39001 matches found
Microsoft Exchange Server Remote Code Execution Exploit
This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2...
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit
Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell. Usage Info Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce....
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12....
CS-Cart <= 1.3.3 (classes_dir) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ================================================================ CS-Cart = 1.3.3 classesdir Remote File Include Vulnerability ================================================================ $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM...
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 CVE-2021-41773. If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary...
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
Exploit for php platform in category web applications ---------------------------------------------------- WikkaWiki Query" 142. UPDATE ".$this-GetConfigValue'tableprefix'."users 143. SET email = '".mysqlrealescapestring$email."', 144. doubleclickedit = '".mysqlrealescapestring$doubleclickedit."'...
ManageEngine Shell Upload / Directory Traversal Vulnerabilities
ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities. This is part 11 of the ManageOwnage series. For previous parts, see 1. This time we have two remote code execution via file upload and directory...
deV!Lz Clanportal [DZCP] <= 1.4.9.6 Blind SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== deV!Lz Clanportal DZCP new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $userna...
Jax Guestbook 3.50 Admin Login Exploit
Exploit for unknown platform in category web applications ====================================== Jax Guestbook 3.50 Admin Login Exploit ====================================== Exploit Title: Jax Guestbook 3.50 Admin Login Exploit Date: December 23rd, 2009 Author: Sora Software Link:...
NSClient++ 0.5.2.35 - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Teste...
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
/ Exploit Title: RouterOS Remote Rooting Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By the Way is an...
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution Exploit (2)
Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21 Connecting to the targe...
MGB OpenSource Guestbook 0.7.0.2 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m-gb.org/ Software Link: https://sourceforge.net/projects/mopzz-gb/files/latest/download Version: 0.7.0.2 Category:...
OkayCMS 2.3.4 Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications Unauthenticated remote code execution in OkayCMS Overview Target: OkayCMS Vendor: OkayCMS Version: all versions including 2.3.4 CVE: CVE-2019-16885 Accessibility: Local Severity: Critical Author: Wolfgang Hotwagner AIT Austrian Institute of...
Instagram bypass Access Account Private Method Exploit
With this method you can hack almost any Instagram Account...
Bustabit Bitcoin Server Seed way of earning Exploit
BustaBit used a root server seed to generate its current hash chain. PLAY: https://www.bustabit.com/play FAQ: https://www.bustabit.com/faq Each item in the hashchain represents a result in the game. My exploit provides you with the root server seed and a javascript file which you can start via:...
TP-LINK TL-WR841N Local File Inclusion Vulnerability
TP-LINK TL-WR841N suffers from a local file inclusion vulnerability. Firmware versions 3.13.9 Build 120201 Rel.54965n and below are affected. Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n And Below Versions Discovered Date: 24/10/2012...
CE Phoenix 1.0.8.20 Remote Code Execution Exploit
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...
Samba is_known_pipename() Arbitrary Module Load Exploit
This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some...
Aardvark Topsites PHP <= 4.2.2 (path) Remote File Inclusion Vuln
Exploit for unknown platform in category web applications ================================================================ Aardvark Topsites PHP = 4.2.2 path Remote File Inclusion Vuln ================================================================ Title: Aardvark Topsites PHP 4.2.2 remote file...
Exim 4.91 Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may...
PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...
Advanced Comment System 1.0 Multiple RFI Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== Advanced Comment System 1.0 Multiple RFI Vulnerabilities ======================================================== ====================================================== Advanced...
Microsoft Windows 10 - WSReset UAC Protection Bypass (propsys.dll) Exploit
// ref : https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e include // uac bypass via wsreset.exe // @404death // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47755.zip int main printf"\n+ Run First...
WordPress Elementor 3.6.2 Shell Upload Exploit
WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this. This module requires...
Nagios XI Magpie_debug.php Root Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell. This module requires Metasploit:...
Microsoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050) Exploit
Exploit for windows platform in category remote exploits EDB-Note: Source https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS09050.py !/usr/bin/python This module depends on the linux command line program smbclient. I can't find a python smb library for smb login. If you can find one, you...
GNU Screen 4.5.0 - Privilege Escalation (Bash) Vulnerability
Exploit for linux platform in category local exploits !/bin/bash screenroot.sh setuid screen v4.5.0 local root exploit abuses ld.so.preload overwriting to get root. bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html HACK THE PLANET infodox 25/1/2017 echo " gnu/screenroot "...
OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle Vulnerability
OpenSSH versions 6.8p1 to 9.9p1 contain a logic error that allow an on-path attacker a.k.a man-in-the-middle to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. OpenSSH versions 9.5p1 to 9.9p1 are vulnerable to a memory/CPU denial of service relat...
Microsoft Windows 10 (1903/1909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow
Microsoft Windows 10 1903/1909 - 'SMBGhost' SMB3.1.1 'SMB2COMPRESSIONCAPABILITIES' Buffer Overflow PoC CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48216.zip Usage ./CVE-2020-0796.py servername This scrip...
Instagram info disclosure (email + phone) 0day Exploit
Usage Info 1.make the files from exploit codes 2.host them on your web 3.you're all set! This is private exploit. You can buy it at https://0day.today...
Mobile Mouse 3.6.0.4 Remote Code Execution Exploit
This Metasploit module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, the current version at the time of module...
Axis Network Camera Remote Command Execution Exploit
This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...
Article Dashboard SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Article Dashboard sql injection Date: 3-5-2012 Author: b0y h4ck3r Version: no more than this Category: webapps Google dork: inurl:ezineready.php?id= intext:Powered by Article Dashboard Tested on: windows7 Demo site:...
Squirrelmail 1.4.22 Remote Code Execution Exploit
Exploit for linux platform in category remote exploits Title: Squirrelmail Remote Code Execution Product: Squirrelmail Version: 1.4.22 and probably prior Vendor: squirrelmail.org Type: Command Injection Risk level: 4 / 5 Credit: email protected CVE: CVE-2017-7692 Vendor notification: 2017-04-04...
WordPress WP Fanzone 3.1 SQL Injection Vulnerability
WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability. Exploit Title : Built with WordPress and WP FanZone Themes 3.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Vendor Homepage : wordpress.org -...
Linux /dev/urandom RNG Flaws Exploit
There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and...
OpenSSH 6.0p1 Backdoor Patch 1.2 Vulnerability 0day
This patch is for openssh-6.0p1 source which combines a known openssh backdoor and Sebastian Krahmer's openssh.reverse capabilities. Telnet to target openssh server and issue udcgamaimagic string for getting reverse openssh connection. $id: udc-hackssh-v3bajaulaut-v1, 2012/10/28 05:00:50 slash...
MGB OpenSource Guestbook 0.6.9.1 Cross Site Scripting / SQL Injection
Exploit for php platform in category web applications Advisory: MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities Author: Stefan Schurtz Affected Software: Successfully tested on MGB OpenSource Guestbook 0.6.9.1 Vendor URL: http://www.m-gb.org Vendor Status: fixed...
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer Exploit
Exploit for linux platform in category dos / poc / libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTIFF tif, uint8 buffe...
NVMS 1000 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Title: NVMS-1000 - Directory Traversal Author: Numan Türle Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html POC --------- GET /../../../../../../../../../../../../windows/win.ini...
PostgreSQL COPY FROM PROGRAM Command Execution Exploit
Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pgexecuteserverprogram' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a ne...
Snapchat takeover any account 0day Exploit
Exploit can reset any Snapchat account...
Alfa Team Shell Tesla 4.1 Remote Code Execution Vulnerability
Exploit Title: ALFA TEAM SHELL TESLA 4.1 - 'cmd' Remote Code Execution Unauthenticated Google Dork: inurl:/alfacgiapi intext:alfa Exploit Author: Aryan Chehreghani Vendor Homepage: http://solevisible.com Software Link: https://phpshells.com/alfa-tesla-v4-1-shell Version: v4.1 Tested on: Windows 1...
DataLife Engine 13.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications + Title: DataLife Engine Core Cross Site Scripting XSS & Execution Code + Author: Mostafa Gharzi + Team: Maher - CertCC.ir + Vendor Homepage: www.dleviet.com www.dle-news.com + Tested on: Windows 10 & Kali Linux + Versions: 13.0 and Before +...
Joomla! 4.1.2 Shell Upload 0day Exploit
...
Adobe Flash TextField.setFormat - Use-After-Free
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=586 The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method ca...
CMS Made Simple < 2.2.10 - SQL Injection Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: Unauthenticated SQL Injection on CMS Made Simple = 2.2.9 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
Hikvision IP Camera - Backdoor Vulnerability
Exploit Title: Hikvision IP Camera - Backdoor Exploit Author: Sobhan Mahmoodi Reference: https://ipvm.com/reports/hik-exploit GitHub: https://github.com/bp2008/HikPasswordHelper/ Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was...
Webid Blind SQL Injection / Local File Disclosure Vulnerability
Exploit for php platform in category web applications Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...