MidiCart PHP - Item_List.php?MainGroup Cross-Site Scripting

MidiCart PHP - ItemList.php?MainGroup Cross-Site Scripting source: https://www.securityfocus.com/bid/13518/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

BIND 9.10.5 - Unquoted Service Path Privilege Escalation

BIND 9.10.5 - Unquoted Service Path Privilege Escalation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BIND9-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: =========== www.isc.org Product: =========== BIND9 v9.10...

OpenSSH 7.2p2 - Username Enumeration

OpenSSH 7.2p2 - Username Enumeration !/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-19 Purpose: User na...

MiniUPnP MiniUPnPc 2.0 - Remote Denial of Service

MiniUPnP MiniUPnPc 2.0 - Remote Denial of Service VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 0.6 Date: May 1st, 2017 Tag: miniupnpc getHTTPResponse chunked encoding integer signedness error Overview -------- Name: miniupnpc Vendor: Thomas...

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation !/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski...

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - mysql System User Privilege Escalation Race Condition / Source: https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html // http://legalhackers.com/exploits/CVE-2016-6663/mysql-privesc-race.c...

DropBearSSHD 2015.71 - Command Injection

DropBearSSHD 2015.71 - Command Injection VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt...

PHPDug 2.0.0 - Cross-Site Scripting

PHPDug 2.0.0 - Cross-Site Scripting ======================================================================================== | Title : PHPDug version 2.0.0 Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi -...

JForum 2.1.8 BookMarks - Cross-Site Request Forgery Cross-Site Scripting

JForum 2.1.8 BookMarks - Cross-Site Request Forgery Cross-Site Scripting JForum 2.1.8 bookmarks CSRF & XSS Advisory Information Advisory ID: NGENUITY-2010-004 Date published: 2010-06-06 Vulnerability Information Class: Cross-Site Request Forgery CSRF Software Description Per jforum.net "JForum is...

Exim 4.87 4.91 - (Local Remote) Command Execution

Exim 4.87 4.91 - Local Remote Command Execution Qualys Security Advisory The Return of the WIZard: RCE in Exim CVE-2019-10149 ======================================================================== Contents ======================================================================== Summary Local...

OpenSSHd 7.2p2 - Username Enumeration

OpenSSHd 7.2p2 - Username Enumeration Source: http://seclists.org/fulldisclosure/2016/Jul/51 -------------------------------------------------------------------- User Enumeration using Open SSHD =Latest version. ------------------------------------------------------------------- Abstract:...

PHP-FPM + Nginx - Remote Code Execution

PHP-FPM + Nginx - Remote Code Execution PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see...

Esoftpro Online Guestbook Pro - display Blind SQL Injection

Esoftpro Online Guestbook Pro - display Blind SQL Injection Online Guestbook Pro display Blind SQL Injection Vulnerability Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangelg85atYahooDoTcom script : http://www.esoftpro.com/webscriptsonlineguestbookpro.php DorK : Powered by Online Guestbook Pr...

Jax Guestbook 3.50 - Admin Login

Jax Guestbook 3.50 - Admin Login Exploit Title: Jax Guestbook 3.50 Admin Login Exploit Date: December 23rd, 2009 Author: Sora Software Link: http://script.wareseeker.com/ASP-NET/jax-guestbook-3.50.zip/32956d53cf Version: 3.50 Tested on: Windows and Linux ------------------------------------------...

DZCP (deV!L_z Clanportal) 1.5.5 Moviebase Addon - Blind SQL Injection

DZCP deV!Lz Clanportal 1.5.5 Moviebase Addon - Blind SQL Injection ======================================================================================== | Title : deV!Lz Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Download :...

Shape Web Solutions CMS - SQL Injection

Shape Web Solutions CMS - SQL Injection Shape Web Solutions CMS SQL Injection Vulnerability Exploit Title: Shape Web Solutions CMS SQL Injection Vulnerability Author: Ashiyane Digital Security Team Date: 03-18-2011 Vendor or Software Link: http://www.shapeweb.com.br/ Version: All version Category...

DZCP (deV!L_z Clanportal) 1.5.2 - Remote File Inclusion

DZCP deV!Lz Clanportal 1.5.2 - Remote File Inclusion + deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://www.dzcp.de/downloads/?action=download&id=131 x Code in dzcp1.5.2/inc/config.php REQUIRES requireonce$basePath."/inc/mysql.php"; $code $tpl ...

Microsoft Word - .RTF Remote Code Execution

Microsoft Word - .RTF Remote Code Execution !/usr/bin/env python ''' Exploit toolkit CVE-2017-0199 - v4.0 https://github.com/bhdresh/CVE-2017-0199 Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41894.zip ''' import...

Pligg CMS 9.9.5 - Cross-Site Request Forgery Protection Bypass Captcha Bypass

Pligg CMS 9.9.5 - Cross-Site Request Forgery Protection Bypass Captcha Bypass Written By Michael Brooks Special thanks to str0ke! Pligg - XSRF Protection Bypass and Captcha Bypass affects 9.9.5 XSRF Protection Bypass ' width="0%" height="0%" var pliggstorytovotefor="/story.php?title=pliggxss";...

ArticleBeach Script 2.0 - index.php Remote File Inclusion

ArticleBeach Script 2.0 - index.php Remote File Inclusion ------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni...

Microsoft Office - Composite Moniker Remote Code Execution

Microsoft Office - Composite Moniker Remote Code Execution What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using th...

Linux Kernel 3.10.0-514.21.2.el7.x86_64 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable PIE Local Privilege Escalation

Linux Kernel 3.10.0-514.21.2.el7.x8664 3.10.0-514.26.1.el7.x8664 CentOS 7 - SUID Position Independent Executable PIE Local Privilege Escalation / CVE-2017-1000253.c - an exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x8664 and 3.10.0-514.26.1.el7.x8664 Copyright C 2017 Qualys, Inc. This...

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation

MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation !/bin/bash -p Source: https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html // http://legalhackers.com/exploits/CVE-2016-6664/mysql-chowned.sh MySQL / MariaDB / PerconaDB ...

Dnsmasq 2.78 - Stack Overflow

Dnsmasq 2.78 - Stack Overflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14493.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t...

WarpSpeed 4nAlbum Module 0.92 - displaycategory.php?basepath Remote File Inclusion

WarpSpeed 4nAlbum Module 0.92 - displaycategory.php?basepath Remote File Inclusion source: https://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. There is...

PHP 7.2 - imagecolormatch() Out of Band Heap Write

PHP 7.2 - imagecolormatch Out of Band Heap Write &c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rg...

Oracle WebLogic 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution

Oracle WebLogic 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github...

Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (PoC)

Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution PoC !/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print '...

Microsoft Outlook Web Access for Exchange Server 2003 - redir.asp Open Redirection

Microsoft Outlook Web Access for Exchange Server 2003 - redir.asp Open Redirection source: https://www.securityfocus.com/bid/31765/info Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploi...

Oracle Database Server 11.1 - CREATE ANY Directory Privilege Escalation

Oracle Database Server 11.1 - CREATE ANY Directory Privilege Escalation source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA...

OpenLD 1.2.2 - index.php?id SQL Injection

OpenLD 1.2.2 - index.php?id SQL Injection --==+================================================================================+==-- --==+ OpenLD = 1.2.2 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody...

Telerik UI - Remote Code Execution via Insecure Deserialization

Telerik UI - Remote Code Execution via Insecure Deserialization See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with...

Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution

Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "",...

OpenSSH 7.2p1 - (Authenticated) xauth Command Injection

OpenSSH 7.2p1 - Authenticated xauth Command Injection ''' Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor:...

Apache 2.4.23 mod_http2 - Denial of Service

Apache 2.4.23 modhttp2 - Denial of Service !/usr/bin/python """ source : http://seclists.org/bugtraq/2016/Dec/3 The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote...

BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution

BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution !/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities th...

Microsoft Windows 10 (19031909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Local Privilege Escalation

Microsoft Windows 10 19031909 - SMBGhost SMB3.1.1 SMB2COMPRESSIONCAPABILITIES Local Privilege Escalation CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References...

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution 1 !/usr/bin/env python3 coding=utf-8 struts-pwn: Apache Struts CVE-2018-11776 Exploit Author: Mazin Ahmed This code uses a payload from: https://github.com/jas502n/St2-057 import argparse import random import requests import sys try: fro...

Apache 1.42.2.x - APR apr_fnmatch() Denial of Service

Apache 1.42.2.x - APR aprfnmatch Denial of Service source: https://www.securityfocus.com/bid/47820/info Apache APR is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Apache APR versions prior to 1.4.4 are vulnerable. ?php / Apache 2.2.17 modautoindex...

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...

snetworks PHP Classifieds 5.0 - Remote File Inclusion

snetworks PHP Classifieds 5.0 - Remote File Inclusion +By CrackersChild+ Script.......: SNETWORKS PHP CLASSIFIEDS Page.........: http://www.snetworks.biz/ Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File Ä°nclude Vulnerability...

WordPress 0.60.7 - Blog.header.php SQL Injection

WordPress 0.60.7 - Blog.header.php SQL Injection source: https://www.securityfocus.com/bid/8756/info Wordpress has been reported prone to multiple SQL injection vulnerabilities. The issues have been reported to exist in the blog.header.php script. A lack of sufficient sanitization performed on...

PHPSavant Savant2 - Stylesheet.php?MosConfig_absolute_path Remote File Inclusion

PHPSavant Savant2 - Stylesheet.php?MosConfigabsolutepath Remote File Inclusion source: https://www.securityfocus.com/bid/19151/info Savant2 is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to...

IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow

IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, lo...

Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM

Apache 2.2.14 modisapi - Dangling Pointer Remote SYSTEM / Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description:...

Microsoft Windows .NET Framework - Remote Code Execution

Microsoft Windows .NET Framework - Remote Code Execution Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sample. Flow of the exploit: Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WS...

ToendaCMS 0.6.1 - admin.php Directory Traversal

ToendaCMS 0.6.1 - admin.php Directory Traversal source: https://www.securityfocus.com/bid/15348/info toendaCMS is reported prone to a directory traversal vulnerability. It is demonstrated that this issue may be leveraged to disclose the contents of arbitrary web-server readable files. A remote...

Apache mod_proxy - Reverse Proxy Exposure

Apache modproxy - Reverse Proxy Exposure !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url +...

PHP 5.6.2 - Shellshock Safe Mode Disable Functions Bypass Command Injection

PHP 5.6.2 - Shellshock Safe Mode Disable Functions Bypass Command Injection Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link:...

phpVibe - Arbitrary File Disclosure

phpVibe - Arbitrary File Disclosure In The Name Of ALLAH Exploit Title: phpVibe ALL versions LFD vulnerability Google Dork: "powered by phpvibe" Date: 2015/07/13 july 13th Exploit Author: ali ahmady -- Iranian Security Researcher snip3rirathotmail.com Vendor Homepage: http://www.phpvibe.com/...