50728 matches found
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rubysmb' require 'rubysmb/smb1/packet' class MetasploitModule 'MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption', 'Description' = %q This module is...
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sudo Heap-Based Buffer Overflow', 'Description' = %q A heap based buffer overflow exists in the sudo command line utility that can be exploited b...
CS Cart 4.6.2 Shell Upload
Summary CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server. This has been allcoated CVE-2017-15673 Vendor of Product...
vlbook-lfixss.txt
vlBook 1.21 ALL VERSION Multiple Remote Vulnerabilities LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Raso...
glFusion 1.1.2 SQL Injection
1 // Check user status $status = SECcheckUserStatus$userid; if $status == USERACCOUNTACTIVE || $status == USERACCOUNTAWAITINGACTIVATION $userloggedin = 1; SESSupdateSessionTime$sessid, $CONF'cookieip'; ... see SESSupdateSessionTime function near lines 418-436: ... function...
WordPress SuperStoreFinder 6.1 CSRF / Shell Upload
Exploit Title : SuperStoreFinder Wordpress Plugins CSRF File Upload Wordpress Plugins Affected : Super Store Finder | Super Interactive Maps | Super Logo Showcase Exploit Type : Cross Site Request Forgery Plugin URI: http://www.superstorefinder.net/ Version : All versions from 6.1 and below , sho...
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache 2.4.49/2.4.50 Traversal RCE scanner', 'Description' = %q This module scans for an unauthenticated RCE vulnerability which exists in Apache...
OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle
OpenSSH versions 6.8p1 to 9.9p1 contain a logic error that allow an on-path attacker a.k.a man-in-the-middle to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. OpenSSH versions 9.5p1 to 9.9p1 are vulnerable to a memory/CPU denial of service relat...
Yachtcontrol 2019-10-06 Remote Code Execution
Exploit Title: Yachtcontrol Webapplication - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2019-12-06 Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Software Link: http://download.yachtcontrol.nl/klant/Software/ &...
WikkaWiki 1.3.4 Cross Site Scripting
Advisory ID: HTB23170 Product: WikkaWiki Vendor: Wikka Development Team Vulnerable Versions: 1.3.4 and probably prior Tested Version: 1.3.4 Vendor Notification: August 21, 2013 Vendor Patch: August 31, 2013 Public Disclosure: September 11, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Backdrop CMS 1.27.1 Remote Command Execution
Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...
NagiosXI 5.6.11 Remote Command Execution
%PDF-1.5 %µµµµ 1 0 obj endobj 2 0 obj endobj 3 0 obj /ExtGState/XObject/ProcSet/PDF/Text/ImageB/ImageC/ImageI /Annots 8 0 R 9 0 R /MediaBox 0 0 595.32 841.92 /Contents 4 0 R/Group/Tabs/S/StructParents 0 endobj 4 0 obj stream xµXëoHÿnÉÿÃ|J^Ø'lUUÊ£TרݻÒ...
Fail2Ban 0.11.2 Privilege Escalation / Command Execution
If a user can execute fail2ban-client with sudo, they can achieve local privilege escalation and command injection via user-modified actions. Author: Raed Ahsan Date: 24/03/2025 Fail2Ban-client privilege-escalation """ Fail2Ban Automated Exploit Script - CVE Candidate...
vsftpd 2.3.4 Backdoor Command Execution
Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution Date: 9-04-2021 Exploit Author: HerculesRD Software Link: http://www.linuxfromscratch.org/thomasp/blfs-book-xsl/server/vsftpd.html Version: vsftpd 2.3.4 Tested on: debian CVE : CVE-2011-2523 !/usr/bin/python3 from telnetlib import Telnet...
Geeklog 2.1.0b1 SQL Injection
==================================================================================================================================== | Title : Geeklog v2.1.0b1 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | ...
Tiki Wiki CMS Groupware 21.1 Authentication Bypass
Exploit Title: Tiki Wiki CMS Groupware 21.1 - Authentication Bypass Date: 01.08.2020 1st August 2020 Exploit Author: Maximilian Barz aka. Silky Vendor Homepage: tiki.org Software Link: https://jztkft.dl.sourceforge.net/project/tikiwiki/Tiki21.xUYScuti/21.1/tiki-21.1.zip Version: 21.1 Tested on:...
MGB OpenSource Guestbook 0.6.9.1 Cross Site Scripting / SQL Injection
Advisory: MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities Advisory ID: SSCHADV2012-017 Author: Stefan Schurtz Affected Software: Successfully tested on MGB OpenSource Guestbook 0.6.9.1 Vendor URL: http://www.m-gb.org Vendor Status: fixed ========================== Vulnerability...
VidiScript Cross Site Scripting
Exploit Title: VidiScript index.php Cross Site Scripting home : http://www.D99Y.com Author: NassRawI Date: 2/3/2011 Google Dork: "Powered By VidiScript.com" Software Link: http://www.vidiscript.com/ file : index.php exploit : http://localhost/index.php?vp= XSS...
Struts2 S2-045 Remote Command Execution
! /usr/bin/env python encoding:utf-8 import urllib2 import sys from poster.encode import multipartencode from poster.streaminghttp import registeropeners def poc: registeropeners datagen, header = multipartencode"image1": open"tmp.txt", "rb" header"User-Agent"="Mozilla/5.0 Macintosh; Intel Mac OS...
MediaXxx Adult Video / Media Script SQL Injection
Exploit Title: MediaXxx Adult Video / Media Script SQL Injection Date: 19/05/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: MediaXxx http://www.mediaxxxscript.com/ Tested on: Linux Dork: "Powered by MediaXxx Mobile"...
maianguestbook-cookie.txt
-+================================================================================+- -+ Maian Guestbook = 3.2 Insecure Cookie Handling Vulnerability +- -+================================================================================+- Discovered By: S.W.A.T. E-Mail: svvateamatyahoodotcom Script...
Geeklog 2.1.0b1 Database Disclosure
==================================================================================================================================== | Title : Geeklog v2.1.0b1 database disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
Pluck 4.7.18 Remote Shell Upload
Title: pluck-4.7.18 - FI + RCE. Author: nu11secur1ty Date: 07.19.2023 Vendor: https://github.com/pluck-cms/pluck/wiki Software: https://github.com/pluck-cms/pluck Reference: https://portswigger.net/daily-swig/rce Reference: https://portswigger.net/web-security/file-upload Description: The attacke...
pligg-exec.txt
!/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print "\n"; print " Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1'; $http-envproxy; cookiejar; my $host =...
phpFoX 1.6.21 Cross Site Request Forgery
phpFoX Version 1.6.21 cross site request forgery exploit dork:Powered by phpFoX found by d14l greetz to:soul,marcoj,al0xyz,stefo,aljosha,sp1r1t,invisible greetz to all good people from my country croatia phpFoX Version 1.6.21 suffers from cross site request forgery which allows attacker to change...
Samba is_known_pipename() Code Execution
!/usr/bin/perl -w Remote Samba isknownpipename 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. Exploit By NA , NAattutanota.com The orginal bug was discovered by steelo CVE-2017-7494 https://www.samba.org/samba/security/CVE-2017-7494.html Tested on Samba 4.5.8-Debian Requirments for this exploit to run: perl...
glFusion 1.1.2 SQL Injection
= 4.1 php.ini independent our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Vulnerability, sql injection in 'order' and 'direction' arguments: look ExecuteQueries function in...
CUPS Remote Code Execution
!/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link: https://github.com/apple/cups/releases/tag/release-2.0.2 Version: \n" " -h, --help: Show this message\n" " -...
Apache + PHP 5.x Remote Code Execution Python Exploit #2
!/usr/bin/env python ap-unlock-v2.py - apache + php 5. rem0te c0de execution 0day better version NOTE: - quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range scanner not is multithreaded, but iz multithreaded ...
📄 Vasion Print / PrinterLogic 83 Vulnerabilities
Vasion Print / PrinterLogic suffers from authentication bypass, remote code execution, cross site scripting, XML injection, server-side request forgery, secret disclosure, and so many other vulnerabilities. The magnitude of this report is quite impressive and it is rare to see such a thorough...
BioTime Directory Traversal / Remote Code Execution
. . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on 9.0.1 Build:20240108.18753 BioTime, "time" for shellz! https://claroty.com/team82/disclosure-dashboard/cve-2023-38952...
📄 OpenSSH 9.8p1 Race Condition
Proof of concept race condition exploit for OpenSSH server version 9.8p1. Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It...
Service Provider Management System 1.0 SQL Injection
Exploit Title: Service Provider Management System v1.0 - SQL Injection Date: 2023-05-23 Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...
SPIP BigUp 4.3.1 Code Injection
============================================================================================================================================= | Title : SPIP BigUp 4.3.1 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...
WeBid 1.1.1 Cross Site Scripting / LDAP Injection
Exploit Title : WeBid Version 1.1.1 multiple vulnerability Author : Govind Singh aka NullPort Vendor : http://www.webidsupport.com/ Download Link : http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.1.1/WeBid-1.1.1.zip/download Google Dork : "Powered by WeBid" Date :...
ProtonMail.ch Header Injection / CSRF
SecurityAdvisory ---------------- Time Line Vulnerability ------------------------------- -Day 05-05-2014 Security Advisory = No response -Days 08 12 19-05-2014 Multiples Advisories = No Response -Day 20-05-2014 Full Disclosure Alerts summary -CRLF injection/HTTP response splitting...
ProFTPd 1.3.5 Remote Command Execution
Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Date: 25/05/2021 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21...
clipshare-rfi.txt
By Hasadya Raed Contact : RaeD At BsdMail Dot Com / GunManPump At Hotmail Dot Com ---------------------------------------------------------------------------------------------------- Script : ClipShare.v1.5.3 Dork : "Copyright © 2006 Powered By Clip-Share.Com. All rights reserved"...
PHPizabi 0.848b C1 HFP1-3 Command Execution
!/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually believed this populated those...
BlueKeep RDP Remote Windows Kernel Use-After-Free
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...
NetSurveillance Unauthorized Password Change
Exploit Title: NetSurveillance Web interface password change Google Dork: Date: 20.10.2020 Exploit Author: AsCiI Vendor Homepage: Software Link: Version: V4.02.R11.00000140.10001.131900.00000 maybe other Tested on: V4.02.R11.00000140.10001.131900.00000 Build Date:2017/12/6 9:4:23 CVE :...
ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module exploits sql and command injection vulnerability in the ManageEngine AM 14 and prior version...
Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Multiple vulnerabilities found in Wireless IP Camera P2P WIFICAM cameras and vulnerabilities in GoAhead Advisory URL: https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt Blog URL:...
MGB OpenSource Guestbook 0.7.0.2 SQL Injection
Exploit Title: MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m-gb.org/ Software Link: https://sourceforge.net/projects/mopzz-gb/files/latest/download Version: 0.7.0.2 Category: Webapps Tested on:...
snetworks-rfi.txt
+By CrackersChild+ Script.......: SNETWORKS PHP CLASSIFIEDS Page.........: http://www.snetworks.biz/ Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File İnclude Vulnerability Demo.........: http://xxxclassifieds.com/classifieds/...
Sharp Multi-Function Printer 18 Vulnerabilities
Hello, Please find a text-only version below sent to security mailing lists. The complete version on "17 vulnerabilities in Sharp Multi-Function Printers" is posted here: https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html The text version is also posted here:...
Rejetto HttpFileServer 2.3.x Remote Command Execution
Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 28-11-2020 Remote: Yes Exploit Author: Óscar Andreu Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows...
Microsoft SQL Server Reporting Services 2016 Remote Code Execution
Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Google Dork: inurl:ReportViewer.aspx Date: 2020-09-17 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft SQL Server 2016 32-bit/x64 SP2 CU/GDR, Microsoft SQL Server 2014...
Vivo Fibra Askey RTF8225VW Command Execution
--- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to the sh shell on the Vivo Fibra modem. This method essentially involves terminating the aspsh shell and invoking sh using the output of cat /dev/null. Using the pipe | is crucial for this...
Joomla JComments 3.0.5 SQL Injection
Exploit Title : Joomla JComments Components 3.0.5 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlatune.com Software Download Link : joomlatune.com/jcomments-downloads.html Software Information Link :...