41207 matches found
Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation
Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation Exploit Title: Vembu StoreGrid - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 4.0 Tested on: Windows Server 2012 StoreGrid is a re-brandable backup solution, which can install 2...
CNDSOFT 2.3 - Cross-Site Request Forgery Arbitrary File Upload
CNDSOFT 2.3 - Cross-Site Request Forgery Arbitrary File Upload ========================================================================================================= Exploit Title: CNDSOFT 2.3 - Arbitrary File Upload with CSRF shell.php Author: Besim Google Dork: - Date: 19/10/2016 Type: webap...
Intel(R) PROSetWireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation
IntelR PROSetWireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation Exploit Title: IntelR PROSet/Wireless WiFi Software - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 15.01.1000.0927 Tested on: Windows 7 Professional T...
Linux Kernel 2.6.22 3.9 - Dirty COW procselfmem Race Condition (Write Access Method)
Linux Kernel 2.6.22 3.9 - Dirty COW procselfmem Race Condition Write Access Method / dirtyc0w.c $ sudo -s echo this is not a test foo chmod 0404 foo $ ls -lah foo -r-----r-- 1 root root 19 Oct 20 15:23 foo $ cat foo this is not a test $ gcc -pthread dirtyc0w.c -o dirtyc0w $ ./dirtyc0w foo...
IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation
IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation Exploit Title: IObit Advanced SystemCare Unquoted Service Path Privilege Escalation Date: 19/10/2016 Author: Ashiyane Digital Security Team Vendor Homepage: http://www.iobit.com/en/index.php Software Link:...
Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation
Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation Exploit Title: Lenovo Slim USB Keyboard - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.09 Tested on: Windows 7 Professional The Lenovo Slim USB Keyboard service is...
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=872 Windows: DeviceApi CMApi PiCMOpenClassKey Arbitrary Registry Key Write EoP Platform: Windows 10 10586 not tested...
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure Title: ManageEngine ServiceDesk Plus Low Privileged User View All Tickets Date: 18 October 2016 Author: p0z Vendor: ManageEngine Vendor Homepage: https://www.manageengine.com/ Product: ServiceDesk Plus Version: 9.2...
The Unarchiver 3.11.1 - .tar.Z Crash (PoC)
The Unarchiver 3.11.1 - .tar.Z Crash PoC Exploit Title: The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC Date: 10-17-2016 Exploit Author: Antonio Z. Vendor Homepage: http://unarchiver.c3.cx/unarchiver Software Link: http://unarchiver.c3.cx/downloads/TheUnarchiver3.11.1.zip Version: 3.11.1 Tested on...
Microsoft Windows - DFS Client Driver Arbitrary Drive Mapping Privilege Escalation (MS16-123)
Microsoft Windows - DFS Client Driver Arbitrary Drive Mapping Privilege Escalation MS16-123 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=885 Windows: DFS Client Driver Arbitrary Drive Mapping EoP Platform: Windows 10 10586, Edge 25.10586.0.0 not tested 8.1 Update 2 or Windo...
Microsoft Windows (x86) - afd.sys Local Privilege Escalation (MS11-046)
Microsoft Windows x86 - afd.sys Local Privilege Escalation MS11-046 / Exploit Title: Windows x86 all versions AFD privilege escalation MS11-046 Date: 2016-10-16 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows XP SP3 x86 Windows XP Pro SP2 x64 Windows Server 2003 SP2 x86 Windows...
LanSpy 2.0.0.155 - Local Buffer Overflow
LanSpy 2.0.0.155 - Local Buffer Overflow !/usr/bin/python LanSpy 2.0.0.155 - Buffer Overflow Exploit by n30m1nd Date: 2016-10-18 Exploit Author: n30m1nd Vendor Homepage: www.lantricks.com Software Link: https://www.exploit-db.com/apps/42114d0f9e88ad76acaa0f145dabf923-lanspysetup.exe Version: LanS...
Microsoft Windows - DeviceApi CMApi User Hive Impersonation Privilege Escalation (MS16-124)
Microsoft Windows - DeviceApi CMApi User Hive Impersonation Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=875 Windows: DeviceApi CMApi User Hive Impersonation EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7 Class: Elevation o...
Cgiemail 1.6 - Source Code Disclosure
Cgiemail 1.6 - Source Code Disclosure !/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script...
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
Pluck CMS 4.7.3 - Cross-Site Request Forgery Add Page Exploit Title: Pluck CMS 4.7.3 - Add-Page Cross-Site Request Forgery Exploit Author: Ahsan Tahir Date: 18-10-2016 Software Link: http://www.pluck-cms.org/?file=download Vendor: http://www.pluck-cms.org/ Google Dork: "2005-2016. pluck is...
8CYmOq9FLgPopUy
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Skeleton-Exploit
Exploit information example for the Skeleton module. This is an example structure you can use to create your modules use this module as a template or create your own. Exploit Pack Copyright 2017 Juan Sacco http://exploitpack.com This example exploit structure is intented to be used as starting...
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass Persistent Cross-Site Scripting
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass Persistent Cross-Site Scripting Exploit Title: Subrion CMS 4.0.5 - CSRF Bypass to Persistent XSS and Add-Admin Date: 15-10-2016 Software Link: http://www.subrion.org/download/ Vendor: http://www.subrion.org Google Dork: "Powered by Subrion CMS...
PHP Business Directory - Multiple Vulnerabilities
PHP Business Directory - Multiple Vulnerabilities Exploit Title: PHP Business Directory - Multiple Vulnerabilities Date: 2016-10-16 Exploit Author: larrycompress Contact: [email protected] Type: webapps Platform: PHP Vendor Homepage: http://www.pagereactions.com/product.php?pku=4 Software...
Spy Emergency 23.0.205 - Unquoted Service Path Privilege Escalation
Spy Emergency 23.0.205 - Unquoted Service Path Privilege Escalation Exploit Title: Spy Emergency Unquoted Service Path Privilege Escalation Date: 15/10/2016 Author: Amir.ght Vendor Homepage: http://www.spy-emergency.com/ Software Link: http://www.spy-emergency.com/download/download.php?id=1 versi...
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation MS16-125 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=887 Windows: Diagnostics Hub DLL Load EoP Platform: Windows 10 10586, not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: The fix...
PHP Telephone Directory - Multiple Vulnerabilities
PHP Telephone Directory - Multiple Vulnerabilities Exploit Title: PHP Telephone Directory - Multiple Vulnerabilities Date: 2016-10-16 Exploit Author: larrycompress Contact: [email protected] Type: webapps Platform: PHP Vendor Homepage: http://www.pagereactions.com/product.php?pku=2 Software...
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
PHP NEWS 1.3.0 - Cross-Site Request Forgery Add Admin ========================================================================================================= Exploit Title: PHP NEWS 1.3.0 - Cross-Site Request Forgery Add Admin Author: Meryem AKDOĞAN Google Dork: - Date: 16/10/2016 Type: webapps...
PHP Image Database - Multiple Vulnerabilities
PHP Image Database - Multiple Vulnerabilities Exploit Title: PHP Image Database - Multiple Vulnerabilities Date: 2016-10-16 Exploit Author: larrycompress Contact: [email protected] Type: webapps Platform: PHP Vendor Homepage: http://www.pagereactions.com/product.php?pku=3 Software Link:...
Linux Kernel 4.5.1 - Off-By-One (PoC)
Linux Kernel 4.5.1 - Off-By-One PoC / EDB Note Download: http://cyseclabs.com/exploits/matreshka.c Blog http://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit / / Quick and dirty PoC for CVE-2016-6187 heap off-by-one PoC By Vitaly Nikolenko [email protected] There's no privilege...
NETGATE Data Backup build 3.0.605 - Unquoted Service Path Privilege Escalation
NETGATE Data Backup build 3.0.605 - Unquoted Service Path Privilege Escalation Exploit Title: NETGATE Data Backup Unquoted Service Path Privilege Escalation Date: 15/10/2016 Author: Amir.ght Vendor Homepage: http://www.netgate.sk/ Software Link: http://www.netgate.sk/download/download.php?id=5...
NETGATE Registry Cleaner 16.0.205 - Unquoted Service Path Privilege Escalation
NETGATE Registry Cleaner 16.0.205 - Unquoted Service Path Privilege Escalation Exploit Title: NETGATE Registry Cleaner Unquoted Service Path Privilege Escalation Date: 15/10/2016 Author: Amir.ght Vendor Homepage: http://www.netgate.sk/ Software Link: http://www.netgate.sk/download/download.php?id...
NETGATE AMITI Antivirus 23.0.305 - Unquoted Service Path Privilege Escalation
NETGATE AMITI Antivirus 23.0.305 - Unquoted Service Path Privilege Escalation Exploit Title: NETGATE AMITI Antivirus Unquoted Service Path Privilege Escalation Date: 15/10/2016 Author: Amir.ght Vendor Homepage: http://www.netgate.sk/ Software Link: http://www.netgate.sk/download/download.php?id=1...
Simple Dynamic Web 0.1 - SQL Injection
Simple Dynamic Web 0.1 - SQL Injection Exploit Title.............. Simple Dynamic Web SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
Simple Forum PHP 2.4 - Cross-Site Request Forgery Edit Options document.forms0.submit;...
Wondershare PDFelement 5.2.9 - Unquoted Service Path Privilege Escalation
Wondershare PDFelement 5.2.9 - Unquoted Service Path Privilege Escalation Exploit Title: Wondershare PDFelement Unquoted Service Path Privilege Escalation Date: 10/14/2016 Author: Saeed Hasanzadeh Net.Hun73r Vendor Homepage: https://www.wondershare.com/ Software Link:...
Web Based Alumni Tracking System 0.1 - SQL Injection
Web Based Alumni Tracking System 0.1 - SQL Injection Exploit Title.............. Web Based Alumni Tracking System Multiple Vulnerability Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...
Learning Management System 0.1 - Authentication Bypass
Learning Management System 0.1 - Authentication Bypass Exploit Title.............. Learning Management System Auth Bypass Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...
Simple Shopping Cart Application 0.1 - SQL Injection
Simple Shopping Cart Application 0.1 - SQL Injection Exploit Title.............. Simple Shopping Cart Application SQL Injection Google Dork................ inurl:"product-details.php?prodid=" "Designed by FBC Students" Date....................... 14/10/2016 Exploit Author............. lahilote...
NO-IP DUC 4.1.1 - Unquoted Service Path Privilege Escalation
NO-IP DUC 4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link :...
Health Record System 0.1 - Authentication Bypass
Health Record System 0.1 - Authentication Bypass Exploit Title.............. Health Record System Auth Bypass Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10430 Software...
Student Information System (SIS) 0.1 - Authentication Bypass
Student Information System SIS 0.1 - Authentication Bypass Exploit Title............... Student Information System SIS Auth Bypass Google Dork................. N/A Date........................ 14/10/2016 Exploit Author.............. lahilote Vendor Homepage...
Simple Forum PHP 2.4 - SQL Injection
Simple Forum PHP 2.4 - SQL Injection ===================================================== Simple Forum PHP 2.4 - SQL Injection ===================================================== Vendor Homepage: http://simpleforumphp.com Date: 14 Oct 2016 Demo Link : http://simpleforumphp.com/forum/admin.php...
Graylog Collector 0.4.2 - Unquoted Service Path Privilege Escalation
Graylog Collector 0.4.2 - Unquoted Service Path Privilege Escalation Exploit Title: Graylog Collector Service Path Privilege Escalation Date: 10/14/2016 Exploit Author: Joey Lane Software Link: https://github.com/Graylog2/collector Version: 0.4.2 Tested on: Windows Server 2012 R2 Graylog Collecto...
School Full CBT 0.1 - SQL Injection
School Full CBT 0.1 - SQL Injection Exploit Title.............. School Full CBT SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/9859 Software Link...
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery Persistent Cross-Site Scripting
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: YouTube Automated CMS 1.0.1 / 1.0.7 - CSRF to Persistent XSS Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link:...
Fashion Shopping Cart 0.1 - SQL Injection
Fashion Shopping Cart 0.1 - SQL Injection Exploit Title.............. Fashion Shopping Cart SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10435 Software...
Mozilla Firefox 49.0.1 - Denial of Service
Mozilla Firefox 49.0.1 - Denial of Service ''' Title: Firefox 49.0.1 crash Denial of Service Date: 15 Oct 2016 Author: sultan albalawi video: https://www.facebook.com/pentest3/videos/vb.100012552940568/199310163830747/?type=2&theater Tested on:win7 Open link in firefox Double click on the Click Y...
SolidWorks-Workgroup-PDM-2014
Title: SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability Date: 2-21-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.solidworks.com/sw/products/product-data-management/workgroup-pdm.htm Tested on: Windows 7 Vulnerability type: Arbitrary...
Symantec-PcAnywhere-12.5.0
Exploit Title: Symantec PcAnywhere login and password field buffer overflow Date: 2012.06.27 Software Link: symantec.com Version: 12.5.0 Tested on: Windows XP SP2 import socket import time import struct import string import sys shell = "\xda\xda\xbb\x9e\x7f\xfb\x04\xd9\x74\x24\xf4\x58\x2b\xc9"...
Colorful Blog - Persistent Cross-Site Scripting
Colorful Blog - Persistent Cross-Site Scripting Exploit Title : ----------- : Colorful Blog - Stored Cross Site Scripting Author : ----------------- : Besim Google Dork : --------- : - Date : -------------------- : 13/10/2016 Type : -------------------- : webapps Platform : --------------- : PHP...
Simple Blog PHP 2.0 - Multiple Vulnerabilities
Simple Blog PHP 2.0 - Multiple Vulnerabilities ===================================================== Simple Blog PHP 2.0 - CSRFAdd Post // Stored XSS ===================================================== Vendor Homepage: http://simpleblogphp.com/ Date: 13 Oct 2016 Demo Link :...
ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation
ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation ---------------------------------------------------------------------------------------------------------- Exploit Title: ASLDRService ATK Hotkey- Privilege Escalation Unquoted Service Path Date: 13/10/2016 Exploit Auth...
InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation
InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation Exploit Title: InsOnSrv Asus InstantOn- Privilege Escalation Unquoted Service Path vulnerability Date: 13/10/2016 Exploit Author : Cyril Vallicari Vendor Homepage: www.asus.com Version: 2.3.1.1 Tested on: Windows 7 x64 S...
ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation
ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation Exploit Title: ATKGFNEXSrv ATKGFNEX- Privilege Escalation Unquoted Service Path vulnerability Date: 13/10/2016 Exploit Author : Cyril Vallicari Vendor Homepage: www.asus.com Version: 1.0.11.1 Tested on: Windows 7 x64 SP1 b...