41207 matches found
SpotFTP Password Recover 2.4.2 - Name Denial of Service (PoC)
SpotFTP Password Recover 2.4.2 - Name Denial of Service PoC Exploit Title: SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-04 Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/spotftpsetup.exe...
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery Send SMS Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Date: 01/07/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version:...
Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - Cross-Site Request Forgery
Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - Cross-Site Request Forgery...
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data Exploit Title: Ajera Timesheets = 9.10.16 - Deserialization of untrusted data Date: 2019-01-03 Exploit Author: Anthony Cole Vendor Homepage: https://www.deltek.com/en/products/project-erp/ajera Version: = 9.10.16 Contact:...
BlueAuditor 1.7.2.0 - Key Denial of Service (PoC)
BlueAuditor 1.7.2.0 - Key Denial of Service PoC Exploit Title: BlueAuditor 1.7.2.0 - 'Key' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-04 Vendor Homepage: www.nsauditor.com Software Link : http://www.nsauditor.com/downloads/blueauditorsetup.exe Tested Version: 1.7.2....
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Date: 12/31/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on...
LayerBB 1.1.1 - Persistent Cross-Site Scripting
LayerBB 1.1.1 - Persistent Cross-Site Scripting Exploit Title: LayerBB 1.1.1 - Cross-Site Scripting Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=26 Version: 1.1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-17997...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Date: 21/12/2018 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ Vendor: ChinaMobile...
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery Cross-Site Scripting
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: phpMoAdmin 1.1.5 - MongoDB GUI | Multiple Vulnerabilities Date: 03.01.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmoadmin.com Software Link: http://www.phpmoadmin.com/file/phpmoadmin.z...
Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - JSHTML Code Injection
Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - JSHTML Code Injection function su...
Embed Video Scripts - Persistent Cross-Site Scripting
Embed Video Scripts - Persistent Cross-Site Scripting Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor...
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation dbus Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47165.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses dbus service technique ---...
Linux Kernel 4.15.x 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (polkit Method)
Linux Kernel 4.15.x 4.19.2 - mapwrite CAPSYSADMIN Local Privilege Escalation polkit Method !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique ---...
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
Microsoft Windows - Windows Error Reporting Local Privilege Escalation Make sure to copy the file report.wer found in the folder PoC-Files in the same folder as the executable before running it... I guess I could have included it as a resource in the exe.. but whatever. Example:...
WebKit JSC - AbstractValue::set Use-After-Free
WebKit JSC - AbstractValue::set Use-After-Free indexingType; mtype = speculationFromStructurestructure.get; mvalue = JSValue; checkConsistency; assertIsRegisteredgraph; It works out marrayModes using structure-indexingType instead of structure-indexingMode. As structure-indexingType masks out the...
NBMonitor Network Bandwidth Monitor 1.6.5.0 - Name Denial of Service (PoC)
NBMonitor Network Bandwidth Monitor 1.6.5.0 - Name Denial of Service PoC Exploit Title: NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service PoC Author: Luis Martinez Date: 2018-12-27 Vendor Homepage: www.nsauditor.com Software Link :...
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
EZ CD Audio Converter 8.0.7 - Denial of Service PoC Exploit Title: EZ CD Audio Converter 8.0.7 - Denial of Service PoC Date: 2018-12-30 Exploit Author: Achilles Vendor Homepage: https://www.poikosoft.com/ Software Link : https://download.poikosoft.com/ezcdaudioconvertersetupx64.exe Exploit Author...
Frog CMS 0.9.5 - Cross-Site Scripting
Frog CMS 0.9.5 - Cross-Site Scripting Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Date: 2018-12-25 Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under...
Vtiger CRM 7.1.0 - Remote Code Execution
Vtiger CRM 7.1.0 - Remote Code Execution Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Date: 2018-12-27 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link:...
WordPress Plugin Adicon Server 1.2 - selectedPlace SQL Injection
WordPress Plugin Adicon Server 1.2 - selectedPlace SQL Injection Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Date: 2018-12-28 Software Link: https://wordpress.org/plugins/adicons/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.2 Category: webapps...
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
Ayukov NFTP FTP Client 2.0 - Buffer Overflow...
WebKit JSC - JSArray::shiftCountWithArrayStorage Out-of-Bounds ReadWrite
WebKit JSC - JSArray::shiftCountWithArrayStorage Out-of-Bounds ReadWrite / bool JSArray::shiftCountWithArrayStorageVM& vm, unsigned startIndex, unsigned count, ArrayStorage storage unsigned oldLength = storage-length; RELEASEASSERTcount hasHoles && this-structurevm-holesMustForwardToPrototypevm,...
GDB-Connector
GDB Connector is a remote script to use for controlling a remote target and debug an exploit on a target directly from Exploit Pack. Copy this script to your target and execute it to connect back to your framework. Shell Script created using Exploit Pack http://www.exploitpack.com -...
Reverse-Shell
Establish a reverse shell and get persistance on your target using this script,copy this script to your target and leave it run it on the background after a successfull exploitation. Multi-sessions are supported. Shell Script created using Exploit Pack http://www.exploitpack.com -...
Deepin Linux 15 - lastore-daemon Local Privilege Escalation
Deepin Linux 15 - lastore-daemon Local Privilege Escalation !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in...
VMware WorkstationPlayer 12.5.5 - Local Privilege Escalation
VMware WorkstationPlayer 12.5.5 - Local Privilege Escalation !/bin/bash VMware Workstation Local Privilege Escalation exploit CVE-2017-4915 - https://www.vmware.com/security/advisories/VMSA-2017-0009.html - https://www.exploit-db.com/exploits/42045/ Affects: - VMware Workstation Player...
Linux Kernel 4.4.0 4.8.0 (Ubuntu 14.0416.04 Linux Mint 1718 Zorin) - Local Privilege Escalation (KASLR SMEP)
Linux Kernel 4.4.0 4.8.0 Ubuntu 14.0416.04 Linux Mint 1718 Zorin - Local Privilege Escalation KASLR SMEP // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on: // - Ubuntu trusty 4.4.0 kernels // - Ubuntu xenial 4.4.0 and...
Linux Kernel 4.8.0-34 4.8.0-45 (Ubuntu Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 4.8.0-45 Ubuntu Linux Mint - Packet Socket Local Privilege Escalation // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on Ubuntu / Linux Mint: // - 4.8.0-34-generic // - 4.8.0-36-generic // - 4.8.0-39-generic // -...
Linux Kernel 4.4.0-21 4.4.0-51 (Ubuntu 14.0416.04 x86-64) - AF_PACKET Race Condition Privilege Escalation
Linux Kernel 4.4.0-21 4.4.0-51 Ubuntu 14.0416.04 x86-64 - AFPACKET Race Condition Privilege Escalation / chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offset...
Product Key Explorer 4.0.9 - Denial of Service (PoC)
Product Key Explorer 4.0.9 - Denial of Service PoC Exploit Title: Product Key Explorer 4.0.9 - Denial of Service PoC Date: 2018-12-25 Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Contact:...
Iperius Backup 5.8.1 - Buffer Overflow (SEH)
Iperius Backup 5.8.1 - Buffer Overflow SEH...
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricte...
MAGIX Music Editor 3.1 - Buffer Overflow (SEH)
MAGIX Music Editor 3.1 - Buffer Overflow SEH Exploit Title: MAGIX Music Editor 3.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Date: 2018-12-24 Vulnerable Software: MAGIX Music Editor 3.1 Vendor Homepage: https://www.magix.com/us/ Version: 3.1 Software Link:...
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)
Terminal Services Manager 3.1 - Local Buffer Overflow SEH...
ShareAlarmPro 2.1.4 - Denial of Service (PoC)
ShareAlarmPro 2.1.4 - Denial of Service PoC Exploit Title:ShareAlarmPro 2.1.4 - Denial of Service PoC Date: 2018-12-25 Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://sharealarm.nsauditor.com/downloads/sharealarmprosetup.exe Contact: https://twitter.com/T3jv1l...
bludit Pages Editor 3.0.0 - Arbitrary File Upload
bludit Pages Editor 3.0.0 - Arbitrary File Upload Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Date: 2018-10-02 Google Dork: N/A Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST...
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Exploit Title: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/baggage-freight/ Exploit Author: Kaimi Website:...
Craft CMS 3.0.25 - Cross-Site Scripting
Craft CMS 3.0.25 - Cross-Site Scripting Exploit Title: Craft CMS 3.0.25 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-20 Exploit Author: Raif Berkay Dincel Contact: www.raifberkaydincel.com More Details 1 :...
NetShareWatcher 1.5.8 - Denial of Service (PoC)
NetShareWatcher 1.5.8 - Denial of Service PoC Exploit Title: NetShareWatcher 1.5.8 - Denial of Service PoC Date: 2018-12-25 Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Contact:...
ycVxpXedN5ngh9E
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
WSTMart 2.0.8 - Cross-Site Scripting
WSTMart 2.0.8 - Cross-Site Scripting Exploit Title: WSTMart 2.0.8 - Cross-Site Scripting Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage: https://github.com/wstmall/wstmart/ Software Link: http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE: CVE-2018-20367 0x01 stored XSS PoC Functi...
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE...
FrontAccounting 2.4.5 - SubmitUser SQL Injection
FrontAccounting 2.4.5 - SubmitUser SQL Injection Exploit Title: FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Google Dork: N/A Date: 2018-12-22 Exploit Author: Sainadh Jamalpur Vendor Homepage: http://frontaccounting.com/ Software Link: https://sourceforge.net/projects/frontaccounting/...
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution PoC Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46051.zip Password: infected...
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Angry IP Scanner for Linux 3.5.3 - Denial of Service PoC Exploit Title: Angry IP Scanner for Linux 3.5.3 - Denial of Service PoC Discovery by: Mr Winst0n Discovery Date: 2018-12-22 Vendor Homepage: https://angryip.org/ Software Link : https://angryip.org/download/ Tested Version: 3.5.3 latest...
SQLScan 1.0 - Denial of Service (PoC)
SQLScan 1.0 - Denial of Service PoC Exploit Title: McAfee Foundstone SQLScan - Denial of Service PoC and EIP record overwrite Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: http://www.mcafee.com/us/downloads/free-tools/sqlscan.aspx Software Link :...
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done...
Netatalk 3.1.12 - Authentication Bypass
Netatalk 3.1.12 - Authentication Bypass Exploit Title: Netatalk Authentication Bypass Date: 12/20/2018 Exploit Author: Jacob Baines Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 Tested on: Seagate NAS OS...