MidiCart PHP - Item_Show.php?Code_No SQL Injection

MidiCart PHP - ItemShow.php?CodeNo SQL Injection source: https://www.securityfocus.com/bid/13515/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/...

LimeSurvey 3.16 - Remote Code Execution

LimeSurvey 3.16 - Remote Code Execution !/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

Linux Kernel 4.13.9 (Ubuntu 16.04 Fedora 27) - Local Privilege Escalation

Linux Kernel 4.13.9 Ubuntu 16.04 Fedora 27 - Local Privilege Escalation / Credit @bleidl, this is a slight modification to his original POC https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c For details on how the exploit works, please visit...

ISC BIND 9 - TKEY (PoC)

ISC BIND 9 - TKEY PoC / PoC for BIND9 TKEY assert Dos CVE-2015-5477 Usage: tkill What it does: - First sends a "version" query to see if the server is up. - Regardless of the version response, it then sends the DoS packet. - Then it waits 5 seconds for a response. If the server crashes, there wil...

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (PoC) (Reset Password) (2)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection PoC Reset Password 2 array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx;...

Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal

Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal source: https://www.securityfocus.com/bid/7775/info A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the...

Broadcom Wi-Fi Devices - KR00K Information Disclosure

Broadcom Wi-Fi Devices - KR00K Information Disclosure Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this...

Advanced Guestbook - addentry.php Arbitrary File Upload

Advanced Guestbook - addentry.php Arbitrary File Upload source: https://www.securityfocus.com/bid/61735/info Advanced Guestbook is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An...

Grandstream UCM6200 Series WebSocket 1.0.20.20 - user_password SQL Injection

Grandstream UCM6200 Series WebSocket 1.0.20.20 - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

Microsoft Windows Remote Desktop - BlueKeep Denial of Service (Metasploit)

Microsoft Windows Remote Desktop - BlueKeep Denial of Service Metasploit Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected...

Libc - libc:fts_*() Local Denial of Service

Libc - libc:fts Local Denial of Service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 libc:fts:multiple vendors, Denial-of-service Author: Maksymilian Arciemowicz SecurityReason.com Date: - - Dis.: 21.10.2008 - - Pub.: 04.03.2009 CVE: CVE-2009-0537 We are going informing all vendors, about this...

Grandstream UCM6200 Series CTI Interface - user_password SQL Injection

Grandstream UCM6200 Series CTI Interface - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

Easy RM to MP3 Converter 2.7.3.700 - Input Local Buffer Overflow (SEH)

Easy RM to MP3 Converter 2.7.3.700 - Input Local Buffer Overflow SEH Exploit Title: Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow SEH Date: 2020-03-26 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.e...

Linux Kernel 3.10.0 (CentOS 7) - Denial of Service

Linux Kernel 3.10.0 CentOS 7 - Denial of Service / Exploit Title: CentOS7 Kernel Crashing by rsyslog daemon vulnerability | DOS on CentOS7 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://www.centos.org/ Version : 7 Tested on: Parrot OS Date: 12-2-2017 Category: Operating Syste...

Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass

Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass CVE-2013-0640/1 Somehow, our script got on to the Russian forums :/ @w3bd3vil and @abh1sek Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/29881.tar.gz Adobe Acrobat Reader ASLR/DEP...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Microsoft Windows - Local Privilege Escalation MS15-051 Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

Mambo Component CopperminePhotoGalery - Remote File Inclusion

Mambo Component CopperminePhotoGalery - Remote File Inclusion CopperminePhotoGallery Component Found By k1tk4t Indonesia This bug allows a remote atacker to execute commands via RFI file: cpg.php bug: require $mosConfigabsolutepath."/administrator/components/comcpg/config.cpg.php"; path: add in...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

PHPNuke-Clan 4.2.0 - mvcw_conver.php Remote File Inclusion

PHPNuke-Clan 4.2.0 - mvcwconver.php Remote File Inclusion '/ -.- --------------------------oOO------OOo------------------------- | PHPNuke-Clan = v4.2.0 mvcwconver.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------------------ ! Discovered: DNX !...

PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)

PHP Link Directory 4.1.0 - Cross-Site Request Forgery Add Admin PHP Link Directory v4.1.0 CSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://www.phplinkdirectory.com/ .:. Dork : "Powered b...

UBBCentral UBB.Threads 6.4.x 6.5.2 - thispath Remote File Inclusion

UBBCentral UBB.Threads 6.4.x 6.5.2 - thispath Remote File Inclusion Anomaly 1n The System presents UBB.threads = 6.4.x Remote File Inclusion founded by V4mu in 04/20/2006 URL: http://www.ubbcentral.com Google dork: allinurl:"/ubbthreads/" exploit:...

PHP-Fusion - article_id SQL Injection

PHP-Fusion - articleid SQL Injection source: https://www.securityfocus.com/bid/47128/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

Comersus Backoffice 4.x5.06.0 - comersusdatabasecomersus.mdb Direct Request Database Disclosure

Comersus Backoffice 4.x5.06.0 - comersusdatabasecomersus.mdb Direct Request Database Disclosure source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution

eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...

IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection

IPFire - CGI Web Interface Authenticated Bash Environment Variable Code Injection !/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link:...

ISC BIND 9 - Denial of Service

ISC BIND 9 - Denial of Service import socket import struct TARGET = '192.168.200.10', 53 QA = 1 QTSIG = 250 DNSMESSAGEHEADERLEN = 12 def buildbindnukequestion="\x06google\x03com\x00", udpsize=512: queryA = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16QA + "\x00\x01"...

IPS Community Suite 4.1.12.3 - PHP Code Injection

IPS Community Suite 4.1.12.3 - PHP Code Injection --------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404...

Annuaire PHP - sites_inscription.php Multiple Cross-Site Scripting Vulnerabilities

Annuaire PHP - sitesinscription.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51434/info Annuaire PHP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage thes...

PHP 5.6.2 - Shellshock Safe Mode disable_functions Bypass Command Injection

PHP 5.6.2 - Shellshock Safe Mode disablefunctions Bypass Command Injection Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link:...

myPHPNuke Module My_eGallery 2.5.6 - basepath Remote File Inclusion

myPHPNuke Module MyeGallery 2.5.6 - basepath Remote File Inclusion =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

BIND 9.x - Remote DNS Cache Poisoning (Python)

BIND 9.x - Remote DNS Cache Poisoning Python from scapy import import random Copyright C 2008 Julien Desfossez http://www.solisproject.net/ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

Exim 4.87 - 4.91 - Local Privilege Escalation

Exim 4.87 - 4.91 - Local Privilege Escalation !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to...

PHPCOIN 1.2.2 - includesdb.php?$_CCFG[_PKG_PATH_DBSE] Traversal Arbitrary File Access

PHPCOIN 1.2.2 - includesdb.php?$CCFGPKGPATHDBSE Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...

Nginx (Debian Based Distros + Gentoo) - logrotate Local Privilege Escalation

Nginx Debian Based Distros + Gentoo - logrotate Local Privilege Escalation !/bin/bash Nginx Debian-based distros + Gentoo - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid Golunski dawidatlegalhackers.com https://legalhackers.com Follow...

BigACE 2.7.5 - Arbitrary File Upload

BigACE 2.7.5 - Arbitrary File Upload ========================================== Bigace 2.7.5 Remote Upload file Vulnerability ========================================== InformatioN Title : Bigace 2.7.5 Remote Upload file Vulnerability Author : Net.Edit0r Vendor or Software Link :...

Jack (tR) Jax LinkLists 1.00 - jax_linklists.php Cross-Site Scripting

Jack tR Jax LinkLists 1.00 - jaxlinklists.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...

FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)

FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Discovery Date: 2020-03-30...

HiSilicon DVRNVR hi3520d firmware - Remote Backdoor Account

HiSilicon DVRNVR hi3520d firmware - Remote Backdoor Account Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d...

Yappa-ng 2.3.1 - admin_modules Remote File Inclusion

Yappa-ng 2.3.1 - adminmodules Remote File Inclusion ============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit...

Coppermine Photo Gallery 1.2.2b - theme.php Remote File Inclusion

Coppermine Photo Gallery 1.2.2b - theme.php Remote File Inclusion source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the...

PHPEasyData 1.5.4 - last_records.php?annuaire Cross-Site Scripting

PHPEasyData 1.5.4 - lastrecords.php?annuaire Cross-Site Scripting source: https://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the...

PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion

PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork :...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

Mozilla FireFox Windows 10 x64 - Full Chain Client Side Attack // Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 8572494...

Zen Load Balancer 3.10.1 - Remote Code Execution

Zen Load Balancer 3.10.1 - Remote Code Execution Exploit Title: Zen Load Balancer 3.10.1 - Remote Code Execution Google Dork: no Date: 2020-03-28 Exploit Author: Cody Sixteen Vendor Homepage: https://code610.blogspot.com Software Link:...

WeBid 0.7.3 RC9 - upldgallery.php Arbitrary File Upload

WeBid 0.7.3 RC9 - upldgallery.php Arbitrary File Upload ----------------------------------------------------------------------------------------- Author : Ahmad Pay Date : March, 25 2009 Location : Bojonegoro, Indonesia Critical : High Impact : System Access Where : From Remote...

phpBB 2.0.x - album_portal.php Remote File Inclusion

phpBB 2.0.x - albumportal.php Remote File Inclusion source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...

Exim 4.90.1 - base64d Remote Code Execution

Exim 4.90.1 - base64d Remote Code Execution !/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s =...

Linux Kernel 4.10 5.1.17 - PTRACE_TRACEME pkexec Local Privilege Escalation

Linux Kernel 4.10 5.1.17 - PTRACETRACEME pkexec Local Privilege Escalation // Linux 4.10 // - added known helper paths // - added search for suitable helpers // - added automatic targeting // - changed target suid exectuable from passwd to pkexec //...

Android Bluetooth - Blueborne Information Leak (1)

Android Bluetooth - Blueborne Information Leak 1 from pwn import import bluetooth if not 'TARGET' in args: log.info'Usage: python CVE-2017-0781.py TARGET=XX:XX:XX:XX:XX:XX' exit target = args'TARGET' count = 30 Amount of packets to send port = 0xf BTPSMBNEP context.arch = 'arm' BNEPFRAMECONTROL =...