Apache ActiveMQ 5.11.15.13.2 - Directory Traversal Command Execution

Apache ActiveMQ 5.11.15.13.2 - Directory Traversal Command Execution I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where...

Jcow Social Networking Script 4.2 5.2 - Arbitrary Code Execution (Metasploit)

Jcow Social Networking Script 4.2 5.2 - Arbitrary Code Execution Metasploit Exploit Title: Jcow CMS 4.x:4.2 Software Link: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download Version: 4.x:4.2 5.6.7.8:34441 at Sat Jun 04 00:00:44 +0000 2011 require 'msf/core' class Metasploit3...

Android - Binder Driver Use-After-Free

Android - Binder Driver Use-After-Free The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. ...

Netis WF2419 2.2.36123 - Remote Code Execution

Netis WF2419 2.2.36123 - Remote Code Execution Exploit Title: Netis WF2419 2.2.36123 - Remote Code Execution Exploit Author: Elias Issa Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/75 Date: 2020-02-11 Version: WF2419 V2.2.361...

Apache Tomcat 9.0.1 (Beta) 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution (2)

Apache Tomcat 9.0.1 Beta 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution 2 !/usr/bin/python import requests import re import signal from optparse import OptionParser class bcolors: HEADER = '\03395m' OKBLUE = '\03394m' OKGREEN = '\03392m' WARNING = '\03393m' FAIL = '\03391m' ENDC =...

Multiple DrayTek Products - Pre-authentication Remote Root Code Execution

Multiple DrayTek Products - Pre-authentication Remote Root Code Execution package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as...

Joomla! Component Webring 1.0 - Remote File Inclusion

Joomla! Component Webring 1.0 - Remote File Inclusion C Y BE R - W A R R i O R T I M Joomla Webring Component componentdir Remote File Inclusion Vulnerabilities Author: xoron Class : Remote cont@ct: x0r0nathotmaildotcom Code: in admin.webring.docs.php, line 12 requireonce $componentdir...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)

Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 2 !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/...

AllMyGuests 0.4.1 - cfg_serverpath Remote File Inclusion

AllMyGuests 0.4.1 - cfgserverpath Remote File Inclusion ============================================================================ AllMyGuests = ?AMGconfigcfgserverpath Remote File Inclusion Exploit ============================================================================ Scirpt Infected...

Vesta Control Panel 0.9.8 - OS Command Injection

Vesta Control Panel 0.9.8 - OS Command Injection Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor...

Apache Tomcat 6789 - Information Disclosure

Apache Tomcat 6789 - Information Disclosure Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability Date: 4th March 2017 Exploit Author: justpentest Vendor Homepage: tomcat.apache.org Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38,...

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...

Joomla! Component GMapFP 3.30 - Arbitrary File Upload

Joomla! Component GMapFP 3.30 - Arbitrary File Upload Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-25 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version: Version J3.30pro Tested on: Ubuntu PoC:...

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal

Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Date: 2019-12-17 CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author:...

Joomla! com_fabrik 3.9.11 - Directory Traversal

Joomla! comfabrik 3.9.11 - Directory Traversal Exploit Title: Joomla! comfabrik 3.9.11 - Directory Traversal Google Dork: inurl:"index.php?option=comfabrik" Date: 2020-03-30 Exploit Author: qw3rTyTy Vendor Homepage: https://fabrikar.com/ Software Link: https://fabrikar.com/downloads Version: 3.9...

Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution

Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution / Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of the php5-cgi...

PHP Hash Table Collision - Denial of Service (PoC)

PHP Hash Table Collision - Denial of Service PoC ! /usr/bin/env python """ This script was written by Christian Mehlmauer https://twitter.com/!/FireFart Sourcecode online at: https://github.com/FireFart/HashCollision-DOS-POC Original PHP Payloadgenerator taken from...

WeBid 1.0.6 - SQL Injection

WeBid 1.0.6 - SQL Injection Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows Vulnerable...

Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities

Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been...

libdbus - DBUS_SYSTEM_BUS_ADDRESS Local Privilege Escalation

libdbus - DBUSSYSTEMBUSADDRESS Local Privilege Escalation / dzug.c CVE-2012-3524 PoC C 2012 Sebastian Krahmer Trivial non-dbus root exploit. Yes, it is 2012! The underlying bug insecure getenv by default has been reported ages ago, but nobody really cared. Unless you have an exploit... / include...

libcglob(3) - Resource Exhaustion Remote ftpd-anonymous (Denial of Service)

libcglob3 - Resource Exhaustion Remote ftpd-anonymous Denial of Service Source: http://securityreason.com/securityalert/7822 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob3 resource exhaustion +0day remote ftpd-anon Author: Maksymilian Arciemowicz...

Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion

Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion source: https://www.securityfocus.com/bid/19209/info JD-WordPress for Joomla is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit...

Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Encryption Keys Disclosure

Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Encryption Keys Disclosure Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker Filename: dpcrypto.py Github: https://github.com/bao7uo/dpcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website:...

dotProject 2.0 - modulesprojectsvw_files.php?dPconfig[root_dir] Remote File Inclusion

dotProject 2.0 - modulesprojectsvwfiles.php?dPconfigrootdir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution PoC !/bin/bash Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway - CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash...

Online Guestbook Pro 5.1 - ogp_show.php Cross-Site Scripting

Online Guestbook Pro 5.1 - ogpshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43689/info Online Guestbook Pro is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute...

ClipShare - UID SQL Injection

ClipShare - UID SQL Injection video sharing www.clip-share.com Remote SQL Injection Exploit All Version AUTHOR :Krit webmaster of http://www.thaishadow.com HOME : http://www.thaishadow.com Download : http://www.clip-share.com/ DorKs :inurl:/uprofile.php?UID= or "Powered by clipshare" EXPLOIT :...

SQuery 4.5 - gore.php Remote File Inclusion

SQuery 4.5 - gore.php Remote File Inclusion ================================================================= SQuery = 4.5libpath Remote File Inclusion Exploit ================================================================= Worked On : ALL VERSIONS | | Critical Level : Dangerous | | Gug Found I...

Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)

Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow PoC / Sync Breeze Enterprise BOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team / define WINSOCKDEPRECATEDNOWARNINGS define DEFAULTBUFLEN 512 include include include include DWORD SendRequestchar request, int requestsize WSADA...

BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)

BoastMachine 3.1 - Cross-Site Request Forgery Add Admin Exploit Title: boastMachine v3.1 document.nano.submit; Greetz : Dr.WEP , JIKO , All FriendS...

Apache Tomcat 9.0.1 (Beta) 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution (1)

Apache Tomcat 9.0.1 Beta 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution 1 E-DB Note: https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the...

OpenSSH 6.8 6.9 - PTY Local Privilege Escalation

OpenSSH 6.8 6.9 - PTY Local Privilege Escalation / notansshnuke.c Federico Bento up201407890 alunos dcc fc up pt https://twitter.com/uid1000 OpenSSH 6.8-6.9 local privilege escalation - CVE-2015-6565 Considered mostly to be a "DoS", turns out to be a priv esc vuln...

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

10-Strike Network Inventory Explorer 9.03 - Read from File Buffer Overflow (SEH)(ROP)

10-Strike Network Inventory Explorer 9.03 - Read from File Buffer Overflow SEHROP Exploit Title: 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow SEHROP Date: 2020-03-30 Exploit Author: Hodorsec Version: 9.03 Software Link:...

Mambo Component com_a6mambocredits 1.0.0 - Remote File Inclusion

Mambo Component coma6mambocredits 1.0.0 - Remote File Inclusion Title : Mambo a6mambocredits component v1.0.0 == mosConfiglivesite Remote File Include Vulnerabilities Affected Application: Mambo a6mambocredits component v1.0.0 Mambo CMS Component . . : contact :...

Sricam gSOAP 2.8 - Denial of Service

Sricam gSOAP 2.8 - Denial of Service !/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage:...

WordPress Plugin Adserve 0.2 - adclick.php SQL Injection

WordPress Plugin Adserve 0.2 - adclick.php SQL Injection getvar"SELECT url FROM $tablename WHERE id=$id;"; Exploit id variable isnt filtered so we can inject and check the output in the Location response-header If exploit is succesfull Wordpress administrators login and md5 hashed password is...

myPHPCalendar 10192000b - cal_dir Remote File Inclusion

myPHPCalendar 10192000b - caldir Remote File Inclusion script name : myPHPCalendar Script Downloads : http://freshmeat.net/projects/myphpcalendar/ Web Site : http://myphpcalendar.sourceforge.net/ Version : 10.1 Risk : High Found By : Cr@zyKing Thanks : | eTNR | ApAci | Eno7 | TheHacker | Kormali4...

UCM6202 1.0.18.13 - Remote Command Injection

UCM6202 1.0.18.13 - Remote Command Injection Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...

Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Arbitrary File Disclosure (Metasploit)

Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Arbitrary File Disclosure Metasploit Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Date: 8/20/2019 Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net...

Microsoft Windows 10 19031809 - RPCSS Activation Kernel Security Callback Privilege Escalation

Microsoft Windows 10 19031809 - RPCSS Activation Kernel Security Callback Privilege Escalation Windows: RPCSS Activation Kernel Security Callback EoP Platform: Windows 10 1903/1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User...

LeptonCMS 4.5.0 - Persistent Cross-Site Scripting

LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Exploit Title: LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2019-03-24 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://lepton-cms.org/english/home.php Software Link:...

Apple macOS 10.14.5 iOS 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free

Apple macOS 10.14.5 iOS 12.3 XNU - in6pcbdetach Stale Pointer Use-After-Free Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here...

BoastMachine - blog SQL Injection

BoastMachine - blog SQL Injection source: https://www.securityfocus.com/bid/64278/info BoastMachine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

Jax Guestbook 3.313.50 - jax_Guestbook.php Cross-Site Scripting

Jax Guestbook 3.313.50 - jaxGuestbook.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28523/info Jax Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Netatalk 3.1.12 - Authentication Bypass

Netatalk 3.1.12 - Authentication Bypass Exploit Title: Netatalk Authentication Bypass Date: 12/20/2018 Exploit Author: Jacob Baines Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 Tested on: Seagate NAS OS...

ZTE F660 - Remote Configuration Download

ZTE F660 - Remote Configuration Download / Exploit Title : ZTE remote configuration download Date : 09 May 2015 Exploit Author : Daniel Cisa Vendor Homepage : http://wwwen.zte.com.cn/en/ Platform : Hardware Tested On : ZTE F660 Firmware Version: 2.22.21P1T8S -------------------------- Config remo...

Procps-ng - Multiple Vulnerabilities

Procps-ng - Multiple Vulnerabilities Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged...

Joomla! 2.5.2 - Admin Creation

Joomla! 2.5.2 - Admin Creation !/usr/bin/python3 CVE-2012-1563: Joomla! = 2.5.2 Admin Creation cf Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random url = 'http://vmweb.lan/joomla-cms-2.5.2/' formurl = url...

BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning (Metasploit)

BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning Metasploit / \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | | ------======\ / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Exploit Code...