DUware DUclassmate 1.x - edit.asp?iPro SQL Injection

DUware DUclassmate 1.x - edit.asp?iPro SQL Injection source: https://www.securityfocus.com/bid/14036/info DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit coul...

Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Arbitrary File Upload

Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Arbitrary File Upload Exploit Title: Telerik UI for ASP.NET AJAX RadAsyncUpload uploader Filename: RAUcrypto.py Github: https://github.com/bao7uo/RAUcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website:...

Mambo Component cropimage 1.0 - Remote File Inclusion

Mambo Component cropimage 1.0 - Remote File Inclusion C Y B E R - W A R R I O R T I M Mambo comcropimage 1.0 Component Remote Include Vulnerability Author: XORON Class: Remote cont@ct: x0r0nathotmaildotcom Code: in admin.cropcanvas.php , line 7 requireonce $cropimagedir."class.cropinterface.php";...

Pligg CMS 1.0.4 - story.php SQL Injection

Pligg CMS 1.0.4 - story.php SQL Injection / ! Pligg CMS story.php?id SQL Injection Vulnerability ! Author : Don Tukulesto [email protected] ! Homepage: http://indonesiancoder.com ! Date : Tue, April 27, 2010 ! Tune in : http://antisecradio.fm choose your weapon / Software Information Vendo...

FileSeek - CGI Script File Disclosure

FileSeek - CGI Script File Disclosure source: https://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server...

Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)

Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Google Dork: N/A Date: 2020-02-21 Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version:...

MicroTik RouterOS 6.43rc3 - Remote Root

MicroTik RouterOS 6.43rc3 - Remote Root / Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on:...

Exim - GHOST glibc gethostbyname Buffer Overflow (Metasploit)

Exim - GHOST glibc gethostbyname Buffer Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Exim GHOST glibc gethostbyname Buffer Overflow', 'Description' = %q This...

Dew-NewPHPLinks 2.1b - index.php SQL Injection

Dew-NewPHPLinks 2.1b - index.php SQL Injection Dew-NewPHPLinks v.2.1b index.php Sql Injection Vulnerability ====================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://www.dew-code.com/ .:. Dork : "Powered By Dew-NewPHPLinks...

Mambo Component Peoplebook 1.0 - Remote File Inclusion

Mambo Component Peoplebook 1.0 - Remote File Inclusion --------------------------------------------------------------------------- Peoplebook Mambo Component = v1.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Matdhule Da...

mail2forum phpBB Mod 1.2 - m2f_root_path Remote File Inclusion

mail2forum phpBB Mod 1.2 - m2frootpath Remote File Inclusion Title : mail2forum = 1.2 Multiple Remote File Include Vulnerabilities Discovered By OLiBekaS ----------------------------------------------------------------------------- Affected software description : Application : mail for phpbb...

OpenVPN Connect 3.0.0.272 - agent_ovpnconnect Unquoted Service Path

OpenVPN Connect 3.0.0.272 - agentovpnconnect Unquoted Service Path Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-03 Vendor Homepage: https://openvpn.net Software Link :...

Everest 5.50.2100 - Open File Denial of Service (PoC)

Everest 5.50.2100 - Open File Denial of Service PoC Exploit Title: Everest 5.50.2100 - 'Open File' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-24 Software Link : http://www.lavalys.com/ Tested Version: 5.50.2100 Vulnerability Type: Denial of Service DoS Local Tested...

eStore 1.0.2 - SQL Injection

eStore 1.0.2 - SQL Injection ===================================================================================================== .::Powered by eStore v1.0.2::. ===================================================================================================== x Author : R3VANBASTARD x Web :...

Web Wiz Guestbook 8.21 - Database Disclosure

Web Wiz Guestbook 8.21 - Database Disclosure ============= Web Wiz Guestbook v8.21 WWGguestbook.mdb Remote Database Disclosure Vulnerability auther : Cold z3ro, www.hackteach.org http://site.com/Path/database/WWGguestbook.mdb Dork : webwizguestbooklicense.asp ============= milw0rm.com 2008-12-16...

OpenSSL 1.0.1f TLS Heartbeat Extension - Heartbleed Memory Disclosure (Multiple SSLTLS Versions)

OpenSSL 1.0.1f TLS Heartbeat Extension - Heartbleed Memory Disclosure Multiple SSLTLS Versions Exploit Title: OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions Date: 2014-04-09 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.openssl.org/ Software Link:...

Plesk 9.5.4 - Remote Command Execution

Plesk 9.5.4 - Remote Command Execution Plesk Apache zeroday / June 2013 discovered & exploited by kingcope this Plesk configuration setting makes it possible: scriptAlias /phppath/ "/usr/bin/" Furthermore this is not cve-2012-1823 because the php interpreter is called directly. no php file is...

Mambo Component MGM 0.95r2 - Remote File Inclusion

Mambo Component MGM 0.95r2 - Remote File Inclusion ---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR...

Joomla! com_hdwplayer 4.2 - search.php SQL Injection

Joomla! comhdwplayer 4.2 - search.php SQL Injection Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link:...

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 - PHP Object Injection eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal

Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Exploit Title: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Date: 2020-03-26 Exploit Author: hongphukt Vendor Homepage: https://www.jinfonet.com/ Software Link: https://www.jinfonet.com/product/download-jreport/ Version:...

FIBARO System Home Center 5.021 - Remote File Include

FIBARO System Home Center 5.021 - Remote File Include Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3,...

WordPress 4.6 - Remote Code Execution

WordPress 4.6 - Remote Code Execution !/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // WordPress 4.6 - Remote Code Execution RCE PoC Exploit CVE-2016-10033 wordpress-rce-exploit.sh ver. 1.0 Discovered and...

Drobo 5N2 4.1.1 - Remote Command Injection

Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...

Mambo Component com_serverstat 0.4.4 - Remote File Inclusion

Mambo Component comserverstat 0.4.4 - Remote File Inclusion =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Mambo comserverstat Component =0.4.4 Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= +...

PHPOpenChat 2.3.43.0.1 - poc.php Remote File Inclusion

PHPOpenChat 2.3.43.0.1 - poc.php Remote File Inclusion source: https://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the...

ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)

ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author:...

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution !/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e...

IBM Lotus Domino R8 - Password Hash Extraction

IBM Lotus Domino R8 - Password Hash Extraction Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage:...

Deep Instinct Windows Agent 1.2.29.0 - DeepMgmtService Unquoted Service Path

Deep Instinct Windows Agent 1.2.29.0 - DeepMgmtService Unquoted Service Path Exploit Title: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path Discovery by: Oscar Flores Discovery Date: 2020-03-05 Vendor Homepage: https://www.deepinstinct.com/ Software Links :...

Comtrend VR-3033 - Command Injection

Comtrend VR-3033 - Command Injection Title: Comtrend VR-3033 - Authenticated Command Injection Date: 2020-02-26 Author: Author : Raki Ben Hamouda Vendor: https://us.comtrend.com Product link: https://us.comtrend.com/products/vr-3030/ CVE: CVE-2020-10173 The Comtrend VR-3033 is prone to Multiple...

Oracle HTTP Server - Cross-Site Scripting Header Injection

Oracle HTTP Server - Cross-Site Scripting Header Injection --------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection...

UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read

UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read Exploit Title: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Date: 2020-02-04 Exploit Author: NgoAnhDuc Vendor Homepage:...

Easy File Sharing Web Server 7.2 - POST Remote Buffer Overflow (DEP Bypass)

Easy File Sharing Web Server 7.2 - POST Remote Buffer Overflow DEP Bypass !/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow DEP Bypass with ROP Exploit Author: bl4ck h4ck3r Software Link: http://www.sharing-file.com/efssetup.exe Version: Easy File Sharing W...

Linux Kernel 4.8.0-34 4.8.0-45 (Ubuntu Linux Mint) - Packet Socket Local Privilege Escalation

Linux Kernel 4.8.0-34 4.8.0-45 Ubuntu Linux Mint - Packet Socket Local Privilege Escalation // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on Ubuntu / Linux Mint: // - 4.8.0-34-generic // - 4.8.0-36-generic // - 4.8.0-39-generic // -...

Agent-XSS

An XSS Channel is an interactive communication channel between two systems which is opened by an XSS attack. At a technical level, it is a type of AJAX application which can obtain commands, send responses back and is able to talk cross-domain. // Exploit Pack server - Change 127.0.0.1 to your IP...

MamboLaiThai ExtCalThai 0.9.1 - admin_events.php?CONFIG_EXT[LANGUAGES_DIR] Remote File Inclusion

MamboLaiThai ExtCalThai 0.9.1 - adminevents.php?CONFIGEXTLANGUAGESDIR Remote File Inclusion source: https://www.securityfocus.com/bid/20487/info ExtCalThai is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issue...

TFM MMPlayer 2.0 - .m3u.ppl Universal Buffer Overflow (SEH)

TFM MMPlayer 2.0 - .m3u.ppl Universal Buffer Overflow SEH !/usr/bin/perl + Bug : TFM MMPlayer 2.0 m3u/ppl Universal Buffer Overflow Exploit SEH + Author : ThE g0bL!N Greetz to all my friends Tested on: Windows XP Pro SP2 Fr Big Thnx :His0k4 Download:http://www.tfm.ro/mmplayer/download/mmplayer.zi...

S9Y Serendipity 1.0.3 - comment.php Local File Inclusion

S9Y Serendipity 1.0.3 - comment.php Local File Inclusion DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL...

Redis-cli 5.0 - Buffer Overflow (PoC)

Redis-cli 5.0 - Buffer Overflow PoC Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow i...

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

Hewlett-Packard HP UCMDB - JMX-Console Authentication Bypass Mogwai Security Advisory MSA-2015-02 ---------------------------------------------------------------------- Title: Hewlett-Packard UCMDB - JMX-Console Authentication Bypass CVE-ID: CVE-2014-7883 Product: Hewlett-Packard Universal CMDB...

CompMgmtLauncher

Auto-Elevate process using CompMgmtLauncher.exe Author: jsacco How to use: 1. Copy the batch into run.bat 2. Run it! 3. Admin Tested on Windows 10 @echo off echo UAC-Bypass by jsacco reg add "HKCU\Software\Classes\mscfile\shell\open\command" /d "cmd.exe /c" /f && reg add...

Arm Whois 3.11 - Buffer Overflow (SEH)

Arm Whois 3.11 - Buffer Overflow SEH...

Tube Ace (Adult PHP Tube Script) - SQL Injection

Tube Ace Adult PHP Tube Script - SQL Injection Exploit Title: Tube AceAdult PHP Tube Script SQL Injection Date: 05/02/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Tube Ace http://www.tubeace.com Tested on: Linux Dork...

My_eGallery Module 3.1.1 - Remote File Inclusion Command Injection

MyeGallery Module 3.1.1 - Remote File Inclusion Command Injection source: https://www.securityfocus.com/bid/9113/info A problem has been identified in the handling of input by MyeGallery. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the...

Git Submodule - Arbitrary Code Execution

Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...

Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack

Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error...

TP-Link Archer C50 3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service PoC Exploit Title: TP-Link Archer C50 3 - Denial of Service PoC Date: 2020-01-25 Exploit Author: thewhiteh4t Vendor Homepage: https://www.tp-link.com/ Version: TP-Link Archer C50 v3 Build 171227 Tested on: Arch Linux x64 CVE: CVE-2020-9375 Description:...

Sony Playstation 4 (PS4) 6.72 - WebKit Code Execution (PoC)

Sony Playstation 4 PS4 6.72 - WebKit Code Execution PoC / badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmwar...

PHPMailer 5.2.18 - Remote Code Execution (Python)

PHPMailer 5.2.18 - Remote Code Execution Python """ Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory...