39001 matches found
Zimbra UnRAR Path Traversal Exploit
This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitra...
ManageEngine OpManager SumPDU Java Deserialization Exploit
An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also...
jquery.uploadify-v2.1.4 Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------------- jquery.uploadify-v2.1.4 Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author = Zikou-16...
Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit
This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is...
Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion Exploit
Qualcomm Adreno/KGSL suffers from an unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr. Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05,...
Mida Solutions eFramework 2.9.0 XSS / Code Execution / SQL Injection Vulnerabilities
Mida Solutions eFramework versions 2.9.0 and below suffer from command execution, cross site scripting, denial of service, remote SQL injection, and path traversal vulnerabilities. ============================================= Title: Mida Solutions eFramework Multiple Vulnerabilities Author: Andr...
YouPHPTube 7.7 SQL Injection Vulnerability
Exploit for php platform in category web applications ---------------------------------------------------------------- YouPHPTube = 7.7 getChat.json.php SQL Injection Vulnerability ---------------------------------------------------------------- - Software Link: https://www.youphptube.com -...
iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection Vulnerability
Exploit for java platform in category remote exploits Product: iText PDF Library Vendor: iText Group CVE ID: CVE-2017-9096 Subject: XML External Entity Attack XXE Risk: Medium Effect: Remotely exploitable Author: Benjamin Bruppacher Date: 2017-11-06 Introduction: ------------- iText is a software...
pyLoad js2py Python Execution Exploit
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default...
Casdoor 1.13.0 - SQL Injection (Unauthenticated) Vulnerability
// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...
Online Book Store 1.0 Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Exploit Author: Tib3rius Vendor Homepage:...
Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Vendor Homepage: Vendor Homepage:...
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability
Exploit for jsp platform in category web applications Zimbra |";int c;while c = in.read != -1 out.printcharc;in.close;out.print"|' printbaseurl dtd file url dtdurl="https://k8gege.github.io/zimbra.dtd" """ " !ENTITY % all "!ENTITY fileContents '%start;...
OpenSSHd 7.2p2 - Username Enumeration (1)
Exploit for linux platform in category remote exploits Source: http://seclists.org/fulldisclosure/2016/Jul/51 -------------------------------------------------------------------- User Enumeration using Open SSHD =Latest version. -------------------------------------------------------------------...
FUDforum 3.0.6 Local File Inclusion Vulnerability
FUDforum version 3.0.6 suffers from a local file inclusion vulnerability. 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: LFI Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclose...
PyLoad 0.5.0 - Pre-auth Remote Code Execution Exploit
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import requests, argparse...
DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting Exploit
DMA Softlab Radius Manager version 4.4.0 chained exploit written in go that exploits session management and cross site scripting vulnerabilities. package main import "github.com/gorilla/mux" "fmt" "net/http" "net/url" "flag" "strings" "io/ioutil" "log" / should be able to: 1. Inject javascript in...
Gambio Online Webshop 4.9.2.0 Remote Code Execution Exploit
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an...
MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service Vulnerability
Exploit for multiple platform in category dos / poc VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798 Version: 0.6 Date: May 1st, 2017 Tag: miniupnpc getHTTPResponse chunked encoding integer signedness error Overview -------- Name: miniupnpc Vendor: Thomas...
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
Exploit for windows platform in category web applications Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data...
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
Shellcode Title: Windows/x86 Download using mshta.exe Shellcode 100 bytes Shellcode Author: Siddharth Sharma Shellcode Length: 100 bytes Tested on: WIN7x86 / Description Simply, instead of using mshta.exe to download file as: mshta.exe http://:/ , We could use below shellcode that does the same...
Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability
Exploit for unknown platform in category local exploits ==================================================================== Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability ==================================================================== Vulnerable: Ubuntu Ubuntu Linux 9....
XAMPP 3.3.0 Buffer Overflow Exploit
XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit. Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Date: 2023-10-26 Author: Talson @Ripp3rdoc Software Link:...
Dnsmasq < 2.78 - Integer Underflow Exploit
Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the...
ISPConfig 3.2.11 PHP Code Injection Exploit
------------------------------------------------------------------------ ISPConfig = 3.2.11 languageedit.php PHP Code Injection Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.ispconfig.org - Affected Versions: Version 3.2.11 and...
Teleport 9.3.6 Command Injection Vulnerability
Teleport 9.3.6 is vulnerable to command injection leading to remote code execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...
Joomla EasyBlog Persistent XSS Vulnerability
Exploit for php platform in category web applications ============================================ Joomla EasyBlog Persistent XSS Vulnerability ============================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...
Easy~Ftp Server v1.7.0.2 Post-Authentication BoF
Exploit for unknown platform in category remote exploits ================================================ EasyFtp Server v1.7.0.2 Post-Authentication BoF ================================================ !/usr/bin/python Title: EasyFtp Server v1.7.0.2 Post-Authentication BoF From: The eh?-Team ||...
Apache HTTP Server 2.4.49 - Path Traversal Vulnerability
Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if $1 =3D=3D '' ; $2 =3D=3D '' ; then ech...
Oracle Business Intelligence / XML Publisher 12.2.1.4.0 - XML External Entity Injection Exploit
Exploit for windows platform in category web applications Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link: https://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/index.html Version:...
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Vulnerability
Exploit Title: CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi Deda Cloud Cybersecurity Team Vendor Homepage: https://www.crowdstrike.com/ Author Homepage:...
WordPress All In One SEO Pack 4.2.9 Cross Site Scripting Vulnerability
Affected Plugin: All In One SEO Pack Plugin Slug: all-in-one-seo-pack Affected Versions: = 4.2.9 CVE ID: CVE-2023-0586 CVSS Score: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ivan Kuzymchak Fully Patched Version: 4.3.0 The All in One SEO Pack plugin for...
ProFTPD 1.3.3g Server Remote Root Exploit (ftp.bbc.co.uk)
Exploit for multiple platform in category remote exploits This is private exploit. You can buy it at https://0day.today...
Library Management System With QR Code 1.0 SQL Injection Vulnerability
Title: Library Management System with QR code Attendance 1.0 SQL Injection Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution Exploit
Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and...
Simple Cold Storage Management System 1.0 SQL Injection Vulnerability
Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability. Title: Simple Cold Storage Management System 1.0 SQL - Injection Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software:...
Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation Exploit
This Metasploit module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested ...
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font Exploit
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=707779e0...
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8....
Linux Kernel 5.1.x - (PTRACE_TRACEME) pkexec Local Privilege Escalation Exploit (2)
Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel 4.19.0-kali5-amd64 CVE:...
Telerik UI - Remote Code Execution via Insecure Deserialization Exploit
Exploit for asp platform in category web applications Telerik UI - Remote Code Execution via Insecure Deserialization Exploit See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of...
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution Exploit
Exploit for windows platform in category web applications !/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m...
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution Exploit
This Metasploit module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these...
MS12-020 Microsoft RDP Vulnerability Exploit PoC
The Remote Desktop Protocol RDP implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code ...
ExifTool 12.23 - Arbitrary Code Execution Exploit
Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE: CVE-2021-22204 Sourc...
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService) Exploit
Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation InstallAssistService Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Windows 10 CVE :...
Zabbix Agent 6.2.7 Insecure Permissions / Privilege Escalation Vulnerabilities
Zabbix Agent and Zabbix Agent 2 versions 6.2.7 and below suffer from an issue where it does not secure the permissions on a non-default installation directory, allowing an attacker to place a malicious executable to escalate privileges. Exploit Title: Zabbix agents - Insecure Permissions on...
PHP Melody 3.0 - (vid) SQL Injection Vulnerability
Exploit Title: PHP Melody 3.0 - 'vid' SQL Injection Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Product & Service Introduction: =============================== Upload, import, stream or embed any media. The smart way to manage audio & video. Comes with all the tools you...
PHP Melody 3.0 - (Multiple) Cross-Site Scripting Vulnerability
Exploit Title: PHP Melody 3.0 - 'Multiple' Cross-Site Scripting XSS Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Product & Service Introduction: =============================== Upload, import, stream or embed any media. The smart way to manage audio & video. Comes with all...
WordPress Contact Form To Any API 1.1.2 SQL Injection Vulnerability
WordPress Contact Form to Any API plugin version 1.1.2 suffers from a remote SQL injection vulnerability. Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage:...