Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)

Apache Tomcat 6.0.18 - utf8 Directory Traversal PoC Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18...

X-Cart - Multiple Remote File Inclusions

X-Cart - Multiple Remote File Inclusions xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...

WEBInsta MM 1.3e - absolute_path Remote File Inclusion

WEBInsta MM 1.3e - absolutepath Remote File Inclusion WEBInsta Mailing List Manager = 1.3e initdb.php Remote File Include Exploit function milw0rm if document.exploit.target.value=="" alert"Enter a Target"; return false; exploit.action= document.exploit.target.value;...

Apache 1.x2.0.x - Chunked-Encoding Memory Corruption (2)

Apache 1.x2.0.x - Chunked-Encoding Memory Corruption 2 // source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretatio...

TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)

TL-WR849N 0.9.1 4.16 - Authentication Bypass Upload Firmware Exploit Title: TL-WR849N 0.9.1 4.16 - Authentication Bypass Upload Firmware Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link:...

ManageEngine EventLog Analyzer 10.0 - Information Disclosure

ManageEngine EventLog Analyzer 10.0 - Information Disclosure Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774...

phpList 3.5.0 - Authentication Bypass

phpList 3.5.0 - Authentication Bypass Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/...

Microsoft Windows 10 - Theme API ThemePack File Parsing

Microsoft Windows 10 - Theme API ThemePack File Parsing Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10...

Django 3.0 2.2 1.11 - Account Hijack

Django 3.0 2.2 1.11 - Account Hijack EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47879.zip djangocve201919844poc PoC for CVE-2019-19844 Requirements - Python 3.7.x - PostgreSQL 9.5 or higher Setup 1. Create databasee.g. djangocve201919844p...

Roxy Fileman 1.4.5 - Directory Traversal

Roxy Fileman 1.4.5 - Directory Traversal Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE:...

Linear eMerge E3 1.00-06 - Remote Code Execution

Linear eMerge E3 1.00-06 - Remote Code Execution Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)

eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types Type Confusion A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In...

FTPGetter Standard 5.97.0.177 - Remote Code Execution

FTPGetter Standard 5.97.0.177 - Remote Code Execution Exploit Title: FTPGetter Standard - v.5.97.0.177 Remote Code Execution Date: 05/03/2019 Exploit Author: https://github.com/w4fz5uck5 | @w4fz5uck5 Vendor Homepage: https://www.ftpgetter.com Software Link:...

macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File

macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File / XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against...

Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution

Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution -- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational ...

Cisco ASA - Crash (PoC)

Cisco ASA - Crash PoC Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers = headers'User-Agent' = 'Open AnyConnect...

SonicWall NSA 66005600460036002600250M - Multiple Vulnerabilities

SonicWall NSA 66005600460036002600250M - Multiple Vulnerabilities Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-0...

AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery

AlienVault Unified Security Management USM 5.4.2 - Cross-Site Request Forgery 1. ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5...

libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities

libgig 4.0.0 LinuxSampler - Multiple Vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= https://www.linuxsampler.org/libgig/ libgig is a C++ library for loading, modifying existing and creating new Gigasampler .gig files and DLS Downloadable Sounds Level...

Microsoft Windows 88.12012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010)

Microsoft Windows 88.12012 R2 x64 - EternalBlue SMB Remote Code Execution MS17-010 !/usr/bin/python from impacket import smb, ntlm from struct import pack import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended o...

Intermec PM43 Industrial Printer - Local Privilege Escalation

Intermec PM43 Industrial Printer - Local Privilege Escalation TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware...

PHPMailer 5.2.18 - Remote Code Execution (Bash)

PHPMailer 5.2.18 - Remote Code Execution Bash !/bin/bash CVE-2016-10033 exploit by opsxcq https://github.com/opsxcq/exploit-CVE-2016-10033 echo '+ CVE-2016-10033 exploit by opsxcq' if -z "$1" then echo '- Please inform an host as parameter' exit -1 fi host=$1 echo '+ Exploiting '$host curl -sq...

WordPress 4.5.3 - Directory Traversal Denial of Service

WordPress 4.5.3 - Directory Traversal Denial of Service Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to...

Kamailio 4.3.4 - Heap Buffer Overflow

Kamailio 4.3.4 - Heap Buffer Overflow census ID: census-2016-0009 CVE ID: CVE-2016-2385 Affected Products: Kamailio 4.3.4 and possibly previous versions Class: Heap-based Buffer Overflow CWE-122 Remote: Yes Discovered by: Stelios Tsampas Kamailio successor of former OpenSER and SER is an Open...

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

D-Link DWR-932 Firmware 4.00 - Authentication Bypass D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library

PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...

Xceedium Xsuite - Multiple Vulnerabilities

Xceedium Xsuite - Multiple Vulnerabilities See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...

AirLive (Multiple Products) - OS Command Injection

AirLive Multiple Products - OS Command Injection 1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last...

Sendio ESP - Information Disclosure

Sendio ESP - Information Disclosure 1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability Date published: 2015-05-22 Date of last update:...

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor...

WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities

WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities WHM.AutoPilot Multiple Vulnerabilities Vendor: Benchmark Designs, LLC Product: WHM.AutoPilot Version: = 2.4.6.5 Website: http://www.whmautopilot.com/ BID: 12119 CVE: CVE-2004-1420 CVE-2004-1421 CVE-2004-1422 OSVDB: 12693 12694 12695 12696 12697...

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ==========================================================================...

vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection

vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection vBulletin 4.0.x = 4.1.2 AUTOMATIC SQL Injection exploit Author: D35m0nd142, Google Dork: inurl:search.php?searchtype=1 Date: 02/09/2014 Vendor Homepage: http://www.vbulletin.com/ Tested on: vBulletin 4.1.2 Usage: perl exploit.pl Tutorial video:...

WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage:...

SAP NetWeaver Dispatcher 7.0 ehp12 - Multiple Vulnerabilities

SAP NetWeaver Dispatcher 7.0 ehp12 - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08...

4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection

4Images 1.7.6-9 - Cross-Site Request Forgery PHP Code Injection !/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54...

phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)

phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection Metasploit Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link:...

Adobe Acrobat Reader 7 9 - U3D Buffer Overflow

Adobe Acrobat Reader 7 9 - U3D Buffer Overflow Copyright c 2009, Felipe Andres Manzano All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the...

Silentum Guestbook 2.0.2 - silentum_Guestbook.php SQL Injection

Silentum Guestbook 2.0.2 - silentumGuestbook.php SQL Injection Silentum Guestbook v2.0.2 silentumguestbook.php Sql Injection Vuln. Yazar: Bgh7 Turk Bilisim Gucleri Group / Ihlilal Hatti ByBgh7amsn.com Http://Bgh7.Blogspot.Com Bug: Sql Injection Ä°ndir/Download:...

Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection (1)

Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection 1 ?php / http://www.undergroundagents.de coded by silent vapor [email protected] / printr' -------------------------------------------------------------------------------- Woltlab Burning Board Lite = 1.0.2 GetHashes over...

pandaBB - displayCategory Remote File Inclusion

pandaBB - displayCategory Remote File Inclusion ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

Flatnuke 2.5.8 - file() Privilege Escalation Code Execution

Flatnuke 2.5.8 - file Privilege Escalation Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexo...

Pie Cart Pro - Home_Path Remote File Inclusion

Pie Cart Pro - HomePath Remote File Inclusion ==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz...

Mambo Component ExtCalendar 2.0 - Remote File Inclusion

Mambo Component ExtCalendar 2.0 - Remote File Inclusion -------------------------------------------------------------------------------- Title : ExtCalendar Mambo Module = v2 Remote File Include Vulnerabilities Discovered By OLiBekaS...

MetaCart E-Shop - ProductsByCategory.asp Cross-Site Scripting

MetaCart E-Shop - ProductsByCategory.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/13639/info MetaCart e-Shop is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

aSc TimeTables 2020.11.4 - Denial of Service (PoC)

aSc TimeTables 2020.11.4 - Denial of Service PoC Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service PoC Date: 2020-24-02 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2020.11.4 Teste...

DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 - Persistent Cross-Site Scripting Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...

JetBrains TeamCity 2018.2.4 - Remote Code Execution

JetBrains TeamCity 2018.2.4 - Remote Code Execution Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads...