39001 matches found
Cacti 1.2.22 Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows SpoolFool Privilege Escalation Exploit
The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via...
.NET Remoting Services Remote Command Execution Vulnerability
Exploit for windows platform in category remote exploits Source: https://github.com/tyranid/ExploitRemotingService Exploit Database Mirror: http://www.exploit-db.com/sploits/35280.zip ExploitRemotingService c 2014 James Forshaw ============================================= A tool to exploit .NET...
Hotmail.com reset account 0day Exploit
Hotmail.com 0day Exploit can reset any email account...
Safari Webkit Proxy Object Type Confusion Exploit
This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the...
vsftpd 2.3.4 - Backdoor Command Execution Exploit
Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution Exploit Author: HerculesRD Software Link: http://www.linuxfromscratch.org/thomasp/blfs-book-xsl/server/vsftpd.html Version: vsftpd 2.3.4 Tested on: debian CVE : CVE-2011-2523 !/usr/bin/python3 from telnetlib import Telnet import argparse fr...
Jcow Social Networking Script 4.2 <= 5.2 Arbitrary Code Execution
Exploit for php platform in category web applications Exploit Title: Jcow CMS 4.x:4.2 Software Link: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download Version: 4.x:4.2 5.6.7.8:34441 at Sat Jun 04 00:00:44 +0000 2011 require 'msf/core' class Metasploit3 'JCow CMS Remote...
Apache Struts 2 Namespace Redirect OGNL Injection Exploit
This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in th...
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation Vulnerability
Cellebrite UFED device implements local operating system policies that can be circumvented to obtain a command prompt. From there privilege escalation is possible using public exploits. Versions 5.0 through 7.5.0.845 are affected. Title: Cellebrite Restricted Desktop Escape and Escalation of User...
Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution. This module requires Metasploit: https://metasploit.com/downloa...
MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits ============================================= - Release date: 01.11.2016 - Discovered by: Dawid Golunski - Severity: High - CVE-2016-6664 / OCVE-2016-5617 - http://legalhackers.com ============================================= I. VULNERABILITY...
phpThumb v. <= 1.7.9 Remote Command Injection Exploit
This code exploits a Remote Command Injection vulnerability in phpThumb that allows attackers to upload a shell automatically.. !/usr/bin/perl Exploit Title: phpThumb v. http://mobileworld24.pl/wp-content/themes/mobileworld24/inc/phpThumb/ use LWP::UserAgent; use HTTP::Request; $target = $ARGV0;...
Wordpress Plugin Adserve 0.2 adclick.php SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================== Wordpress Plugin Adserve 0.2 adclick.php SQL Injection Exploit ============================================================== getvar"SELECT url FROM $tablename WHERE id=$id;";...
Varnish Cache CLI Interface Remote Code Execution Exploit
This Metasploit module attempts to login to the Varnish Cache varnishd CLI instance using a bruteforce list of passwords. This Metasploit module will also attempt to read the /etc/shadow root password hash if a valid password is found. It is possible to execute code as root with a valid password,...
Linux / FreeBSD TCP-Based Denial Of Service Vulnerability
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size MSS and TCP Selective Acknowledgement SACK capabilities. The most serious, dubbed "SACK Panic," allows a remotely-triggered kernel panic ...
vKios <= 2.0.0 (products.php cat) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================== vKios NTOS-Team-fl3xu5,k1tk4t,opt1lc use LWP::UserAgent; use Getopt::Long; if!$ARGV2 print "\n |-------------------------------------------------------|"; print "\n | Indonesia...
VidiScript Sql Injection Vulnerability
Exploit for php platform in category web applications ====================================== VidiScript Sql Injection Vulnerability ====================================== + Title: VidiScript Sql Injection Vulnerability + Software Link: http://www.4shared.com/file/0be1Uy6j/vidiscript.htm + Where :...
JQuery 1.4.2 Cross Site Scripting Vulnerability
JQuery version 1.4.2 suffers from a create object option in runtime client-side cross site scripting vulnerability. XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory...
BIND - (TSIG) Denial of Service Exploit
BIND - TSIG Denial of Service Exploit !/usr/bin/python coding:utf-8 from scapy.all import DNS, DNSQR, IP, sr1, UDP, DNSRRTSIG, DNSRROPT tsig = DNSRRTSIGrrname="local-ddns", algoname="hmac-sha256", rclass=255, maclen=0, macdata="", timesigned=0, fudge=300, error=16 dnsreq =...
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Exploit
The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and...
Siemens LOGO! 8 Hard-Coded Cryptographic Key Vulnerability
Due to the use of a hard-coded cryptographic key, an attacker can put the integrity and confidentiality of encrypted data of all Siemens LOGO! 8 PLCs using this key at risk, for instance decrypting network communication during a man-in-the-middle attack. Siemens LOGO! 8 Hard-Coded Cryptographic K...
Discuz! 7.00 + 7.1 + 7.2 database exploit
Exploit for php platform in category web applications Exploit Title: Discuz! 7.00 + 7.1 + 7.2 database exploit Author: Over-X email: email protected Vendor or Software Link: http://download.comsenz.com/Discuz/7.0.0/Discuz7.0.0FULLSCGBK.zip Version: 7.00 & 7.1 & 7.2 Google dork: "powered by Discuz...
OpenSSHd 7.2p2 - Username Enumeration (2)
Exploit for linux platform in category remote exploits !/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-1...
Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root Exploit
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIGUSERNS=y and where overlayfs has the FSUSERNSMOUNT flag, which allows the mounting of overlayfs insi...
Joomla 1.5 - 3.4.5 - Object Injection RCE X-Forwarded-For Header Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: Joomla 1.5 - 3.4.5 Object Injection RCE X-Forwarded-For header Date: 12/17/2015 Exploit Author: original - email protected Sec-1 ltd, Modified - Andrew McNicol BreakPoint Labs @0xcclabs Vendor Homepage:...
qdPM < 9.1 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an...
Linux PTRACE_TRACEME Local Root Exploit
Linux kernel versions starting at 4.10 and below 5.1.7 PTRACETRACEME local root exploit that uses the pkexec technique. Exploit Title: Ubuntu 16.04.6-Kernel-PTRACETRACEME-allowslocaluserstoobtainrootaccess - Local Author: nu11secur1ty Vendor: Ubuntu Linux kernel before 5.1.17 Link:...
XAMPP 5.6.40 SQL Injection Vulnerability
Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...
WordPress Core 5.0 - Remote Code Execution Exploit
Exploit for php platform in category web applications WordPress Core 5.0 - Remote Code Execution Exploit var wpnonce = ''; var ajaxnonce = ''; var wpattachedfile = ''; var imgurl = ''; var postajaxdata = ''; var postid = 0; var cmd = '?php phpinfo;/'; var cmdlen = cmd.length var payload =...
GPON Routers - Authentication Bypass / Command Injection Exploit
Exploit for hardware platform in category remote exploits !/bin/bash echo "+ Sending the Command… " We send the commands with two modes backtick and semicolon ; because different models trigger on different devices curl -k -d "XWebPageName=diag&diagaction=ping&wanconlist=0&desthost=$2;$2&ipv=0"...
WordPress Contact-Form-7 5.1.6 File Upload Vulnerability
Exploit for php platform in category web applications - Tile: Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload - Author: mehran feizi - Category: webapps - Date: 2020.02.11 - vendor home page: https://wordpress.org/plugins/contact-form-7/ Vulnerable Source: 134: moveuploadedfile...
Football Pool v3.1 Database Disclosure Vulnerability
Exploit for unknown platform in category web applications ==================================================== Football Pool v3.1 Database Disclosure Vulnerability ==================================================== » Script: Football Pool v3.1 » Language: ASP » Download:...
DZCP (deV!Lz Clanportal) v1.5.4 Local File Inclusion Vulnerability
Exploit for php platform in category web applications ================================================================== DZCP deV!Lz Clanportal v1.5.4 Local File Inclusion Vulnerability ================================================================== Reference:...
Apache mod_ssl < 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow (2) Exploit
/ OF version r00t VERY PRIV8 spabam Version: v3.0.4 Requirements: libssl-dev Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto objdump -R /usr/sbin/httpd|grep free to get more targets hackarena irc.brasnet.org Note: if required, host ptrace and replace wget target / include include include includ...
Pligg <= 9.9.0 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================ Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1'; $http-envproxy; cookiejar; my $host = $args'h' || usage; Host flag. Specify the...
WordPress DZS Zoomsounds 6.45 Plugin - Arbitrary File Read (Unauthenticated) Vulnerability
Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read Unauthenticated Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/ Exploit Author: Uriel Yochpaz Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Software Link: Version: 1.10, 1.20, 1.30, 1.40, 1.41,...
XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit
Exploit for hardware platform in category web applications Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...
SMB DOUBLEPULSAR Remote Code Execution Exploit
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...
OTRS 5.0.x/6.0.x - Remote Command Execution Vulnerability
Exploit for perl platform in category web applications Exploit Title: OTRS Shell Access Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE :...
mPDF 7.0 - Local File Inclusion Exploit
Exploit Title: mPDF 7.0 - Local File Inclusion Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse import quote from cmd import Cmd from...
gSOAP 2.8 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET...
Alphanumeric Shellcode Encoder Decoder
Exploit for generator platform in category shellcode ====================================== Alphanumeric Shellcode Encoder Decoder ====================================== / //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////...
Sudoedit Extra Arguments Privilege Escalation Exploit
This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit aka sudo -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of...
PolicyKit-1 0.105-31 - Privilege Escalation Exploit
Exploit Title: PolicyKit-1 0.105-31 - Privilege Escalation Exploit Author: Lance Biggerstaff Original Author: ryaagard https://github.com/ryaagard Github Repo: https://github.com/ryaagard/CVE-2021-4034 References: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Description: The exploit...
Joomla 3.7.0 - com_fields SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on...
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution Exploit
Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache...
Log4Shell HTTP Header Injection Exploit
This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an...
xWeblog v2.2 (arsiv.asp tarih) SQL Injection Exploit
Exploit for python platform in category web applications ==================================================== xWeblog v2.2 arsiv.asp tarih SQL Injection Exploit ==================================================== !/usr/bin/env python -- coding:utf-8 -- ''' Title : xWeblog v2.2 arsiv.asp tarih SQ...
ArticleBeach Script <= 2.0 (index.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================================== ArticleBeach Script = 2.0 index.php Remote File Inclusion Vulnerability ==========================================================================...
Microsoft SharePoint - Deserialization Remote Code Execution Exploit
!/usr/bin/env python3 -- coding: utf-8 -- import requests import sys from xml.sax.saxutils import escape from lxml import html import codecs import readline from clint.arguments import Args import signal def serializecommandcmd: total = "" for x in cmd: a = codecs.encodex,"utf-16be" b =...