41207 matches found
Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated Configuration Download
Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated Configuration Download !/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated Configuration Download Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage:...
Apache mod_ssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow (2)
Apache modssl 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow 2 / OF version r00t VERY PRIV8 spabam Version: v3.0.4 Requirements: libssl-dev apt-get install libssl-dev Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena...
Sales ERP 8.1 - Multiple SQL Injection
Sales ERP 8.1 - Multiple SQL Injection =========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
Crestron AMBarco wePresent WiPGExtron ShareLinkTeq AV ITSHARP PN-L703WAOptoma WPS-ProBlackbox HD WPSInFocus LiteShow - Remote Command Injection
Crestron AMBarco wePresent WiPGExtron ShareLinkTeq AV ITSHARP PN-L703WAOptoma WPS-ProBlackbox HD WPSInFocus LiteShow - Remote Command Injection Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Date: 05/01/2019 Exploit Author: Jacob Baines Tested on:...
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery IWR 3000N - CSRF on authenticated administrator Exploit! Click the button to get the login and password. function exploit $.get "http://localhost:80/v1/system/user" .done data = alert data ; .failfunction err, status alert status ; ;...
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an ite...
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
Advanced Host Monitor 11.92 beta - Local Buffer Overflow !/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date:...
elFinder 2.1.47 - PHP connector Command Injection
elFinder 2.1.47 - PHP connector Command Injection !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqi...
Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution
Drupal 8.6.10 8.5.11 - REST Module Remote Code Execution Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short...
osTicket 1.10.1 - Arbitrary File Upload
osTicket 1.10.1 - Arbitrary File Upload Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details:...
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = '''...
Airties AIR5444TT - Cross-Site Scripting
Airties AIR5444TT - Cross-Site Scripting Exploit Title: Airties AIR5444TT - Cross-Site Scripting Date: 2018-07-06 Exploit Author: Raif Berkay Dincel Vendor Homepage: airties.com Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 CVE-ID: CVE-2018-8738 Tested on: MacOS High Sierr...
ADB Broadband Gateways Routers - Authorization Bypass
ADB Broadband Gateways Routers - Authorization Bypass SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version:...
ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution
ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact:...
Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting
Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting Exploit Title: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Dork: inurl:Satellite?c Date: 18.12.201 Exploit Author: Richard Alviarez Vendor Homepage: http://oracle.com Version: 7.x 11gR1 CVE: CVE-2018-2791...
HPE iMC 7.3 - Remote Code Execution (Metasploit)
HPE iMC 7.3 - Remote Code Execution Metasploit Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...
Microsoft Windows FxCop 1012 - XML External Entity Injection
Microsoft Windows FxCop 1012 - XML External Entity Injection Exploit Title: Microsoft Windows FxCop 10/12 - XML External Entity Injection Date: 2018-03-15 Exploit Author: Debashis Pal Vendor Homepage: www.microsoft.com Version: Microsoft Windows "FxCop" v10-12 CVE : N/A Greetz:...
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501...
D-Link DIR-600M Wireless - Cross-Site Scripting
D-Link DIR-600M Wireless - Cross-Site Scripting Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting Date: 11.02.2018 Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M Category: Hardware Exploit Author: Prasenjit Kanti Paul...
BMC BladeLogic 8.3.00.64 - Remote Command Execution
BMC BladeLogic 8.3.00.64 - Remote Command Execution Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...
Dup Scout Enterprise 10.0.18 - Login Remote Buffer Overflow
Dup Scout Enterprise 10.0.18 - Login Remote Buffer Overflow Tested on Windows 10 x86 The application requires to have the web server enabled. Exploit for older version: https://www.exploit-db.com/exploits/40832/ !/usr/bin/python import socket,os,time,struct,argparse parser = argparse.ArgumentPars...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$...
Trend Micro OfficeScan 11.0XG (12.0) - Code Execution Memory Corruption
Trend Micro OfficeScan 11.0XG 12.0 - Code Execution Memory Corruption + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt +...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (2)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 2 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
A2billing 2.x - Backup File Download Remote Code Execution
A2billing 2.x - Backup File Download Remote Code Execution Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain...
libjpeg-turbo 1.5.1 - Denial of Service
libjpeg-turbo 1.5.1 - Denial of Service libjpeg-turbo denial of service vulnerability ====================== Author : qflb.wu CVE : CVE-2017-9614 ====================== Introduction: ============= libjpeg-turbo is a JPEG image codec that uses SIMD instructions MMX, SSE2, AVX2, NEON, AltiVec to...
Oracle PeopleSoft - Server-Side Request Forgery
Oracle PeopleSoft - Server-Side Request Forgery Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference...
Apple Safari 10.0.3 - JSC::CachedCall Use-After-Free
Apple Safari 10.0.3 - JSC::CachedCall Use-After-Free function makecompiledfunction function targetx return x5 + x - xx; // Call only once so that function gets compiled with low level interpreter // but none of the optimizing JITs target0; return target; function pwn var haxs = new Array0x100; fo...
Linux Kernel 3.11 4.8 0 - SO_SNDBUFFORCE SO_RCVBUFFORCE Local Privilege Escalation
Linux Kernel 3.11 4.8 0 - SOSNDBUFFORCE SORCVBUFFORCE Local Privilege Escalation // CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-97...
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE, Reflected Cross Site Scripting product: Aruba AirWave vulnerab...
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
EasyCom For PHP 4.0.0 - Buffer Overflow PoC + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product:...
PHPMailer 5.2.20 - Remote Code Execution
PHPMailer 5.2.20 - Remote Code Execution !/usr/bin/python intro = """ PHPMailer RCE PoC Exploits PHPMailer " postfields = 'action':...
NETGEAR WNR2000v5 - Remote Code Execution
NETGEAR WNR2000v5 - Remote Code Execution Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality and has been deprecated. Please see the modules accepted into the Metasploit framework...
Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)
Microsoft Windows Kerberos - Security Feature Bypass MS16-101 Exploit Title: Kerberos Security Feature Bypass Vulnerability Kerberos to NTLM Fallback Date: 22-09-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 and Windows 10 x64 CVE : CVE-2016-3237 Category: Local...
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.5.3 Build 00...
WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting
WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt + ISR: ApparitionSec Vendor: ============= www.wso2.com Product:...
Microsoft Windows 7 (x86x64) - Group Policy Privilege Escalation (MS16-072)
Microsoft Windows 7 x86x64 - Group Policy Privilege Escalation MS16-072 Exploit Title: Group Policy Elevation of Privilege Vulnerability Date: 08-08-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-3223 Category: Privilege Escalation SPECIAL CONFIG:...
Compal CH7465LG-LC ModemRouter CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Compal CH7465LG-LC ModemRouter CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check 3 hours of the Mercury modem. We...
Easy RM to MP3 Converter 2.7.3.700 - .m3u File (Universal ASLR + DEP Bypass)
Easy RM to MP3 Converter 2.7.3.700 - .m3u File Universal ASLR + DEP Bypass Exploit Title: Easy RM to MP3 Converter 2.7.3.700 .m3u File BoF Exploit with Universal DEP+ASLR bypass Date: 2016-06-12 Exploit Author: Csaba Fitzl Vendor Homepage: N/A Software Link:...
OpenCart 2.1.0.2 2.2.0.0 - json_decode Function Remote Code Execution
OpenCart 2.1.0.2 2.2.0.0 - jsondecode Function Remote Code Execution OpenCart jsondecode function Remote PHP Code Execution Author: Naser Farhadi Twitter: @naserfarhadi Date: 9 April 2016 Version: 2.1.0.2 to 2.2.0.0 Latest version Vendor Homepage: http://www.opencart.com/ Vulnerability:...
Linux Kernel 3.10.0-229.x (CentOS RHEL 7.1) - iowarrior Driver Crash (PoC)
Linux Kernel 3.10.0-229.x CentOS RHEL 7.1 - iowarrior Driver Crash PoC OS-S Security Advisory 2016-15 Linux iowarrior Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local...
Microsoft Windows 7 (x64) - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 7 x64 - afd.sys Dangling Pointer Privilege Escalation MS14-040 Exploit Title: MS14-040 - AFD.SYS Dangling Pointer Date: 2016-03-03 Exploit Author: Rick Larabee Vendor Homepage: www.microsoft.com Version: Windows 7, 64 bit Tested on: Win7 x64 afd.sys - 6.1.7601.17514 ntdll.dll -...
Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
Ubuntu 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation Source: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/ptchown was used to change ownership of slave pts...
glibc - getaddrinfo Stack Buffer Overflow (PoC)
glibc - getaddrinfo Stack Buffer Overflow PoC Sources: https://googleonlinesecurity.blogspot.sg/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547 Technical information: glibc reserves 2048 bytes in the stack through alloca for the DNS answer at...
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference (MS15-134)
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference MS15-134 1. Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL:...
Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery
Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery Exploit Title: CSRF, Network Threat Appliance IDS / IPS Google Dork: intitle: CSRF Network Threat Appliance IDS / IPS Date: 2015-07-24 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.hexiscyber.com Softwa...
Linux Kernel 3.13.0 3.19 (Ubuntu 12.0414.0414.1015.04) - overlayfs Local Privilege Escalation
Linux Kernel 3.13.0 3.19 Ubuntu 12.0414.0414.1015.04 - overlayfs Local Privilege Escalation / Exploit Title: ofs.c - overlayfs local root in ubuntu Date: 2015-06-15 Exploit Author: rebel Version: Ubuntu 12.04, 14.04, 14.10, 15.04 Kernels before 2015-06-15 Tested on: Ubuntu 12.04, 14.04, 14.10,...
ICU library 52 54 - Multiple Vulnerabilities
ICU library 52 54 - Multiple Vulnerabilities Heap overflow and integer overflow in ICU library v52 to v54 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last update...
vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting
vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview...
WordPress Plugin All In One WP Security 3.8.2 - SQL Injection
WordPress Plugin All In One WP Security 3.8.2 - SQL Injection Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without...