39001 matches found
NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter) Exploit
Exploit Title: NetPCLinker 1.0.0.0 - Buffer Overflow SEH Egghunter Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/netpclinker/ Software Link: https://sourceforge.net/projects/netpclinker/files/ Version: 1.0.0.0 Tested on: Windows Vista SP1 !/usr/bin/python '...
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This module has been tested successfully on Fedora 13 i686 kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu...
Dahua Generation 2/3 - Backdoor Access Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable...
SPIP 4.2.12 Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be...
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability
Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerability on modern...
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit
Exploit for php platform in category web applications Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...
Cacti pollers.php SQL Injection / Remote Code Execution Exploit
This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the...
Complaint Management System 1.0 - (cid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Complaint Management System 1.0 - 'cid' SQL Injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...
Palo Alto Networks PAN-OS Cookie Injection Vulnerability
Palo Alto Networks PAN-OS versions before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. !/bin/bash Exploit Title: Fake Cookie Injection PoC - CVE-2017-15944 Date: December...
Apache CouchDB 3.2.1 - Remote Code Execution Exploit
Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE:...
Microsoft Windows Containers Privilege Escalation Vulnerability
The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user. Windows Containers: ContainerUser has Elevated Privileges Windows Containers: ContainerUser has...
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information Exploit
Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py https://swagger-page.c...
AD Manager Plus 7122 - Remote Code Execution Vulnerability
Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...
Apache Log4j 2 - Remote Code Execution Exploit
Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE: CVE-2021-44228 Github rep...
Wordpress Masterstudy LMS Plugin - 3.0.17 - Unauthenticated Instructor Account Creation Exploit
Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| || / / | | |/ / / ...
Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe) Exploit
// Exploit Title: Linux Kernel 5.8 Proof-of-concept exploit for the Dirty Pipe vulnerability CVE-2022-0847 caused by an uninitialized "pipebuffer.flags" variable. It demonstrates how to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on...
WordPress Email Subscribers & Newsletters 4.2.2 Plugin - (hash) SQL Injection (Unauthenticated)
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection Unauthenticated Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Exploit Author: email protectedESEC Vendor Homepage:...
Joomla com_sexycontactform Arbitrary File Upload Vulnerability
Usage Info Google Dork: "/components/comsexycontactform/" site:gr Google Dork: "Powered by sexycontact" site:gr Google Dork: inurl:"sexy-contact-form" site:gr Exploit : components/comsexycontactform/fileupload/index.php Shell Access :...
SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ===================================================== SMEweb 1.4b SQL/XSS Multiple Remote Vulnerabilities ===================================================== ======================================================= SMEweb 1.4b SQL/XSS...
360 Security Sandbox Escape 0day Exploit
Sandbox is a feature introduced to isolate risky programs. Application running in sandbox have only limited access and it wont allow tasks such as network communication , creating file or anything malicious in nature A vulnerability in 360 security sandbox allows attackers to escape from the...
Apache Spark Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed i...
XenForo 1.5.x Remote Code Execution Vulnerability
Exploit for php platform in category web applications XenForo 1.5.x Remote Code Execution Vulnerability 1. ADVISORY INFORMATION ======================= Product: XenForo Vendor URL: xenforo.com Type: Code Injection CWE-94 Date found: 2016-12-09 Date published: 2016-12-15 CVSSv3 Score: 9.3...
D-Link Devices HNAP SOAPAction-Header Command Execution Exploit
Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as...
FreeSWITCH 1.10.10 Denial Of Service Vulnerability
When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...
Dirty Pipe Linux Privilege Escalation Exploit
Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. / SPDX-License-Identifier: GPL-2.0 / / Copyright 20...
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit
Exploit for php platform in category web applications !/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link:...
Vehicle Parking Management System 1.0 SQL Injection Vulnerability
Vehicle Parking Management System version 1.0 suffer from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Vehicle Parking Management System 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 |...
Shoutcast Server 2.6.0.753 Crash Vulnerability
Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability. Shoutcast Server Remote Authenticated Crash ===== Intro ===== Shoutcast Server crashes after failing to handle a non-existent option recieved from a client in an ADMINCGI request. Requires auth to reproduc...
Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ruijie Networks Switch eWeb S29RGOS 11.4 - Directory Traversal Exploit Author: Tuygun Vendor Homepage: https://www.ruijienetworks.com/ Version: eWeb S29RGOS 11.41B12P11 Source : https://faruktuygun.com/directorytraversal.ht...
WordPress Backup Migration 1.3.7 Remote Code Execution Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: Backup Migration = 1.3.7 backup-backup Unauthenticated Remote Code Execution Affected Plugin: Backup Migration Plugin Slug: backup-backup Affected Versions: = 1.3.7 CVE ID:CVE-2023-6553 Pending CVSS Score: 9.8 Critical CVSS Vector:...
ChurchCRM 4.5.4 SQL Injection Exploit
Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...
Ulfius Web Framework Remote Memory Corruption Exploit
Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or potentially remote code execution with privileges of the running process. !/usr/bin/python3 guul.p...
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation
Exploit for linux platform in category local exploits / uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of binary: 57048 Racing, this may take a while.. /usr/bin/passwd is...
BoidCMS 2.0.0 Command Injection Exploit
This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...
Helmet Store Showroom 1.0 SQL Injection Exploit
Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Version: 1.0 Tested on: Windows 10 +...
Rocket LMS 1.1 - Persistent Cross Site Scripting Vulnerability
Exploit Title: Rocket LMS 1.1 - Persistent Cross Site Scripting XSS Document Title: =============== Rocket LMS 1.1 - Persistent Cross Site Scripting XSS Product & Service Introduction: =============================== Rocket LMS is an online course marketplace with a pile of features that helps yo...
PAC Bypass Due To Unprotected Function Pointer Imports Exploit
PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers as well as some data pointers at runtime. However, it seems that imports of function pointers from shared libraries in...
Huawei HG530 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Multiple CSRF reboot and restore Vulnerability =========================== The Huawei HG530 suffers from multiple CSRF vulnerability allows local attackers to reboot the device or to restore to factory Configuration. ================== Th...
BIND 9.10.5 - Unquoted Service Path Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: =========== www.isc.org Product: =========== BIND9 v9.10.5 x86 / x64 BIND is open source software that enables you to publish your Domain Name System DNS information on the Internet, and to resolve...
Reprise License Manager 14.2 Session Hijacking Vulnerability
Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44151 Vulnerability Title: Unauthenticated Session Hijacking Severity: Medium/High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: ...
OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...
Linux SELinux PTRACE_TRACEME Handler Use-After-Free Exploit
Linux suffers from a use-after-free read in the SELinux handler for PTRACETRACEME. Linux: UAF read in SELinux handler for PTRACETRACEME There's a UAF read in the SELinux handler for PTRACETRACEME, selinuxptracetraceme. The bug was introduced in commit eb1231f73c4d7 "selinux: clarify task...
Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi
This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type...
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...
Online Banking System v1.0 SQL injection Vulnerability
Title: Online Banking System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html Reference:...
Ajax File Manager File Upload Vulnerability
Exploit for php platform in category web applications ========================================================================= Ajax File Manager File Upload Vulnerability =========================================================================...
ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Denial of Service Vulnerability
ABB Cylon Aspect version 3.08.02 has an off-by-one error in array access that could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than condition, allowing access to an out-of-bounds index. This can trigger errors or...
Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit
A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files. This module requires...
systemd 246 - Local Privilege Escalation Vulnerability
Exploit Title: systemd 246 - Local Privilege Escalation Exploit Author: Iyaad Luqman K init6 Application: systemd 246 Tested on: Ubuntu 22.04 CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the systemctl status command can be run as root user. Th...
Microsoft Windows Contact File Remote Code Execution Vulnerability
Microsoft Windows Contact file / Remote Code Execution Resurrected 2022 / CVE-2022-44666 + John Page aka hyp3rlinx + twitter.com/hyp3rlinx + ISR: ApparitionSec Back in 2018 I discovered three related Windows remote code execution vulnerabilities affecting both VCF and Contact files. They were...