39001 matches found
Hikvision IP Camera Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This...
Apache 2.4.x - Buffer Overflow Exploit
Exploit Title: Apache 2.4.x - Buffer Overflow Exploit Author: Sunil Iyengar Vendor Homepage: https://httpd.apache.org/ Software Link: https://archive.apache.org/dist/httpd/ Version: Any version less than 2.4.51. Tested on 2.4.50 and 2.4.51 Tested on: Server Kali, Client MacOS Monterey CVE :...
Apache Httpd mod_rewrite - Open Redirects Vulnerability
Exploit for multiple platform in category web applications Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik...
phpMyAdmin 4.x Remote Code Execution Exploit
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...
Jax Guestbook admin bypass vulnerability
Exploit for php platform in category web applications ======================================== Jax Guestbook admin bypass vulnerability ======================================== Exploit Title: Jax Guestbook admin bypass vulnerability Date: 3.10.2010 Author: EraGoN Software...
Rapidleech v2 rev. 43 XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: Deface By XSS In RapidLeech Google Dork: inurl:"index.php?debug=1" or intitle:"Rapidleech v2 rev. 43" Date: 2011/20/December Author: M.R.S.CO - Ashiyane.org Software Link:...
Torrent Hoster Remont Upload Exploit
Exploit for unknown platform in category web applications ==================================== Torrent Hoster Remont Upload Exploit ==================================== ======================================================================================== | Title : Torrent Hoster Remont Upload...
Open Realty (index.php) SQL Injection Vulnerability
Exploit for php platform in category web applications =================================================== Open Realty index.php SQL Injection Vulnerability =================================================== Title: Open Realty index.php SQL? Injection ------------------------------------ Software...
Nginx 1.25.5 Host Header Validation Vulnerability
Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice. Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering...
deV!L`z Clanportal (DZCP 1.5.5.2) Multiple Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
jQuery 1.2 - Cross-Site Scripting Vulnerability
Exploit Title: jQuery 1.2 - Cross-Site Scripting XSS Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.2 and before 3.5.0 CVE : CVE-2020-11022 Proof of Concept 1: 0day.today 2021-10-19...
Linux Kernel 4.15.x < 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47165.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses dbus service technique ---...
FileZilla Server 0.9.41 beta Remote DOS (CPU exhaustion)
Exploit for windows platform in category dos / poc Exploit Title:FileZilla Server version 0.9.41 beta Remote DOS CPU exhaustion Date: July 10, 2012 Author: coolkaveh email protected https://twitter.com/coolkaveh Vendor Homepage: http://filezilla-project.org/ Version: 0.9.41 Tested on: windows XP...
Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
elgg <= 1.5 (/_css/js.php) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================= elgg dbname,$mysqldblink 48: if $simplecacheenabled || $override 49: $filename = $dataroot . 'viewssimplecache/' . md5$viewtype . $view; 51: $contents = filegetcontents$filename...
nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit
An off-by-one error in ngxresolvercopy while processing DNS responses allows a network attacker to write a dot character '.', 0x2E out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is...
phpBB modified by Przemo <= 1.12.6p4 Denial Of Service Exploit
Exploit for php platform in category dos / poc ============================================================== phpBB modified by Przemo = 1.12.6p4 Denial Of Service Exploit ============================================================== ?php Exploit Title: phpBB modified by Przemo = 1.12.6p4 Denial...
Apache 2.4.7 httpd mod_status Heap Buffer Overflow Vulnerability
Exploit for linux platform in category dos / poc URL: http://svn.apache.org/r1610499 Log: Merge 1610491 from trunk: SECURITY CVE-2014-0226: Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for...
OpenLD <= 1.2.2 (index.php id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================= OpenLD = 1.2.2 index.php id Remote SQL Injection Vulnerability =================================================================...
ProFTPD 1.3.5 Mod_Copy Command Execution Exploit
This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by defau...
ProFTPd 1.3.5 - Remote Command Execution Exploit
Exploit for linux platform in category remote exploits Title: ProFTPd 1.3.5 Remote Command Execution Date : 20/04/2015 Author: R-73eN Software: ProFTPd 1.3.5 with modcopy Tested : Kali Linux 1.06 CVE : 2015-3306 Greetz to Vadim Melihow for all the hard work . import socket import sys import...
jQuery 1.0.3 - Cross-Site Scripting Vulnerability
Exploit Title: jQuery 1.0.3 - Cross-Site Scripting XSS Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0 CVE : CVE-2020-11023 Proof of Concept 1: Proof of Concept 2 Only jQuery 3.x affected: " 0day.today 2021-10-19...
PHPFox v3.4.1 XSS vulnerabilities
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page...
OTRS Authenticated Command Injection Exploit
Exploit for multiple platform in category remote exploits Exploit Title: OTRS Authenticated Command Injection Exploit Author: Ali BawazeEer Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version:5.0.2, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS...
WeBid Local File Discolure vulnerability
+Description: Open source php/mysql fully featured auction script. Perfect for those who want to start their own auction site. +Exploit: Acal Suffers from an LFD vulnerability: Usage Info 127.0.0.1/PATH/WEBID/loader.php?js=LFD + Author: TUNISIAN CYBER + Exploit Title: WeBid all versions LFD...
PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit
Exploit for unknown platform in category web applications =========================================================== PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit =========================================================== !/usr/bin/php ?php / Found this after getting my inet back...
OpenSSH Server regreSSHion Remote Code Execution Vulnerability
Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various...
Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability
apache2: concurrent pool usage in http2 module h2mplx.c contains a number of calls to aplogcerror using m-c the master connection as an argument. These calls can trigger allocations using the m-c-pool. One example is coregeneratelogid. As some of the code in h2mplx.c is executed on a worker threa...
FLDS 1.2a (redir.php id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== FLDS 1.2a redir.php id Remote SQL Injection Vulnerability =========================================================== Free Links Directory Script id SQL Injection Vulnerability...
SPIP Remote Command Execution Exploit
This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10...
WordPress Core 6.2 XSS / CSRF / Directory Traversal Vulnerability
On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity Cross-Site Scripting vulnerability, and several lower-severity vulnerabilities. These patches have been...
Ignition Remote Code Execution Exploit
Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. This module require...
phpBB modified by Przemo <= 1.12.6p3 Denial Of Service Exploit
Exploit for php platform in category dos / poc ============================================================== phpBB modified by Przemo 1000\n"; echo "-------------------------------------------------------------------------\n"; exit; $u...
WordPress Core 5.8.2 - (WP_Query) SQL Injection Vulnerability
Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: &nonce=a85a0c3bfa&...
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution Vulnerabilities
ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cslang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell. Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Inclusion...
Tiny File Manager 2.4.3 Shell Upload Exploit
Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "email protected" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then...
Mumara Classic 2.93 - (license) SQL Injection (Unauthenticated) Vulnerability
Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic through 2.93...
Apache - HTTP OPTIONS Memory Leak Exploit
Exploit for linux platform in category web applications !/usr/bin/env python3 Optionsbleed proof of concept test by Hanno Böck import argparse import urllib3 import re def testbleedurl, args: r = pool.request'OPTIONS', url try: allow = strr.headers"Allow" except KeyError: return False if allow in...
Ckfinder remote file Upload Vulnerability
Exploit for php platform in category web applications ========================================= Ckfinder remote file Upload Vulnerability ========================================= Author: Net.Edit0r Dork : inurl:"/ckfinder/ckfinder.html" Software Link: http://www.ckfinder.com/ Platform :linux/php...
JPG Silent Arbitrary Code Execution Builder Exploit
0day JPG Exploit. All Chrome, Edge, Opera, Firefox, Microsoft Internet Explorer. Windows 7, Windows 8, Windows 8.1, Windows 10 Tested Works in the latest versions. All Mail services were Tested bypass, Gmail, Hotmail, Yahoo, Yandex-mail, Foxmail, QQ. Full Support 1 year Free ReFUD proof video:...
CMS Made Simple 2.2.8 Remote Code Execution Exploit
An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms...
VidiScript 1.0.3a Cross Site Scripting Vulnerability
Exploit for php platform in category web applications . \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://thecrowscrew.org Exploit Title: VidiScript Persistent XSS...
WiFi Mouse 1.8.3.4 Remote Code Execution Exploit
The WiFi Mouse Mouse Server from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server cmd.exe in our case and type commands that will be executed as the...
OpenSSH 7.2 - Denial of Service Exploit
Exploit for linux platform in category dos / poc Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T email protected www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS,...
Micro Login System v 1.0 Read password
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 蒸...
eMeeting Dating Software SQL Injection Exploit
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
WordPress Core 5.2.3 - Viewing Unauthenticated/Password/Private Posts Vulnerability
Exploit for multiple platform in category web applications WordPress Core 5.2.3 - Viewing Unauthenticated/Password/Private Posts So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc ...
Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolu...
FlatFile Login System Remote Password Disclosure Vulnerability
Exploit for unknown platform in category web applications ============================================================== FlatFile Login System Remote Password Disclosure Vulnerability ==============================================================...
Pligg CMS 9.9.0 (story.php id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================= Pligg CMS 9.9.0 story.php id Remote SQL Injection Vulnerability ================================================================= || | | Pligg Beta 9.9.0 id Remote SQL...