41207 matches found
Vortex Portal 1.0.42 - Remote File Inclusion
Vortex Portal 1.0.42 - Remote File Inclusion Vortex Portal 1.0.42 RFI ---------- Author : ShAy6oOoN ---------- Group : PitBull Crew ---------- Script : Vortex Portal 1.0.42 ---------- Download : http://www.igamingcms.com/legacy-software/VortexPortal1.0.42.zip ---------- Vuln Type: RFI ----------...
LinPHA 1.3.1 - new_images.php Blind SQL Injection
LinPHA 1.3.1 - newimages.php Blind SQL Injection order = $REQUEST'order'; 188. 189. if$defaultorder != $REQUEST'order' 190. 191. $this-linkaddress .= '&order='.$REQUEST'order'; 192. 193. 194. else 195. 196. $this-order = $defaultorder; 197. 198. 199. 200. // 201. // set sql query string 202. //...
Vivotek Motion Jpeg Control - MjpegDecoder.dll 2.0.0.13 Remote Overflow
Vivotek Motion Jpeg Control - MjpegDecoder.dll 2.0.0.13 Remote Overflow ' metasploit one, alpha2... add a user 'sun' with pass 'tzu' FRAGMENT =...
NavBoard 2.6.0 - Remote Code Execution
NavBoard 2.6.0 - Remote Code Execution "; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input type=tex...
SmodCMS 2.10 - Slownik ssid SQL Injection
SmodCMS 2.10 - Slownik ssid SQL Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '...
iPhotoAlbum 1.1 - header.php Remote File Inclusion
iPhotoAlbum 1.1 - header.php Remote File Inclusion iPhotoAlbum v1.1header.phpRemote File Include Vulnerability D.Script: http://sourceforge.net/projects/iphotoalbum/ Discovered by: GloDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code Exploit:Path/lib/static/header.php?setmenu=SheLL Greetz To:...
Newswriter SW 1.42 - editfunc.inc.php File Inclusion
Newswriter SW 1.42 - editfunc.inc.php File Inclusion ============================================================================================== Newswriter SW = 1.42 NWCONFSYSTEMserverpath Remote File Inclusion Vulnerability...
Linux Kernel 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service
Linux Kernel 2.6.16.18 - Netfilter NAT SNMP Module Remote Denial of Service / ecl-nf-snmpwn.c - 30/05/06 Alex Behar Yuri Gushin A patch review we did on the 2.6.16.17-18 Linux kernel source tree revealed a restructuring of code in the snmpparsemangle and the snmptrapdecode functions. After furthe...
DoceboLms 2.0.5 - help.php Remote File Inclusion
DoceboLms 2.0.5 - help.php Remote File Inclusion Vulnerable Script: Docebo LMS 2.05 Discovered: beford Noobs: %22Based+on+DoceboLMS+2.0%22 Vulnerable Files doceboLMS205/modules/credits/business.php = include$GET'lang'.'/language.php'; doceboLMS205/modules/credits/credits.php =...
MyBloggie 2.1.22.1.3 - trackback_url Cross-Site Scripting
MyBloggie 2.1.22.1.3 - trackbackurl Cross-Site Scripting source: https://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...
PHPKIT 1.6.1R2 - filecheck Remote Command Execution
PHPKIT 1.6.1R2 - filecheck Remote Command Execution works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." also if magicquotesgpc =...
AWStats 5.7 6.2 - Multiple Remote
AWStats 5.7 6.2 - Multiple Remote / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...
tcpdump - ISAKMP Identification Payload Integer Overflow
tcpdump - ISAKMP Identification Payload Integer Overflow / tcpdump packet sniffer Integer underflow in ISAKMP Identification payload denial of service vulnerability proof of concept code version 1.0 Apr 02 2004 CVE-ID: CAN-2004-0184 by Remi Denis-Courmont www simphalempin com dev Remi...
WarpSpeed 4nAlbum Module 0.92 - nmimage.php?z Cross-Site Scripting
WarpSpeed 4nAlbum Module 0.92 - nmimage.php?z Cross-Site Scripting source: https://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. There is an information...
Samba 2.2.8 (LinuxBSD) - Remote Code Execution
Samba 2.2.8 LinuxBSD - Remote Code Execution / Remote root exploit for Samba 2.2.x and prior that works against Linux all distributions, FreeBSD 4.x, 5.x, NetBSD 1.x and OpenBSD 2.x, 3.x and 3.2 non-executable stack. sambal.c is able to identify samba boxes. It will send a netbios name packet to...
Apache Tomcat - AJP Ghostcat File ReadInclusion
Apache Tomcat - AJP Ghostcat File ReadInclusion !/usr/bin/env python CNVD-2020-10487 Tomcat-Ajp lfi by ydhcui import struct Some references: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html def packstrings: if s is None: return struct.pack"h", -1 l = lens return struct.pack"H%dsb" % l, l...
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A...
PHP 7.0 7.4 (Unix) - debug_backtrace disable_functions Bypass
PHP 7.0 7.4 Unix - debugbacktrace disablefunctions Bypass a; $backtrace = new Exception-getTrace; ; if!isset$backtrace1'args' PHP = 7.4 $backtrace = debugbacktrace; class Helper public $a, $b, $c, $d; function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8;...
Microsoft SharePoint - Deserialization Remote Code Execution
Microsoft SharePoint - Deserialization Remote Code Execution !/usr/bin/env python3 -- coding: utf-8 -- import requests import sys from xml.sax.saxutils import escape from lxml import html import codecs import readline from clint.arguments import Args import signal def serializecommandcmd: total =...
Chevereto 3.13.4 Core - Remote Code Execution
Chevereto 3.13.4 Core - Remote Code Execution Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Date: 2020-01-11 Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, ...
nostromo 1.9.6 - Remote Code Execution
nostromo 1.9.6 - Remote Code Execution Exploit Title: nostromo 1.9.6 - Remote Code Execution Date: 2019-12-31 Exploit Author: Kr0ff Vendor Homepage: Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz Version: 1.9.6 Tested on: Debian CVE : CVE-2019-16278 cve201916278.py !/usr/bin/env...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome...
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
Acronis True Image OEM 19.0.5128 - afcdpsrv Unquoted Service Path
Acronis True Image OEM 19.0.5128 - afcdpsrv Unquoted Service Path Exploit Title: Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path Date: 2019-11-11 Author: Alejandra Sánchez Vendor Homepage: https://www.acronis.com Software:...
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...
LimeSurvey 3.17.13 - Cross-Site Scripting
LimeSurvey 3.17.13 - Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172,...
Windows NTFS - Privileged File Access Enumeration
Windows NTFS - Privileged File Access Enumeration + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Windows...
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link...
Asus Precision TouchPad 11.0.0.25 - Denial of Service
Asus Precision TouchPad 11.0.0.25 - Denial of Service !/usr/bin/python Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc Date: 29-08-2019 Exploit Author: Athanasios Tserpelis of Telspace Systems Vendor Homepage: https://www.asus.com Version: 11.0.0.25 Software Link :...
Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation
Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combi...
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1...
Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Empty ROS Strings
Microsoft DirectWrite AFDKO - Heap-Based Out-of-Bounds ReadWrite in OpenType Font Handling Due to Empty ROS Strings -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1...
RICOH SP 4510DN Printer - HTML Injection
RICOH SP 4510DN Printer - HTML Injection Exploit Title: RICOH SP 4510DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.htm...
Netgear DGN2200 DGND3700 - Admin Password Disclosure
Netgear DGN2200 DGND3700 - Admin Password Disclosure /bin/bash PoC based on CVE-2016-5649 created by Social Engineering Neo. Long Method: https://www.youtube.com/watch?v=f3awG0XPKAs https://www.shodan.io/search?query=DGN2200 = 2,325 possible vulnerable devices...
mIRC 7.55 - Custom URI Protocol Handlers Remote Command Execution
mIRC 7.55 - Custom URI Protocol Handlers Remote Command Execution Exploit Title: RCE on mIRC 7.55 using argument injection through custom URI protocol handlers Date: 18/02/2019 Exploit Author: https://twitter.com/proofofcalc/ Vendor Homepage: https://www.mirc.com Software Link:...
osCommerce 2.3.4.1 - products_id SQL Injection
osCommerce 2.3.4.1 - productsid SQL Injection Exploit Title: osCommerce 2.3.4.1 - 'productsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category:...
BEWARD Intercom 2.3.1 - Credentials Disclosure
BEWARD Intercom 2.3.1 - Credentials Disclosure !/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions abo...
GattLib 0.2 - Stack Buffer Overflow
GattLib 0.2 - Stack Buffer Overflow Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
Base64 Decoder 1.1.2 - Local Buffer Overflow SEH !/usr/bin/env python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Date: 12-20-18 Vulnerable Software: Base64 Decoder 1.1.2 Vendor Homepage: http://4mhz.de/b64dec.html Version: 1.1.2 Software...
Schneider Electric PLC - Session Calculation Authentication Bypass
Schneider Electric PLC - Session Calculation Authentication Bypass ! /usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp Kernel Pointer / Exploit Title: Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp kernel pointer Google Dork: - Date: 2018-11-20 Exploit Author: Jinbum Park Vendor Homepage: - Software Link: - Version: Linux Kernel 4.8 Ubuntu 16.04 Tested on: 4.8.0-36-generic...
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested...
Apple macOS 10.13.4 - Denial of Service (PoC)
Apple macOS 10.13.4 - Denial of Service PoC Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Date: 2018-09-10 Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE :...
Sentrifugo HRMS 3.2 - deptid SQL Injection
Sentrifugo HRMS 3.2 - deptid SQL Injection Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version...
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Exploit title: Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Author: Alfie Date: 2018-08-21 Website: https://www.hikvision.com/en/ Software: Hikvision Camera Versions: DS-2CD2xx2F-I Series: V5.2.0 build 140721 to V5.4.0 build 16053...
reSIProcate 1.10.2 - Heap Overflow
reSIProcate 1.10.2 - Heap Overflow ''' CVE ID: CVE-2018-12584 TIMELINE Bug report with test code sent to main reSIProcate developers: 2018-06-15 Patch created by Scott Godin: 2018-06-18 CVE ID assigned: 2018-06-19 Patch committed to reSIProcate repository: 2018-06-21 Advisory first published on...
Imperva SecureSphere 11.5 12.0 13.0 - Privilege Escalation
Imperva SecureSphere 11.5 12.0 13.0 - Privilege Escalation Title: Imperva SecureSphere = v13 - Privilege Escalation Author: 0x09AL Date: 01/08/2018 Tested on: Imperva SecureSphere 11.5,12.0,13.0 Vendor: https://www.imperva.com/ Vulnerability Description There is a program named PCE.py which runs ...
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" m...
ClipperCMS 1.3.3 - Cross-Site Scripting
ClipperCMS 1.3.3 - Cross-Site Scripting Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field Date: 05/27/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://www.clippercms.com/ Software Link:...