56796 matches found
Joomla Akeeba Kickstart Unserialize Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' require 'json' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...
Konke Smart Plug K - Authentication Bypass Vulnerability
No description provided by source. ----------------------------------------------------------------------- Konke Smart Plug Authentication Bypass Vulnerability ----------------------------------------------------------------------- Author : gamehacker&zixian Mail :...
Ammyy Admin 3.5 - RCE
No description provided by source. Mirror: http://www.exploit-db.com/sploits/aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is well known for being the software that many fake tech support phone scammers...
Citrix NetScaler SOAP Handler Remote Code Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include...
Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation
No description provided by source. Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 8.7.6.792 Summary: O2 Connection Manager will help you to manage your...
Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Vulnerability
No description provided by source. Telefonica O2 Connection Manager 3.4 Local Privilege Escalation Vulnerability Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 3.4.R1 108 Summary: O2 Connection Manager will help you to manage your...
Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/local/windowskernel' require 'rex' class Metasploit3 Msf::Exploit::Local Rank =...
Comodo Internet Security - HIPS/Sandbox Escape PoC
No description provided by source. Exploit: http://www.joxeankoret.com/download/comodosandboxescape/sandboxtest1.tar.gz Mirror: www.exploit-db.com/sploits/sandboxtest1.tar.gz Video: http://www.joxeankoret.com/download/comodosandboxescape/video/sandboxescape1.htm...
MS14-060 Microsoft Windows OLE Package Manager Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include...
Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2
No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
Free WMA MP3 Converter 1.8 (.wav) - Buffer Overflow
No description provided by source. !/usr/bin/env python Free WMA MP3 Converter 1.8 Buffer Overflow Version:1.8 Build 20140226 Author:metacom Date:10.23.2014 Download:http://www.eusing.com/freewmaconverter/mp3wmaconverter.htm Tested on:Win7-En 32bit - Win8.1-DE 64bit import struct def...
Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass and Privilege Escalation
No description provided by source. Filemaker Login Bypass and Privilege Escalation ======================================================================= ADVISORY INFORMATION Title: Filemaker Login Bypass and Privilege Escalation Discovery date: 19/10/2014 Release date: 19/10/2014 Vendor Homepag...
i-FTP 2.20 - Buffer Overflow SEH Exploit
No description provided by source. !/usr/bin/python Exploit Title:i-FTP Buffer Overflow SEH Homepage:http://www.memecode.com/iftp.php Software Link:www.memecode.com/data/iftp-win32-v220.exe Version:i.Ftp v2.20 Win32 Release Vulnerability discovered:26.10.2014 Description:Simple portable cross...
IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation
No description provided by source. !/bin/sh Title: IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit CVE: CVE-2013-5467 Vendor Homepage: http://www-03.ibm.com/software/products/pl/tivomoni Author: Robert Jaroszuk Tested on: RedHat 5, Centos 5 Vulnerable version: IBM Tivoli...
Windows OLE Package Manager SandWorm Exploit
No description provided by source. !/usr/bin/env python import os import zipfile import sys ''' Full Exploit: http://www.exploit-db.com/sploits/35019.tar.gz Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on: Linux/MacOSX Date:...
Drupal Core <= 7.32 - SQL Injection (PHP)
No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...
Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2014-10-01 Bosch Security Systems DVR 630/650/670 Series Multiple Vulnerabilities Device: "Th...
Drupal Core <= 7.32 - SQL Injection (#1)
No description provided by source...
Croogo 2.0.0 - Arbitrary PHP Code Execution Exploit
No description provided by source. !/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT...
ZTE ZXDSL-931VII - Unauthenticated Configuration Dump
No description provided by source. Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
No description provided by source. Document Title: =============== Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1303 Release Date: ============= 2014-10-13 Vulnerability Laboratory ID VL-ID:...
iFunBox Free 1.1 iOS - File Inclusion Vulnerability
No description provided by source. Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID:...
File Manager 4.2.10 iOS - Code Execution Vulnerability
No description provided by source. Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...
Feng Office 1.7.4 - Arbitrary File Upload
No description provided by source...
Dell EqualLogic Storage - Directory Traversal
No description provided by source. Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage Date: 09/2013 Exploit Author: Mauricio Pampim Corr�a Vendor Homepage: www.dell.com Version: 6.0 Tested on: Equipment Model Dell EqualLogic PS4000 CVE : CVE-2013-3304 The malicious...
Drupal Core <= 7.32 - SQL Injection (#2)
No description provided by source. !/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and t...
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection
No description provided by source. Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164 Author: Dave FW/FG The vulnerabilit...
Folder Plus 2.5.1 iOS - Persistent XSS Vulnerability
No description provided by source. Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID:...
ncredible PBX 2.0.6.5.0 - Remote Command Execution
No description provided by source. !/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a...
Feng Office 1.7.4 - Cross Site Scripting Vulnerabilities
No description provided by source...
WebDisk+ 2.1 iOS - Code Execution Vulnerability
No description provided by source. Document Title: =============== WebDisk+ v2.1 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1349 Release Date: ============= 2014-10-23 Vulnerability Laboratory ID VL-ID:...
Wordpress CP Multi View Event Calendar 1.01 - SQL Injection
No description provided by source. Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip Date : 2014-10-23 Tested on : Windows 7 / Mozilla Firefox Windows 7 /...
Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF
No description provided by source. !-- Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Exploit author: Emmanuel Law Public Disclosure Date : 20/10/14 Vendor homepage: http://www.axway.com Affected Software version: Axway Secure Transport 5.2.1 SP2 and possibly earlier...
Change CMS 3.6.8 - Multiple CSRF Vulnerabilities
No description provided by source. Exploit Title: RBS Change Complet Open Source multiple CSRF vulnerabilities POST and GET Date: 10/10/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...
Creative Contact Form - Arbitrary File Upload
No description provided by source. ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...
vBulletin Tapatalk - Blind SQL Injection
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 :...
Dell SonicWall GMS 7.2.x - Code Injection
No description provided by source. Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...
Mulesoft ESB Runtime 3.5.1 - Privilege Escalation Vulnerability
No description provided by source. Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code Execution Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoin...
HttpCombiner ASP.NET - Remote File Disclosure Vulnerability
No description provided by source. Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...
Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability
No description provided by source...
MAARCH 1.4 - Arbitrary File Upload
No description provided by source. / Exploit Title: Maarch 1.4 Arbitrary file upload Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html Vendor...
MAARCH 1.4 - SQL Injection
No description provided by source. / Exploit Title: Maarch 1.4 SQL Injection Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory: http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html Vendor Homepage...
Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080...
PHP-Fusion 7.02.07 - SQL Injection
No description provided by source. Exploit Title: PHP-Fusion 7.02.07 SQL Injection Date: 06/11/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.php-fusion.co.uk Software Link: http://ufpr.dl.sourceforge.net/project/php-fusion/PHP-Fusion%20Archives/7.x/ PHP-Fusion-7.02.07.zip Version:...
Password Manager Pro / Pro MSP - Blind SQL Injection
No description provided by source. Authenticated blind SQL injection in Password Manager Pro / Pro MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Last updated:...
Enalean Tuleap 7.2 - XXE File Disclosure
No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...
WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS Vulnerability
No description provided by source. Exploit Title: SupportEzzy Ticket System - WordPress Plugin Stored XSS Vulnerability Date: 12-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.2.5 Vendor Homepage: http://codecanyon.net/item/supportezzy-ticket-system-wordpress-plugin/8908617 Software Test...
Mouse Media Script 1.6 0 - Stored XSS Vulnerability
No description provided by source. Exploit Title: Mouse Media Script Stored XSS Vulnerability Google Dork: "is your best source of fun." inurl:/view/popular Date: 04-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.6 Software Link: http://codecanyon.net/item/mouse-media-script/7773254 Softwar...
phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities
No description provided by source. Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117 Software Test Link:...