BlogMe PHP 1.1 - comments.php SQL Injection

BlogMe PHP 1.1 - comments.php SQL Injection + BlogMe PHP remote SQL injection exploit + Script download : http://www.drumster.net/gamma/downloads/BlogMe11.zip + Founded by : His0k4 ALGERIAN HaCkEr + Greetz : All friends & muslims HaCkeRs... + Dork : "BlogMe PHP created by Gamma Scripts" + Exploit...

X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)

X.Org xorg-server 1.1.1-48.13 - Probe for Files PoC !/bin/sh Xorg file disclosure vulnerability CVE-2007-5958 Lame xploit by vl4dZ : sh-3.1$ whoami uid=1001kecos gid=1001user groups=1001user sh-3.1$ ./Xorg-File-Existence-PoC.sh /root/.ssh/iddsa ... FILE /root/.ssh/iddsa EXIST !! Vulnerable:...

Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow

Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow Vantage Linguistics AnswerWorks 4 API ActiveX Control Buffer Overflow Exploit function Check var buf = 'A'; while buf.length = 214 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...

OpenSSL 0.9.7l0.9.8d - SSLv2 Client Crash

OpenSSL 0.9.7l0.9.8d - SSLv2 Client Crash !/usr/bin/perl Copyrightc Beyond Security Written by Noam Rathaus - based on beSTORM's SSL Server module Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response use strict; use IO::Socket; my $sock =...

PHPLojaFacil 0.1.5 - path_local Remote File Inclusion

PHPLojaFacil 0.1.5 - pathlocal Remote File Inclusion PHPLojaFacil 0.1.5 pathlocal Remote File Inclusion Vulnerabilities D.Script: http://www.crieseuwebsite.com/php/download.php?categoria=E-Commerce&arquivo=24 Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.Com/cc...

YaPiG 0.95b - Remote Code Execution

YaPiG 0.95b - Remote Code Execution ?php / \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- Portal : YaPIG 0.95b Vendor : http://yapig.sourceforge.net Author : Dj7xpl We Are : Y4Ho0 -Mr.Mithridates -Sir SiSiLi -System Failure -Satanic Soulfull -And Me Email :...

XOOPS Module Zmagazine 1.0 - print.php SQL Injection

XOOPS Module Zmagazine 1.0 - print.php SQL Injection !/usr/bin/perl Script Name: XOOPS Module Zmagazine 1.0 print.php Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : "inurl:/modules/zmagazine/" Result:20.800 Example S. :...

XOOPS Module Camportail 1.1 - camid SQL Injection

XOOPS Module Camportail 1.1 - camid SQL Injection !/usr/bin/perl Script Name: XOOPS Module Camportail : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id;...

XOOPS Module Lykos Reviews 1.00 - index.php SQL Injection

XOOPS Module Lykos Reviews 1.00 - index.php SQL Injection XOOPS Module Lykos Reviews 1.00 index.php BLIND SQL Injection Exploit //'=============================================================================================== //'Script Name: XOOPS Module Lykos Reviews 1.00 index.php BLIND SQL...

phpBB MOD Forum picture and META tags 1.7 - Remote File Inclusion

phpBB MOD Forum picture and META tags 1.7 - Remote File Inclusion Exploitname: phpBB Module Forum picture and META tags 1.7 File Include Vulnerability Vendor: http://www.rfnnet.nl/downloads/phpbb/MODForumpictureandMETAtags.zip Founder: bd0rk Contact: bd0rkathackermail.com Greetings: str0ke, TheJT...

PHP Advanced Transfer Manager 1.30 - Source Code Disclosure

PHP Advanced Transfer Manager 1.30 - Source Code Disclosure DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots ...

ZipCentral 4.01 - .ZIP File Handling Local Buffer Overflow

ZipCentral 4.01 - .ZIP File Handling Local Buffer Overflow / ZipCentral 4.01 Exploit by bratax http://www.bratax.be/ Soooooo many thanks to BuzzDee and c0rrupt for helping me with all the problems I encountered : Wouldn't have finished this without you guys! Greetz to everyone I like... no, that...

Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)

Solaris 10 sysinfo2 - Local Kernel Memory Disclosure 2 / $Id: raptorsysinfo.c,v 1.2 2006/08/22 13:47:54 raptor Exp $ raptorsysinfo.c - Solaris sysinfo2 kernel memory leak Copyright c 2006 Marco Ivaldi systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count...

Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow

Quake 3 Engine 1.32b - RRemapShader Remote Client Buffer Overflow // remapthis.c - "RRemapShader" q3 engine 1.32b client remote bof exploit // by landser - landser at hotmail.co.il // // this code works as a preloaded shared library on a game server, // it hooks two functions on the running serve...

Chipmunk Guestbook 1.3 - index.php SQL Injection

Chipmunk Guestbook 1.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/17483/info Chipmunk Guestbook is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

MyBloggie 2.1.22.1.3 - trackback_url Cross-Site Scripting

MyBloggie 2.1.22.1.3 - trackbackurl Cross-Site Scripting source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...

SoftiaCom wMailServer 1.0 - SMTP Remote Buffer Overflow (Metasploit)

SoftiaCom wMailServer 1.0 - SMTP Remote Buffer Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

MetaCart E-Shop V-8 - StrCatalog_NAME SQL Injection

MetaCart E-Shop V-8 - StrCatalogNAME SQL Injection source: https://www.securityfocus.com/bid/13377/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An...

Solaris 89 passwd - circ() Local Privilege Escalation

Solaris 89 passwd - circ Local Privilege Escalation / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability in passwd1 in Solaris 8.0 and 9.0 allows local users to gain privileges via...

Linux Kernel 2.6.7-rc3 (Slackware 9.1 Debian 3.0) - sys_chown() Group Ownership Alteration Privilege Escalation

Linux Kernel 2.6.7-rc3 Slackware 9.1 Debian 3.0 - syschown Group Ownership Alteration Privilege Escalation / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorchown.c - syschown missing DAC controls on Linux Copyright c 2004 Marco Ivaldi Unknown vulnerability in Linux kernel 2.x may...

phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion

phpGroupWare 0.9.14 - TablesUpdate.Inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server...

Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing

Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing source: https://www.securityfocus.com/bid/6334/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. Under some circumstances, it ma...

Microsoft Windows XP2000NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)

Microsoft Windows XP2000NT 4.0 - Network Share Provider SMB Request Buffer Overflow 1 // source: https://www.securityfocus.com/bid/5556/info Microsoft Windows operating systems use the Server Message Block SMB protocol to support services such as file and printer sharing. A buffer overflow...

ISC BIND 8.2.x - TSIG Remote Stack Overflow (1)

ISC BIND 8.2.x - TSIG Remote Stack Overflow 1 / tsig0wn.c Copyright Field Marshal August Wilhelm Anton Count Neithardt von Gneisenau [email protected] The author is not and will not be held responsible for the action of other people using this code. provided for informational purposes only sin...

Half Life - rcon Remote Buffer Overflow

Half Life - rcon Remote Buffer Overflow / SDI HalfLife rcon remote exploit for linux x86 portuguese exploit remoto para o buffer overflow do rcon no halflife Tamandua Sekure Labs Sao Paulo - Porto Alegre, Brazil by Thiago Zaninotti c0nd0r Gustavo Scotti csh Proof of concept - There is a remote...

Tridia DoubleVision 3.0 7.00 - Local Privilege Escalation

Tridia DoubleVision 3.0 7.00 - Local Privilege Escalation // source: https://www.securityfocus.com/bid/1697/info A utility integral to Tridia DoubleVision for SCO UnixWare 7.x has been found to be vulnerable to a buffer overflow attack. dvtermtype, which is setuid root, is run by a user at login...

DNSTools Software DNSTools 1.0.81.10 - Input Validation

DNSTools Software DNSTools 1.0.81.10 - Input Validation source: https://www.securityfocus.com/bid/1028/info A vulnerability exists in the 1.0.8 release of DNSTools labeled on some areas of their site as 1.08, from DNSTools Software. By manipulating the contents of certain post variables, arbitrar...

PHPFI 1.0FI 2.0FI 2.0 b10 - mylogmlog

PHPFI 1.0FI 2.0FI 2.0 b10 - mylogmlog source: https://www.securityfocus.com/bid/713/info The PHP/FI package which was originally written by Rasmus Lerdorf is an is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific featur...

SprintWork 2.3.1 - Local Privilege Escalation

SprintWork 2.3.1 - Local Privilege Escalation Exploit Title: SprintWork 2.3.1 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-13 Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/spx/exe/SprintWork-Setup.exe Version: 2.3.1 Tested On: Windows 10 32-bi...

MyVideoConverter Pro 3.14 - TVSeries Buffer Overflow

MyVideoConverter Pro 3.14 - TVSeries Buffer Overflow Exploit Title: MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-11 Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run t...

F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)

F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Date: 2020-01-30 Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference:...

Centreon 19.10.5 - Database Credentials Disclosure

Centreon 19.10.5 - Database Credentials Disclosure Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on:...

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software...

Online Book Store 1.0 - bookisbn SQL Injection

Online Book Store 1.0 - bookisbn SQL Injection Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection Google Dork: N/A Date: 2020-01-15 Exploit Author: AmirHadi Yazdani Ertebat Gostar Co. Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-ph...

AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot

AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Exploit: AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62...

HomeAutomation 3.3.2 - Persistent Cross-Site Scripting

HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...

InTouch Machine Edition 8.1 SP1 - Atributos Denial of Service (PoC)

InTouch Machine Edition 8.1 SP1 - Atributos Denial of Service PoC Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Discovery Date: 12019-11-16 Vendor Homepage: https://on.wonderware.com/ Software Link :...

Zabbix 4.2 - Authentication Bypass

Zabbix 4.2 - Authentication Bypass Exploit Title: Zabbix 4.2 - Authentication Bypass Date: 2019-10-06 Exploit Author: Milad Khoshdel Software Link: https://www.zabbix.com/download Version: Zabbix 2.x , 3.x , 4.x Tested on latest version Zabbix 4.2 Tested on: Linux Apache/2 PHP/7.2 Google Dork:...

V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery

V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on...

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, Nationa...

Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service (PoC)

Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service PoC CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, becaus...

google.com.ar

Pentest notes for: google.com.ar Exploit Pack Nmap 7.80 scan initiated Fri Sep 13 16:38:25 2019 as: "C:\Program Files x86\Nmap\nmap.exe" -sV -A -oA log/google.com.ar google.com.ar Nmap scan report for google.com.ar 173.194.222.94 Host is up 0.015s latency. rDNS record for 173.194.222.94:...

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link:...

Microsoft DirectWrite AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

Microsoft DirectWrite AFDKO - Stack-Based Buffer Overflow in dosetweightvectorcube for Large nAxes -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

FaceSentry Access Control System 6.4.8 - Remote Root Exploit !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 5...

BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description...

Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery

Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" uplo...

D-Link DWL-2600AP - Multiple OS Command Injection

D-Link DWL-2600AP - Multiple OS Command Injection Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use a...