39001 matches found
Serv-U FTP Server 15.1.7 prepareinstallation Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV0 in a call to system, without validation, when invoked with the -prepareinstallation flag, resulting in command execution with...
Thunderbird ESR < 60.7.XXX - Type Confusion Vulnerability
Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
Indusoft Web Studio 8.1 SP2 - Remote Code Execution Exploit
Exploit Title: Indusoft Web Studio Unauthenticated RCE Exploit Author: Jacob Baines Vendor Homepage: http://www.indusoft.com/ Software http://www.indusoft.com/Products-Downloads/Download-Library Version: 8.1 SP2 and below Tested on: Windows 7 running the Web Studio 8.1 SP2 demo app CVE :...
Cisco Prime Infrastructure Unauthenticated Remote Code Execution Exploit
Cisco Prime Infrastructure CPI contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege...
Invision Power Board 4.x.x Uploading Shell Exploit
Uploading Shell Using PHP Injection Vulnerability This is private exploit. You can buy it at https://0day.today...
the GoNC Network(view.php)Blind Sql Injection Vulnerability
Exploit for php platform in category web applications Exploit Title:the GoNC Networkview.phpBlind Sql Injection Vulnerability Date: 16/8/2011 Author: Angel Injection home Page: http://www.club-h.co.cc ,http://www.sec-krb.org Email: Angel-InjectionathotmailDotcom Vendor or Software Link:...
Virata EmWeb R6.0.1 Remote Crash Vulnerability
Exploit for linux platform in category dos / poc ============================================== Virata EmWeb R6.0.1 Remote Crash Vulnerability ============================================== Exploit Title: Virata EmWeb R6.0.1 Remote Crash Vulnerability Date: 06/04/10 Author: Jobert Abma Online 24...
PHPWind <= 5.0.1 (AdminUser) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== PHPWind = 5.0.1 AdminUser Remote Blind SQL Injection Exploit =============================================================== ?php printr'...
Palo Alto Expedition 1.2.91 Remote Code Execution Exploit
This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a defau...
Journyx 11.5.4 Authenticated Remote Code Execution Vulnerability
Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL:...
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting Vulnerabilities
Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024...
Enlightenment v0.25.3 - Privilege escalation Vulnerability
Exploit Title: Enlightenment v0.25.3 - Privilege escalation Author: nu11secur1ty Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 CVE ID: CVE-2022-37706 Description: The...
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS Vulnerabilities
Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities. ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Delta Electronics DX-2100-L1-CN vulnerable version|...
PCProtect Endpoint 5.17.470 Tampering / Privilege Escalation Vulnerability
PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges. + Credits: Yehia Elghaly aka Mrvar0x + Website: https://mrvar0x.com/ + Source: https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/ Vendor:...
WordPress Blue Admin 21.06.01 Plugin - Cross-Site Request Forgery Vulnerability
Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Exploit Author : WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Vendor Homepage : https://wpscan.com/plugin/blue-admi Version : alert/XSS/' /...
WordPress Mortgage Calculators WP 1.52 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE : CVE-2021-24904...
Hospitals Patient Records Management System 1.0 - (id) SQL Injection (Authenticated) Vulnerability
Exploit Title: Hospitalss Patient Records Management System 1.0 - 'id' SQL Injection Authenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...
Compro Technology IP Camera - (killps.cgi) Denial of Service Exploit
Exploit Title: Compro Technology IP Camera - 'killps.cgi' Denial-of-Service DoS Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40378 There is a backdoor prefabricated in the...
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Exploit
Exploit for java platform in category web applications Exploit Title: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Exploit Author: hongphukt Vendor Homepage: https://www.jinfonet.com/ Software Link: https://www.jinfonet.com/product/download-jreport/ Version: JReport 15.6 Tested on...
Prime95 Version 29.8 build 6 - Buffer Overflow (SEH) Exploit
Exploit Title: Prime95 Version 29.8 build 6 - Buffer Overflow SEH Vendor Homepage: https://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v298b6.win32.zip Exploit Author: Achilles Tested Version: 29.8 build 6 Tested on: Windows 7 x64 1.- Run python code:Prime95.py 2.- Op...
SeedDMS < 5.1.11 - (out.GroupMgr.php) Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution Vulnerability
Exploit for linux platform in category local exploits by Arminius @rawsec Vim/Neovim Arbitrary Code Execution via Modelines ================================================= Product: Vim 8.1.1365, Neovim 0.3.6 Type: Arbitrary Code Execution CVE: CVE-2019-12735 Date: 2019-06-04 Author: Arminius...
Internet Information Services (IIS) 6.0 WebDAV - ScStoragePathFromUrl Buffer Overflow Exploit
Exploit for windows platform in category remote exploits ''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header...
OpenSSH 6.8 < 6.9 - PTY Privilege Escalation Exploit
Exploit for linux platform in category local exploits / notansshnuke.c Federico Bento up201407890 alunos dcc fc up pt https://twitter.com/uid1000 OpenSSH 6.8-6.9 local privilege escalation - CVE-2015-6565 Considered mostly to be a "DoS", turns out to be a priv esc vuln...
Samba < 3.6.2 x86 - PoC
Exploit for linux platform in category dos / poc !/usr/bin/python """ Exploit for Samba vulnerabilty CVE-2015-0240 by sleepya The exploit only targets vulnerable x86 smbd 3.6.24 which 'creds' is controlled by ReferentID field of PrimaryName ServerName. That means 'talloczero' in libtalloc does no...
OpenSSH rootkit backdoor tool with ssh sniffer
This is a private version of OpenSSH backdoor rootkit tool wih ssh sniffer. If u want to have a hidden acces to a unix server on ssh conexion you can us this tool safetly. Also this rootkit can catch all ssh conexiones from the server where install this tool. If a email protected or email protect...
Multiple Vendors libc/glob(3) Resource Exhaustion (remote ftpd-anon)
Exploit for multiple platform in category dos / poc ==================================================================== Multiple Vendors libc/glob3 Resource Exhaustion remote ftpd-anon ==================================================================== Affected Software verified: - - OpenBSD 4....
phpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool (updated)
Exploit for unknown platform in category web applications ================================================================== phpBB Note: Host the php script and replace the line 34 Php script for the email option because win32 don't support Mail::Mailer Changelog: Bruteforce option | Starting...
Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
Exploit for unknown platform in category remote exploits ============================================================= Eudora Qualcomm WorldMail 3.0 IMAPd Remote Overflow Exploit ============================================================= !/usr/bin/python PRE AUTHENTICATION Eudora Qualcomm...
PHPJabbers Cleaning Business 1.0 - Reflected XSS Vulnerability
Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...
WBCE CMS 1.6.1 - Open Redirect & CSRF Vulnerability
Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...
LeadPro CRM v1.0 - SQL Injection Vulnerability
Exploit Title: LeadPro CRM v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/leadifly-lead-call-center-crm/43485578 Demo Site: https://demo.leadifly.in Tested on: Kali Linux CVE: N/A Request GET...
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Vulnerability
Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47874 Introducti...
Inventory Management System 1.0 SQL Injection Vulnerability
Title: Inventory Management System 1.0 Blind SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/inventory-management-system-php/ Software: https://cutt.ly/lOZ8lrr Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache vulnerability Code php php You have an error...
Savsoft Quiz 5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux...
PHP 7.4 FFI - (disable_functions) Bypass Exploit
Exploit for php platform in category web applications ?php / FFI Exploit - uses 3 potential BUGS. PHP was contacted and said nothing in FFI is a security issue. Able to call system$cmd without using FFI::load or FFI::cdefs BUG 1 maybe intended, but why have any size checks then? no bounds check f...
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode 232 bytes
Shellcode Title: Windows\x64 Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode 232 bytes Shellcode Author: Bobby Cooke Date: March 2020-03-17 Tested On: Windows 10 Pro 1909 x86: HelpPane.exe, notepad.exe, certutil.exe Windows 10 Pro 1909 x8664: mmc.exe, xwizard.exe ! Will onl...
PHPKB Multi-Language 9 Authenticated Directory Traversal Exploit
Exploit for php platform in category web applications Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
XOO Digital 2.1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ==================================================================================================================================== | Title : XOO DIGITAL v2.1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10...
Sahi pro 8.x - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the...
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT
macOS 13.37; stackspray = ; for let v15 = 0; v15 100; v15++ function v19v23 // This weird loop form might be required to prevent loop unrolling... for let v30 = 0; v30 3; v30 = v30 + "asdf" // Generates the specific CFG necessary to trigger the bug. const v33 = Error != Error; if v33 else // Forc...
Cisco ASA - Crash PoC Exploit
Exploit for hardware platform in category dos / poc Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers =...
Ministry Malaysia XSS and SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...
MS10-070 ASP.NET Padding Oracle File Download
Exploit for asp platform in category remote exploits ============================================= MS10-070 ASP.NET Padding Oracle File Download ============================================= !/usr/bin/ruby -w aspxpochotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved...
phpBB <= 2.0.12 Change User Rights Authentication Bypass (c code)
Exploit for unknown platform in category web applications ================================================================= phpBB include include //Taken from VeNoMouS's love cow code char searchandreplace char text, char find, char replace char found,newtext; int...
ABB Cylon Aspect 3.08.01 Remote Code Execution Vulnerability
ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite function,...
SOPlanning 1.52.00 SQL Injection Vulnerability
Exploit Title: SOPlanning v1.52.00 'projets.php' SQLi Application: SOPlanning Version: 1.52.00 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assigned Description:...
Piwigo 13.6.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Piwigo 13.6.0 - Stored Cross-Site Scripting XSS Application: Piwigo Version: 13.6.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://piwigo.org/ Software Link: https://piwigo.org/get-piwigo Date of found: 18.04.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...
WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Vendor Homepage: http://wpn-xm.org/ Software Link : https://github.com/WPN-XM/WPN-XM/ Tested Version: 0.8.6 Tested on: Windows 10 using XAMPP Vulnerability Type: Local File Inclusion LFI &...
Desktop Central 9.1.0 - Multiple Vulnerabilities
Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...