion Title : Php Giggle Télécharger milw0rm.com 2006-11-06...
MySpeach 3.0.2 - my_ms[root] Remote File Inclusion
MySpeach 3.0.2 - mymsroot Remote File Inclusion ============================================================================================== MySpeach = v3.0.2 mymsroot Remote File Inclusion Exploit ===============================================================================================...
Persian VIP Download Script 1.0 - active SQL Injection
Persian VIP Download Script 1.0 - active SQL Injection Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Data: 2020-03-09 Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested...
Sysax Multi Server 5.50 - Denial of Service (PoC)
Sysax Multi Server 5.50 - Denial of Service PoC Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Google Dork: NA Date: 2020-01-20 Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
Microsoft Windows - AppX Deployment Service Local Privilege Escalation 2 There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found: https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/ If you create the following: GetFavDirectory gets the...
Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 6.20 - WebKit Code Execution PoC PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak Buffer Overflow Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memor...
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass)
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free EMET 5.52 Bypass CVE-2016-1960 / Exploit Title: Mozilla Firefox . 1 https://bugzilla.mozilla.org/showbug.cgi?id=1246014 2 https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/ / "use strict"; / This is executed after having pivot...
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
Linux Kernel 3.17.5 - IRET Instruction SS Fault Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-9322poc.c arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with...
.NET Remoting Services - Remote Command Execution
.NET Remoting Services - Remote Command Execution Source: https://github.com/tyranid/ExploitRemotingService Exploit Database Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35280.zip ExploitRemotingService c 2014 James Forshaw...
OpenSSL - ASN1 BIO Memory Corruption
OpenSSL - ASN1 BIO Memory Corruption Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...
PHP Captcha Securimage 2.0.2 - Authentication Bypass
PHP Captcha Securimage 2.0.2 - Authentication Bypass Sense of Security - Security Advisory - SOS-11-007 Release Date. 20-May-2011 Last Update. - Vendor Notification Date. 04-Apr-2011 Product. Securimage / PHPCaptcha Platform. PHP Affected versions. 1.0.4 - 2.0.2 Severity Rating. Medium Impact...
XOOPS Module Gallery 0.2.2 - gid SQL Injection
XOOPS Module Gallery 0.2.2 - gid SQL Injection XOOPS Module Gallery 0.2.2 SQL Injection Exploit AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 HOME : http://securityreason.com/search/101/c0BidW4=/1/0 MAÄ°L : [email protected] DORKS 1 : allinurl :"modules/gallery" DORK 2 ...
WordPress Plugin fGallery 2.4.1 - fimrss.php SQL Injection
WordPress Plugin fGallery 2.4.1 - fimrss.php SQL Injection -------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin fGallery...
Joomla! Component Mosets Tree 1.0 - Remote File Inclusion
Joomla! Component Mosets Tree 1.0 - Remote File Inclusion !!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : Joomla Mosets Tree = 1.0 Remote File Include Vulnerability...
Mafia Moblog 6 - Big.php Remote File Inclusion
Mafia Moblog 6 - Big.php Remote File Inclusion source: https://www.securityfocus.com/bid/19458/info Mafia Moblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...
TP LINK TL-WR849N - Remote Code Execution
TP LINK TL-WR849N - Remote Code Execution Exploit Title: TP LINK TL-WR849N - Remote Code Execution Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/Firmware Version: TL-WR849N 0.9.1 4.16...
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...
Windows PowerShell ISE - Remote Code Execution
Windows PowerShell ISE - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor...
CAMALEON CMS 2.4 - Cross-Site Scripting
CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernabilit...
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller...
Linux Kernel (Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425) - ldso_dynamic Stack Clash Local Privilege Escalation
Linux Kernel Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425 - ldsodynamic Stack Clash Local Privilege Escalation / Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms o...
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution !/usr/bin/env python coding: utf8 EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution Vendor: EnGenius Technologies Inc. Product web page: https://www.engeniustech.com Affected version: ESR300 1.4.9...
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)
Cisco UCS Manager 2.11b - Remote Command Injection Shellshock !/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory:...
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow
Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow Credit: Maksymilian Arciemowicz CXSECURITY Website: http://cxsecurity.com/ http://cert.cx/ Affected software: - MACOS's Commands such as: ls, find, rm -...
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY -------------------------...
Magic Music Editor - Local Buffer Overflow
Magic Music Editor - Local Buffer Overflow !/usr/bin/perl +Exploi Title: Exploit Buffer Overflow Magic Music Editor +Date: 03\01\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.magic-video-software.com/downloadserver/Magic-Music-Editor.exe +POC Found By:...
BoastMachine 3.1 - Arbitrary File Upload
BoastMachine 3.1 - Arbitrary File Upload :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Exploit Title : boastMachine v3.1 Remote File Upload Vulnerability Author: alnjm33 Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip Software...
PHP 5.2.6 - error_log Safe_mode Bypass
PHP 5.2.6 - errorlog Safemode Bypass SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affected...
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Apache modssl 2.8.x - Off-by-One HTAccess Buffer Overflow source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by...
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link:...
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series - Multiple Vulnerabilities !/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitab...
NETGEAR WiFi Router JWNR2010v5 R6080 - Authentication Bypass
NETGEAR WiFi Router JWNR2010v5 R6080 - Authentication Bypass Exploit Title: NETGEAR WiFi Router R6080 - Security Questions Answers Disclosure Date: 13/07/2019 Exploit Author: Wadeek Hardware Version: R6080-100PES Firmware Version: 1.0.0.34 / 1.0.0.40 Vendor Homepage:...
Drupal 8.6.9 - REST Module Remote Code Execution
Drupal 8.6.9 - REST Module Remote Code Execution !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...
Realterm Serial Terminal 2.0.0.70 - Denial of Service
Realterm Serial Terminal 2.0.0.70 - Denial of Service -- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in xpcserializerunpack / xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the...
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal ''' --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Directory Traversal Date: 2018-03-27 Exploit...
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10...
Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
Linux Kernel 3.x Ubuntu 14.04 Mint 17.3 Fedora 22 - Double-free usb-midi SMEP Privilege Escalation Source: https://xairy.github.io/blog/2016/cve-2016-2384 Source: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 Source: https://www.youtube.com/watch?v=lfl1NJn1nvo Exploit-DB Note...