50784 matches found
Ubuntu Overlayfs Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule '2021 Ubuntu Overlayfs LPE', 'Description' = %q This module exploits a vulnerability in Ubuntu's implementation of overlayfs. The vulnerability is...
Joomla WordPress Blog 4.8.0 SQL Injection
Exploit Title : Joomla WordPress Blog 4.8.0 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/02/2019 Vendor Homepage : cms2cms.com - corephp.com Software Download Link : corephp.com/joomla-products/wordpress-for-joomla/buy-now/new Software...
Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution
!/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten The exploit support only x64 target Tested on: - Windows...
Oracle WebLogic Server Remote Code Execution
!/usr/bin/python3 Exploit Title: Oracle WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request Exploit Author: Nguyen Jang CVE: CVE-2020-14882 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...
Realtek Managed Switch Controller RTL83xx Stack Overflow
SOT Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o boundary check. all FW...
Dojo Toolkit 1.13 Cross Site Scripting
Advisory ID: SYSS-2018-010 Product: Dojo Toolkit Manufacturer: JS Foundation Affected Versions: 1.13 Tested Versions: 1.13, 1.10.7 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2018-07-02 Solution Date: 2018-10-13 Public...
WordPress Core Cross Site Scripting / SQL Injection
Description: SQL Injection via Links LIMIT clause Affected Versions: WordPress Core 6.0.2 Researcher: FVD CVE ID: Pending CVSS Score: 8.0 High CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Fully Patched Version: 6.0.2 The WordPress Link functionality, previously known as “Bookmarks”, i...
Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation
!/usr/bin/env python3 """ Microsoft Exchange Server msExchEcpCanary Cross Site Request Forgery Elevation of Privilege Vulnerability CVE: CVE-2021-24085 Summary This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft Exchange Server. Authentication and...
Bludit Panel Brute Forcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bludit Panel Brute force', 'Description' = %q This Module performs brute force attack on Bludit Panel. , 'Author' = 'Eren Simsek ', 'License' =...
PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection
Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 import sys import requests impo...
Backdoor.Win32.Burbul.b Authentication Bypass / Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7aB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Burbul.b Vulnerability: Authentication Bypass MITM Port Bounce Scan Description: The...
Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery
Libtaxii version = 1.1.117 & OpenTaxi =0.2.0 Blind SSRF Details ======================================================================================== Product: Security-Risk: High Remote-Exploit: yes Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii...
Barco wePresent Hardcoded API Credentials
KL-001-2020-004 : Barco wePresent Hardcoded API Credentials Title: Barco wePresent Hardcoded API Credentials Advisory ID: KL-001-2020-004 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt 1. Vulnerability Details Affected Vendor: Barco...
libxml2 xmlParseNameComplex Integer Overflow
libxml2: Integer overflow in xmlParseNameComplex libxml2 is vulnerable to an integer overflow in xmlParseNameComplex when an attribute list has a very long name name is = 232 characters. static const xmlChar xmlParseNameComplexxmlParserCtxtPtr ctxt int len = 0, l; ... return xmlDictLookupctxt-dic...
Crystal Shard http-protection 0.2.0 IP Spoofing Bypass
Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...
Opencart 2.3.0.2 Pre-Auth Remote Command Execution
!/usr/bin/perl -w Opencart 2.3.0.2 Pre-Auth Remote Command Execution CLI Exploit Copyright 2019 c Todor Donev test@localhost opencart$ perl opencartrce.pl http://192.168.1.1/oc2302/ Opencart 2.3.0.2 Pre-Auth Remote Command Execution CLI Exploit...
Roxy-WI Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command injection...
Monospace Directus Headless CMS File Upload / Rule Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because ...
Laravel 8.4.2 Remote Code Execution
Exploit Title: Laravel 8.4.2 debug mode - Remote code execution Date: 1.14.2021 Exploit Author: SunCSR Team Vendor Homepage: https://laravel.com/ References: https://www.ambionics.io/blog/laravel-debug-rce https://viblo.asia/p/6J3ZgN8PKmB Version: = 8.4.2 Tested on: Ubuntu 18.04 + nginx + php 7.4...
Fuel CMS 1.4.1 Remote Code Execution
Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution 3 Exploit Author: Padsala Trushal Date: 2021-11-03 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: ',epilog=f'EXAMPLE - python3 sys.argv0 -u http://10.10.21.74'...
Chromium 83 CSP Bypass
Title: Chromium 83 - Full CSP Bypass Date: 02/09/2020 Exploit Author: Gal Weizman Vendor Homepage: https://www.chromium.org/ Software Link: https://download-chromium.appspot.com/ Version: 83 Tested On: Mac OS, Windows, iPhone, Android CVE: CVE-2020-6519 function var payload = top.SUCCESS = true;...
BeyondTrust Remote Code Execution
This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. This module requires...
BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system which allows participants of a conference with permissions to upload presentations to read arbitrary files from the file...
Zabbix 5.x SQL Injection / Cross Site Scripting
Exploit Title: Zabbix all version / Multiple Vulnerabilities Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: Jul 23th, 2021 CVSS: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Version: Zabbix 1.x, 2.x, 3.x, 4,x 5.x Risk: High 9.0 Vendor Homepage: https://www.zabbix.com/...
WordPress Simple File List 5.4 Shell Upload
!/usr/bin/python -- coding: utf-8 -- Exploit Title: Wordpress Plugin Simple File List 5.4 - Arbitrary File Upload Date: 2020-11-01 Exploit Author: H4rk3nz0 based off exploit by coiffeur Original Exploit: https://www.exploit-db.com/exploits/48349 Vendor Homepage: https://simplefilelist.com/ Softwa...
📄 GNU Screen 4.5.0 Local Privilege Escalation
GNU Screen version 4.5.0 local privilege escalation exploit that leverages shared library loading. GNU Screen 4.5.0 Local Privilege Escalation Exploit CVE-2017-5618 📌 Overview Local privilege escalation exploit for GNU Screen 4.5.0 that hijacks shared library loading to gain root access via...
Apache NiFi API Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Potential Improvements: Add option to authenticate using client certificate Add a scanner module? class MetasploitModule 'Apache NiFi API Remote Code Execution',...
HFS (HTTP File Server) 2.3.x Remote Code Execution
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
ManageEngine ADSelfService Plus Authentication Bypass / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus CVE-2021-40539', 'Description' = %q This module exploits CVE-2021-40539, a REST API authentication bypass...
BMW Online Cross Site Scripting
Document Title: =============== BMW Online Mail - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2262 Vulnerability Magazine:...
WordPress Canto 1.3.0 Server-Side Request Forgery
Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...
PHP Remote Code Execution
Exploit Title: PHP Windows Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://www.php.net/downloads.php Version: PHP 8.3, ', '' headers = 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:123.0 Gecko/20100101 Firefox/123.0', 'Content-Type':...
Hikvision IP Camera Backdoor
Exploit Title: Hikvision IP Camera - Backdoor Date: 14/03/2022 Exploit Author: Sobhan Mahmoodi Reference: https://ipvm.com/reports/hik-exploit GitHub: https://github.com/bp2008/HikPasswordHelper/ Hikvision included a magic string that allowed instant access to any camera, regardless of what the...
WordPress 5.0.0 Remote Code Execution
Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...
H2 Web Interface Create Alias Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'H2 Web Interface Create Alias RCE', 'Description' = %q The H2 database contains an alias function which allows for arbitrary Java code to be used...
Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection
!/usr/bin/perl -w Cisco Content Security Management Virtual Appliance M600V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the...
Trojan-Spy.Win32.KeyLogger.qt Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/de613b96174056ef22b42e112d0e61a5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.KeyLogger.qt Vulnerability: Insecure Permissions Description: KeyLogger.qt creates ...
Zyxel NWA/NAP/WAC Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded FTP Credentials product: Zyxel NWA/NAP/WAC wireless access point series vulnerable version: see "Vulnerable / tested version" fixed version: see "Solution" CVE...
MiniCMS 1.10 Cross Site Scripting
Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS Date: 2019-7-4 Exploit Author: yudp Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:https://github.com/bg5sbk/MiniCMS Version: 1.10 CVE :CVE-2019-13339 Payload:alert"3: "+document.domain In /MiniCMS/mc-admin/page-edit.php POC...
Unified Remote Authentication Bypass / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unified Remote Auth Bypass to RCE', 'Description' = %q This module utilizes the Unified Remote remote control protocol to type out and deploy a...
Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Unauthenticated SQL Injection Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public Disclosure: 01...
Remote Desktop Web Access Authentication Timing Attack
!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...
Company Visitor Management System (CVMS) 1.0 SQL Injection
Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Date: 2020-07-20 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/company-visitor-management-system-using-php-and-mysql/...
VMware NSX Manager XStream Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware NSX Manager XStream unauthenticated RCE', 'Description' = %q VMware Cloud Foundation NSX-V contains a remote code execution vulnerability...
Bludit 3.9.2 Bruteforce Mitigation Bypass
!/usr/bin/python3 Exploit Title: Bludit = 3.9.2 - Bruteforce Mitigation Bypass Author: ColdFusionX Mayank Deshmukh Author website: https://coldfusionx.github.io Date: 2020-10-19 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: ...
Glibc Tunables Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 561, '3602eac894717d56555552c84fc6b0e4d6a4af72' = 561, 'a99db3715218b641780b04323e4ae5953d68a927' = 561, 'a8daca28288575ffc8c7641d40901b0148958fb1...
SugarCRM 6.5.18 Cross Site Scripting
Document Title: =============== SugarCRM v6.5.18 - Contacts Persistent Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2249 Release Date: ============= 2020-11-16 Vulnerability Laboratory ID VL-ID:...
BoastMachine 3.1 Shell Upload
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Exploit Title : boastMachine v3.1 Remote File Upload Vulnerability Author: alnjm33 Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip Software...
7-Zip 21.07 Code Execution / Privilege Escalation
Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kagan Capar Date: 2020-04-12 Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...
WordPress Core 5.8.2 SQL Injection
Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Date: 11/01/2022 Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.8.3 Tested on: Windows 10 CVE : CVE-2022-21661 VULNERABILITY DETAILS : This...