39001 matches found
DirtyCow Local Root Proof Of Concept Exploit
Exploit for linux platform in category local exploits / uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of binary: 57048 Racing, this may take a while.. /usr/bin/passwd...
Monstra CMS 3.0.4 - Remote Code Execution Exploit
Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import re import sys if...
BMC Compuware iStrobe Web - 20.13 - Pre-auth Remote Code Execution Exploit
!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...
XAMPP - Buffer Overflow Exploit
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...
Easy File Sharing FTP 3.6 Denial Of Service Exploit
!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 17 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Easy File Sharing FTP Server 3.6 Tested on:...
Web Based Student Clearance 1.0 Shell Upload Vulnerability
Exploit Title: Web Based Student Clearance 1.0 - Unrestricted File Upload leads to Remote Code Execution Authenticated Exploit Author: Akash Pandey L3V1ATH0N Vendor Homepage: https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html Software Link:...
Raspberry Pi 5.10 - Default Credentials Vulnerability
Exploit Title: Raspberry Pi 5.10 - Default Credentials Exploit Author: netspooky Vendor Homepage: https://www.raspberrypi.com/ Software Link: https://www.raspberrypi.com/software/operating-systems/ Version: Raspberry Pi OS = 5.10 Tested on: Raspberry Pi OS 5.10 CVE : CVE-2021-38759 Initial Releas...
Dynojet Power Core 2.3.0 - Unquoted Service Path Vulnerability
Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 10 Version 21H1 OS...
Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit
Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-18818, CVE-2019-19609...
Omron PLC 1.0.0 - Denial of Service Exploit
Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE : n/a !usr/bin/python...
MoinMoin twikidraw Action Traversal File Upload Vulnerability
This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which...
UploadiFive Arbitrary File Upload Vulnerability
Exploit for php platform in category local exploits 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Ziepod+ 1.0 Cross Application Scripting
Exploit for windows platform in category remote exploits ======================================= Ziepod+ 1.0 Cross Application Scripting ======================================= !/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | ...
WordPress Wp NssUser Register 1.0.0 Privilege Escalation Vulnerability
CVE-2024-54363 Wp NssUser Register successful, just Check this: Login...
Rocket LMS 1.9 - Persistent Cross Site Scripting Vulnerability
Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome Browsers Patched...
WordPress Stripe Payment Plugin For WooCommerce 3.7.7 Authentication Bypass Vulnerability
WordPress Stripe Payment Plugin for WooCommerce plugin versions 3.7.7 and below suffer from an authentication bypass vulnerability. Affected Plugin: Stripe Payment Plugin for WooCommerce Plugin Slug: payment-gateway-stripe-and-woocommerce-integration Affected Versions: = 3.7.7 CVE ID: CVE-2023-31...
pimCore 5.4.18 - PHPSESSID cookie Session Exploit
Title: pimCore-5.4.18-skeleton Sensitive Cookie with Improper SameSite Attribute - PHPSESSID cookie Session vulnerability Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...
FileCloud 21.2 - Cross-Site Request Forgery Vulnerability
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
Nokia Transport Module Authentication Bypass Vulnerability
The TRS web console allows an authenticated user to remotely manage the BTS and its configuration. Analysis discovered an authentication bypass vulnerability in the web management console. BTS TRS web console version FTMW20FP22019.08.160010 is affected. title: Nokia Transport Module Authenticatio...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...
vBulletin 5.6.2 Persistent Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...
Windows/x86 - MSVCRT System + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service. Exploit Title: Windows/x86 -...
WHMCS 5.2.8 SQL Injection Vulnerability (0day)
dork:- inurl:submitticket.php site:.com inurl:submitticket.php site:.net inurl:submitticket.php site:.us inurl:submitticket.php site:.eu inurl:submitticket.php site:.org inurl:submitticket.php site:.uk intext:"Powered by WHMCompleteSolution" intext:"Powered by WHMCompleteSolution"...
Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC
Exploit for unknown platform in category web applications ==================================================================== Femitter FTP Server 1.03 RETR Remote Denial of Service Exploit PoC ====================================================================...
WordPress ReviewX 1.6.13 Privilege Escalation Vulnerability
Description: ReviewX = 1.6.13 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce Plugin Slug: reviewx Affected Versions: = 1.6.13 CVE ID: CVE-2023-2833 CVSS Score: 8.8 High CVSS Vector:...
PaperCut NG/MG 22.0.4 - Authentication Bypass Exploit
Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass Exploit Author: MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests from bs4 import BeautifulSoup import re def vulnversion: ip = input"Enter the ip address: "...
WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability
WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability. Affected Plugin: Metform Elementor Contact Form Builder Plugin Slug: metform Affected Versions: = 3.1.2 CVE ID: CVE-2023-0084 CVSS Score: 7.2 High CVSS...
Payara Platform Path Traversal Vulnerability
======================================================================= title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: 5.45.0 Community: 6.2022.1, 5.2022.4, 4.1.2.191.38 fixed version: Enterprise: 5.45.0 Community: 6.2022.1, 5.2022.4, 4.1.2.191.38 CVE...
WebKit HTMLSelectElement Use-After-Free Exploit
WebKit use-after-free in HTMLSelectElement There is a use-after-free in HTMLSelectElement. If the length of the HTMLSelectElement is set to a value greater than the existing options length then dummy HTMLOptionElements elements are created. These HTMLOptionsElements are stored as raw pointers in...
FLIR AX8 1.46.16 Remote Command Injection Exploit
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...
dotCMS Shell Upload Exploit
When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temporary directory. In the case of this vulnerability, dotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the tempora...
Sports Complex Booking System 1.0 Shell Upload Vulnerability
Title: Sports Complex Booking System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...
Servisnet Tessa - Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Privilege Escalation Metasploit', 'Description' = %q This module exploits privilege escalation in Servisnet Tessa, triggered by...
Bullwark Momentum Series JAWS 1.0 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link :...
Nagios 4.2.2 - Arbitrary Code Execution Exploit
Exploit for linux platform in category remote exploits ''' Source: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com -...
DLink ADSL Router DSL-2750U IN_1.08 Remote File Disclosure Vulnerability
D-Link ADSL router DSL-2750U with firmware version IN1.08 suffers from a file disclosure vulnerability. !/bin/sh D-Link ADSL ROUTER DSL-2750U IN1.08 Remote File Disclosure Modem Name: DSL-2750U Firmware Version: IN1.08 Copyright 2016 c Todor Donev https://www.ethical-hacker.org/...
SOPlanning 1.52.00 Cross Site Request Forgery Vulnerability
/...
Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0 Version: Adobe ColdFusion version...
TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability
CSRF Change Forward Power: -------------------------...
Smart School v1.0 - SQL Injection Vulnerability
Exploit Title: Smart School v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/smart-school-school-management-system/19426018 Demo Site: https://demo.smart-school.in Tested on: Kali Linux CVE: N/A Request POST /course/filterRecords/ HTTP/1.1 Host: localhost...
File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation Vulnerabilities
File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges. Exploit Title: File Replication Pro 7.5.0 - Password disclosure/reset & PrivEsc due Incorrect Access Control Exploit Author: Andrea Intilangelo...
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute...
wolfSSL 5.3.0 Denial Of Service Vulnerability
In wolfSSL version 5.3.0, man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket above 256 bytes into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache...
AirDisk 7.5.5 Cross Site Scripting Vulnerability
Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 1/ Starting the...
Nortek Linear eMerge E3-Series Credential Disclosure Vulnerability
Nortek Linear eMerge E3-Series versions 0.32-07p, 0.32-07e, 0.32-07p, 0.32-08f, and 0.32-09c suffer from an administrative credential disclosure vulnerability. Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version...
WordPress TaxoPress 3.0.7.1 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Akash Rajendra Patil Vendor Homepage: Software Link: https://wordpress.org/plugins/simple-tags/ Tested on Windows CVE: CVE-2021-24444...
DLink DWL-2600AP - Multiple OS Command Injection Vulnerability
Exploit for hardware platform in category web applications Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You...
Microsoft IIS WebDav ScStoragePathFromUrl Overflow Exploit
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow',...
Boa 0.93.15 HTTP Basic Authentication Bypass Exploit
Exploit for linux platform in category remote exploits ==================================================== Boa 0.93.15 HTTP Basic Authentication Bypass Exploit ==================================================== / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions...