41207 matches found
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)
Microsoft Internet Explorer 11 Windows 10 - VBScript Memory Corruption MS16-051 Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-018...
Tube Ace (Adult PHP Tube Script) - SQL Injection
Tube Ace Adult PHP Tube Script - SQL Injection Exploit Title: Tube AceAdult PHP Tube Script SQL Injection Date: 05/02/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Tube Ace http://www.tubeace.com Tested on: Linux Dork...
S9Y Serendipity 1.5.4 - Arbitrary File Upload
S9Y Serendipity 1.5.4 - Arbitrary File Upload In The Name Of GOD + Exploit Title:remote 0day file upload + Date: 2010 + script:Serendipity 1.5.4 + Software Link: http://www.s9y.org/12.html + Author : pentesters.ir +discovered by:ahmadbady + Contact : [email protected] + Website :...
CS-Cart 1.3.3 - classes_dir Remote File Inclusion
CS-Cart 1.3.3 - classesdir Remote File Inclusion $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ CS-Cart 1.3.3 classesdir = Remote File Include Vulnerability $$ Script site: http://www.cs-cart.com $$ Dork: Powered by CS-Cart - Shopping Cart Software $$...
My_eGallery Module 3.1.1 - Remote File Inclusion Command Injection
MyeGallery Module 3.1.1 - Remote File Inclusion Command Injection source: https://www.securityfocus.com/bid/9113/info A problem has been identified in the handling of input by MyeGallery. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the...
Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution
Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution """ Exploit Title: Apache UNO API RCE Date: 2018-09-18 Exploit Author: sud0woodo Vendor Homepage: https://www.apache.org/ Software Link: https://www.openoffice.org/api/ Version: LibreOffice Version: 6.1.2 /...
Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...
PHPMailer 5.2.18 - Remote Code Execution (Python)
PHPMailer 5.2.18 - Remote Code Execution Python """ Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory...
10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow SEH Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow SEH Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...
Centos WebPanel 7 - term SQL Injection
Centos WebPanel 7 - term SQL Injection Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10...
MikroTik RouterOS 6.43.12 (stable) 6.42.12 (long-term) - Firewall and NAT Bypass
MikroTik RouterOS 6.43.12 stable 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can ...
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting PoC Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Date: 06/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip...
HP Data Protector A.09.00 - Arbitrary Command Execution
HP Data Protector A.09.00 - Arbitrary Command Execution !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...
Dolphin 7.0.3 - Multiple Vulnerabilities
Dolphin 7.0.3 - Multiple Vulnerabilities Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email :...
AVAST SecureLine 5.5.522.0 - SecureLine Unquoted Service Path
AVAST SecureLine 5.5.522.0 - SecureLine Unquoted Service Path Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link...
Intel (Skylake Kaby Lake) - PortSmash CPU SMT Side-Channel
Intel Skylake Kaby Lake - PortSmash CPU SMT Side-Channel Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading is the only requirement. This exploit code should work out of the b...
ASPapp Knowledge Base - CatId SQL Injection (1)
ASPapp Knowledge Base - CatId SQL Injection 1 ....... ...... ..... .....CoRPITX ..... ..... ...... ....... -----------------Turkey-------------------------------------- --------- www.Hayalet-hack.com------------------------------- ----------www.xcorpitx-hack.com------------------------------ Iate...
Iskysoft Application Framework Service 2.4.3.241 - IsAppService Unquoted Service Path
Iskysoft Application Framework Service 2.4.3.241 - IsAppService Unquoted Service Path Exploit Title: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path Discovery by: Alejandro Reyes Discovery Date: 2020-03-05 Vendor Homepage: https://www.iskysoft.us Software...
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...
Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation (1)
Linux Kernel 4.3.3 Ubuntu 14.0415.10 - overlayfs Local Privilege Escalation 1 / just another overlayfs exploit, works on kernels before 2015-12-26 Exploit Title: overlayfs local root Date: 2016-01-05 Exploit Author: rebel Version: Ubuntu 14.04 LTS, 15.10 and more Tested on: Ubuntu 14.04 LTS, 15.1...
Logitech Webcam Software 1.1 - eReg.exe Local Buffer Overflow (SEH Unicode)
Logitech Webcam Software 1.1 - eReg.exe Local Buffer Overflow SEH Unicode Title: Logitech Webcam Software 1.1 eReg.exe SEH/Unicode Buffer Overflow Date: 9-10-2015 Target tested: Windows 7 x64 Software Link: http://www.logitech.com/pub/techsupport/quickcam/lws110x64.exe Author: Robbie Corley...
PHP 5.3.12 5.4.2 - CGI Argument Injection
PHP 5.3.12 5.4.2 - CGI Argument Injection Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = """""" postLength = lenpwncode httpraw="""POS...
Odin Secure FTP Expert 7.6.3 - Site Info Denial of Service (PoC)
Odin Secure FTP Expert 7.6.3 - Site Info Denial of Service PoC Exploit Title: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-27 Vendor Homepage: https://odin-secure-ftp-expert.jaleco.com/ Software Link Download :...
10-Strike Network Inventory Explorer - srvInventoryWebServer Unquoted Service Path
10-Strike Network Inventory Explorer - srvInventoryWebServer Unquoted Service Path Exploit Title: 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...
runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2)
runc 1.0-rc6 Docker 18.09.2 - Container Breakout 2 CVE-2019-5736 This is exploit code for CVE-2019-5736 and it works for both runc and LXC. The simplest way to use it is to copy the exploit code into an existing container, and run make.sh. However, you could just as easily create a bad image and...
Popper 1.41-r2 - form Remote File Inclusion
Popper 1.41-r2 - form Remote File Inclusion ============================================================================================== Popper ================================================================================================ Exploit : --------------------------------...
VMware Fusion 11.5.2 - Privilege Escalation
VMware Fusion 11.5.2 - Privilege Escalation Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Date: 2020-03-17 Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software...
BOA Web Server 0.94.14rc21 - Arbitrary File Access
BOA Web Server 0.94.14rc21 - Arbitrary File Access BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor...
Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Remote Code Execution
Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Remote Code Execution !/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage:...
Linux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation
Linux Kernel 3.5.0-23 Ubuntu 12.04.2 x64 - SOCKDIAG SMEP Bypass Local Privilege Escalation / based on the exploit by SynQ Modified PoC for CVE-2013-1763 with SMEP bypass Presentation: Practical SMEP Bypass Techniques on Linux Vitaly Nikolenko [email protected] Target: Linux ubuntu 3.5.0-23-gener...
PixelPost 1.4.3 - User Comment HTML Injection
PixelPost 1.4.3 - User Comment HTML Injection source: https://www.securityfocus.com/bid/16362/info Pixelpost is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting
Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code...
exim 4.90 - Remote Code Execution
exim 4.90 - Remote Code Execution Exploit Title: exim 4.90 - Remote Code Execution Date: 2018-10-24 Exploit Author: hackk.gr Vendor Homepage: exim.org Version: exim -1: authplainavailable = True if test: if lenl 70: sys.stdout.writel:70 + " ...\n" sys.stdout.flush else: print l.strip"\r".strip"\n...
lighttpd 1.4.31 - Denial of Service (PoC)
lighttpd 1.4.31 - Denial of Service PoC !/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested...
Joomla! Component My Car 1.0 - Multiple Vulnerabilities
Joomla! Component My Car 1.0 - Multiple Vulnerabilities Exploit Title: Joomla Component My Car Multiple Vulnerabilities Date: 28th May 2010 Author: Valentin Category: webapps/0day Version: 1.0 Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::...
Article Friendly - SQL Injection
Article Friendly - SQL Injection / /| | || || | | | | | || | / \ / || | / | | | | / / |||| | | | | | | / \ | | | / /| /| // |\ || |||| || ||||// \||\ ||| \ ..Bl4ck H4T.. ============================================================================== ! Article Friendly = SQL Injection...
Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference
Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. Advisory Information Title: Dnsmasq Heap...
Mambo Component com_registration_detailed 4.1 - Remote File Inclusion
Mambo Component comregistrationdetailed 4.1 - Remote File Inclusion Mambo comregistrationdetailed ghoz, homeedition2001, iFX, and for all friend's&enemy milw0rm.com 2006-09-16...
ThWboard 3.0 - index.php Cross-Site Scripting
ThWboard 3.0 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17627/info ThWboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion
Autolinks 2.1 Pro - Alinitialize.php Remote File Inclusion source: https://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...
ASUS AAHM 1.00.22 - asHmComSvc Unquoted Service Path
ASUS AAHM 1.00.22 - asHmComSvc Unquoted Service Path Exploit Title: ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-11 Vendor Homepage: https://www.asus.com/ Software Link...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution !/usr/bin/python3 Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 You only need a listener like netcat to catch the shell. Shout out to the team: Rob Simon, Justin Elze, Logan Sampson, Geoff Walton,...
Pandora 7.0NG - Remote Code Execution
Pandora 7.0NG - Remote Code Execution Exploit Title: Pandora 7.0NG - Remote Code Execution Date: 2019-11-14 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2019-20224 Vendor Homepage: https://pandorafms.org/ Software link: https://pandorafms.org/features/free-download-monitoring-software/ Version:...
Shutter 0.1.1 - Multiple SQL Injections
Shutter 0.1.1 - Multiple SQL Injections || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...
Sentrifugo HRMS 3.2 - id SQL Injection
Sentrifugo HRMS 3.2 - id SQL Injection Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Website: Date: 2020-03-06 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched...
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Online Book Store 1.0 - Unauthenticated Remote Code Execution Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage:...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
Microsoft Windows - AppX Deployment Service Local Privilege Escalation 3 CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within "c:\users%username%\appdata\local\packages\Microsoft.MicrosoftEdge8wekyb3d8bbwe"...
Zoho ManageEngine ServiceDesk Plus (SDP) 10.0 build 10012 - Arbitrary File Upload
Zoho ManageEngine ServiceDesk Plus SDP 10.0 build 10012 - Arbitrary File Upload Exploit Title: Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 - arbitrary file upload Date: 18-02-2019 Exploit Author: Dao Duy Hung [email protected] Vendor Homepage:...
CyberArk PSMP 10.9.1 - Policy Restriction Bypass
CyberArk PSMP 10.9.1 - Policy Restriction Bypass Exploit Title: CyberArk PSMP 10.9.1 - Policy Restriction Bypass Google Dork: NA Date: 2020-02-25 Exploit Author: LAHBAL Said Vendor Homepage: https://www.cyberark.com/ Software Link: https://www.cyberark.com/ Version: PSMP = 11.1 Prerequisites Poli...
PHP DateTime - Use-After-Free
PHP DateTime - Use-After-Free Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup...