Cisco Catalyst 2960 IOS 12.2(55)SE11 - ROCEM Remote Code Execution

Cisco Catalyst 2960 IOS 12.255SE11 - ROCEM Remote Code Execution !/usr/bin/python Exploit Title: Cisco Catalyst 2960 - Buffer Overflow Exploit Details: https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ Date: 04.10.2017 Exploit Author: https://twitter.com/artkond Vendor Homepage...

S9Y Serendipity 1.5.4 - Arbitrary File Upload

S9Y Serendipity 1.5.4 - Arbitrary File Upload In The Name Of GOD + Exploit Title:remote 0day file upload + Date: 2010 + script:Serendipity 1.5.4 + Software Link: http://www.s9y.org/12.html + Author : pentesters.ir +discovered by:ahmadbady + Contact : [email protected] + Website :...

CS-Cart 1.3.3 - classes_dir Remote File Inclusion

CS-Cart 1.3.3 - classesdir Remote File Inclusion $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ CS-Cart 1.3.3 classesdir = Remote File Include Vulnerability $$ Script site: http://www.cs-cart.com $$ Dork: Powered by CS-Cart - Shopping Cart Software $$...

ASPapp Knowledge Base - CatId SQL Injection (1)

ASPapp Knowledge Base - CatId SQL Injection 1 ....... ...... ..... .....CoRPITX ..... ..... ...... ....... -----------------Turkey-------------------------------------- --------- www.Hayalet-hack.com------------------------------- ----------www.xcorpitx-hack.com------------------------------ Iate...

Iskysoft Application Framework Service 2.4.3.241 - IsAppService Unquoted Service Path

Iskysoft Application Framework Service 2.4.3.241 - IsAppService Unquoted Service Path Exploit Title: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path Discovery by: Alejandro Reyes Discovery Date: 2020-03-05 Vendor Homepage: https://www.iskysoft.us Software...

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...

runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2)

runc 1.0-rc6 Docker 18.09.2 - Container Breakout 2 CVE-2019-5736 This is exploit code for CVE-2019-5736 and it works for both runc and LXC. The simplest way to use it is to copy the exploit code into an existing container, and run make.sh. However, you could just as easily create a bad image and...

Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation (1)

Linux Kernel 4.3.3 Ubuntu 14.0415.10 - overlayfs Local Privilege Escalation 1 / just another overlayfs exploit, works on kernels before 2015-12-26 Exploit Title: overlayfs local root Date: 2016-01-05 Exploit Author: rebel Version: Ubuntu 14.04 LTS, 15.10 and more Tested on: Ubuntu 14.04 LTS, 15.1...

10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow (SEH)

10-Strike Network Inventory Explorer 8.54 - Add Local Buffer Overflow SEH Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow SEH Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...

Intel (Skylake Kaby Lake) - PortSmash CPU SMT Side-Channel

Intel Skylake Kaby Lake - PortSmash CPU SMT Side-Channel Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading is the only requirement. This exploit code should work out of the b...

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

Microsoft Internet Explorer 11 Windows 10 - VBScript Memory Corruption MS16-051 Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-018...

HP Data Protector A.09.00 - Arbitrary Command Execution

HP Data Protector A.09.00 - Arbitrary Command Execution !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

PHP 5.3.12 5.4.2 - CGI Argument Injection

PHP 5.3.12 5.4.2 - CGI Argument Injection Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = """""" postLength = lenpwncode httpraw="""POS...

AVAST SecureLine 5.5.522.0 - SecureLine Unquoted Service Path

AVAST SecureLine 5.5.522.0 - SecureLine Unquoted Service Path Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link...

Odin Secure FTP Expert 7.6.3 - Site Info Denial of Service (PoC)

Odin Secure FTP Expert 7.6.3 - Site Info Denial of Service PoC Exploit Title: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-27 Vendor Homepage: https://odin-secure-ftp-expert.jaleco.com/ Software Link Download :...

Linux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation

Linux Kernel 3.5.0-23 Ubuntu 12.04.2 x64 - SOCKDIAG SMEP Bypass Local Privilege Escalation / based on the exploit by SynQ Modified PoC for CVE-2013-1763 with SMEP bypass Presentation: Practical SMEP Bypass Techniques on Linux Vitaly Nikolenko [email protected] Target: Linux ubuntu 3.5.0-23-gener...

Joomla! Component My Car 1.0 - Multiple Vulnerabilities

Joomla! Component My Car 1.0 - Multiple Vulnerabilities Exploit Title: Joomla Component My Car Multiple Vulnerabilities Date: 28th May 2010 Author: Valentin Category: webapps/0day Version: 1.0 Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::...

Popper 1.41-r2 - form Remote File Inclusion

Popper 1.41-r2 - form Remote File Inclusion ============================================================================================== Popper ================================================================================================ Exploit : --------------------------------...

PixelPost 1.4.3 - User Comment HTML Injection

PixelPost 1.4.3 - User Comment HTML Injection source: https://www.securityfocus.com/bid/16362/info Pixelpost is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

D-Link DIR-615 - Privilege Escalation

D-Link DIR-615 - Privilege Escalation Exploit Title: D-Link DIR-615 - Privilege Escalation Date: 2019-12-10 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmware...

Article Friendly - SQL Injection

Article Friendly - SQL Injection / /| | || || | | | | | || | / \ / || | / | | | | / / |||| | | | | | | / \ | | | / /| /| // |\ || |||| || ||||// \||\ ||| \ ..Bl4ck H4T.. ============================================================================== ! Article Friendly = SQL Injection...

10-Strike Network Inventory Explorer - srvInventoryWebServer Unquoted Service Path

10-Strike Network Inventory Explorer - srvInventoryWebServer Unquoted Service Path Exploit Title: 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link:...

VMware Fusion 11.5.2 - Privilege Escalation

VMware Fusion 11.5.2 - Privilege Escalation Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Date: 2020-03-17 Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software...

lighttpd 1.4.31 - Denial of Service (PoC)

lighttpd 1.4.31 - Denial of Service PoC !/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested...

ThWboard 3.0 - index.php Cross-Site Scripting

ThWboard 3.0 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17627/info ThWboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion

Autolinks 2.1 Pro - Alinitialize.php Remote File Inclusion source: https://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

ASUS AAHM 1.00.22 - asHmComSvc Unquoted Service Path

ASUS AAHM 1.00.22 - asHmComSvc Unquoted Service Path Exploit Title: ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-11 Vendor Homepage: https://www.asus.com/ Software Link...

MikroTik RouterOS 6.43.12 (stable) 6.42.12 (long-term) - Firewall and NAT Bypass

MikroTik RouterOS 6.43.12 stable 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can ...

WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)

WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting PoC Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Date: 06/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip...

Mambo Component com_registration_detailed 4.1 - Remote File Inclusion

Mambo Component comregistrationdetailed 4.1 - Remote File Inclusion Mambo comregistrationdetailed ghoz, homeedition2001, iFX, and for all friend's&enemy milw0rm.com 2006-09-16...

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution !/usr/bin/python3 Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 You only need a listener like netcat to catch the shell. Shout out to the team: Rob Simon, Justin Elze, Logan Sampson, Geoff Walton,...

Online Book Store 1.0 - Unauthenticated Remote Code Execution

Online Book Store 1.0 - Unauthenticated Remote Code Execution Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage:...

exim 4.90 - Remote Code Execution

exim 4.90 - Remote Code Execution Exploit Title: exim 4.90 - Remote Code Execution Date: 2018-10-24 Exploit Author: hackk.gr Vendor Homepage: exim.org Version: exim -1: authplainavailable = True if test: if lenl 70: sys.stdout.writel:70 + " ...\n" sys.stdout.flush else: print l.strip"\r".strip"\n...

Logitech Webcam Software 1.1 - eReg.exe Local Buffer Overflow (SEH Unicode)

Logitech Webcam Software 1.1 - eReg.exe Local Buffer Overflow SEH Unicode Title: Logitech Webcam Software 1.1 eReg.exe SEH/Unicode Buffer Overflow Date: 9-10-2015 Target tested: Windows 7 x64 Software Link: http://www.logitech.com/pub/techsupport/quickcam/lws110x64.exe Author: Robbie Corley...

Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Remote Code Execution

Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Remote Code Execution !/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage:...

BOA Web Server 0.94.14rc21 - Arbitrary File Access

BOA Web Server 0.94.14rc21 - Arbitrary File Access BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor...

PHP DateTime - Use-After-Free

PHP DateTime - Use-After-Free Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup...

Linux Kernel 2.6.10 2.6.31.5 - pipe.c Local Privilege Escalation

Linux Kernel 2.6.10 2.6.31.5 - pipe.c Local Privilege Escalation / expmoosecox.c Watch a video of the exploit here: http://www.youtube.com/watch?v=jt81NvaOj5Y developed entirely by Ingo Molnar exploit writer extraordinaire! , thanks to Fotis Loukos for pointing the bug out to me -- neat bug! :...

Shutter 0.1.1 - Multiple SQL Injections

Shutter 0.1.1 - Multiple SQL Injections || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

PHP-Nuke Module PostGuestbook 0.6.1 - tpl_pgb_moddir Remote File Inclusion

PHP-Nuke Module PostGuestbook 0.6.1 - tplpgbmoddir Remote File Inclusion PostGuestbook 0.6.1tplpgbmoddirRemote File Include Expliot D.Script: http://sourceforge.net/projects/postguestbook/ Dork: "Powered by: PostGuestbook 0.6.1" Discovered by GloDM = Mahmoodali Homepage: http://www.Tryag.cc Greet...

Centos WebPanel 7 - term SQL Injection

Centos WebPanel 7 - term SQL Injection Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10...

Sentrifugo HRMS 3.2 - id SQL Injection

Sentrifugo HRMS 3.2 - id SQL Injection Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Website: Date: 2020-03-06 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched...

Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution

Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution """ Exploit Title: Apache UNO API RCE Date: 2018-09-18 Exploit Author: sud0woodo Vendor Homepage: https://www.apache.org/ Software Link: https://www.openoffice.org/api/ Version: LibreOffice Version: 6.1.2 /...

Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference

Dnsmasq 2.50 - Heap Overflow Null Pointer Dereference -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. Advisory Information Title: Dnsmasq Heap...

Maran PHP Shop - prod.php SQL Injection

Maran PHP Shop - prod.php SQL Injection Maran PHP Shop prod.php cat SQL Injection Vulnerability url: http://www.maran.pamil-visions.com/maranshop.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational...

Zoho ManageEngine ServiceDesk Plus (SDP) 10.0 build 10012 - Arbitrary File Upload

Zoho ManageEngine ServiceDesk Plus SDP 10.0 build 10012 - Arbitrary File Upload Exploit Title: Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 - arbitrary file upload Date: 18-02-2019 Exploit Author: Dao Duy Hung [email protected] Vendor Homepage:...

PHPMailer 5.2.20 SwiftMailer 5.4.5-DEV Zend Framework zend-mail 2.4.11 - AIO PwnScriptum Remote Code Execution

PHPMailer 5.2.20 SwiftMailer 5.4.5-DEV Zend Framework zend-mail 2.4.11 - AIO PwnScriptum Remote Code Execution !/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer /...

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

ISC BIND 9 - TKEY Remote Denial of Service PoC !/usr/bin/env python Exploit Title: PoC for BIND9 TKEY DoS Exploit Author: elceef Software Link: https://github.com/elceef/tkeypoc/ Version: ISC BIND 9 Tested on: multiple CVE : CVE-2015-5477 import socket import sys print'CVE-2015-5477 BIND9 TKEY Po...

CyberArk PSMP 10.9.1 - Policy Restriction Bypass

CyberArk PSMP 10.9.1 - Policy Restriction Bypass Exploit Title: CyberArk PSMP 10.9.1 - Policy Restriction Bypass Google Dork: NA Date: 2020-02-25 Exploit Author: LAHBAL Said Vendor Homepage: https://www.cyberark.com/ Software Link: https://www.cyberark.com/ Version: PSMP = 11.1 Prerequisites Poli...

Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)

Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC Remote Code Execution', 'Description' = %q ...