39001 matches found
ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)
Exploit for java platform in category web applications Exploit Title: ManageEngine ADSelfService Plus 6000 – Unauthenticated Remote Code Execution Exploit Author: Bhadresh Patel Vendor link: https://www.manageengine.com/company.html Version: ADSelfService Plus build 6003 CVE : CVE-2020-11552 This...
Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link:...
Apartment Visitors Management System Project 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Apartment Visitors Management System Project 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
HP ThinPro 6.x / 7.x Citrix Command Injection Vulnerability
HP ThinPro - Citrix command injection =============================================================================== Identifiers ------------------------------------------------- CVE-2019-18909 CVSSv3 score ------------------------------------------------- 6.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N...
Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
Date: 4th October 2019 Shellcode Author: @bolonobolo - https://bolonobolo.github.io Tested on: Linux x86 execve.asm global start section .text start: ; put NULL bytes in the stack xor eax, eax push eax //bin/sh push 0x68732f6e push 0x69622f2f mov ebx, esp ; push NULL in the EDX position push eax...
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) Exploit
Exploit for windows platform in category local exploits Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path...
Adobe Flash Player NetConnection Type Confusion Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player NetConnection Type Confusion', 'Description' = %q This...
DA Mailing List System V2 Remote Admin Login Vulnerability
Exploit for unknown platform in category web applications ========================================================== DA Mailing List System V2 Remote Admin Login Vulnerability ========================================================== Dork: DA Mailing List System V2 Powered by DigitalArakan.Net...
IndexScript 3.0 (sug_cat.php parent_id) SQL Injection Vulnerability
Exploit for unknown platform in category web applications =================================================================== IndexScript 3.0 sugcat.php parentid SQL Injection Vulnerability ===================================================================...
Ivanti EPM Agent Portal Command Execution Exploit
This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior ...
Ulicms 2023.1 sniffing-vicuna - Stored Cross-Site Scripting Vulnerability
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting XSS Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Stored Xss Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...
atrocore 1.5.25 User interaction - Unauthenticated File upload Vulnerability
Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create Import Feed...
zstore 6.6.0 - Cross-Site Scripting Vulnerability
Exploit Title: zstore 6.6.0 - Cross-Site Scripting XSS Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...
Polkit pkexec Local Privilege Escalation Vulnerability
pwnkit: Local Privilege Escalation in polkit's pkexec CVE-2021-4034 ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgments Timeline...
Worktime 10.20 Build 4967 Unquoted Service Path Vulnerability
Exploit Title: WorkTime 10.20 Build Build 4967 Unquoted Service Path Discovery by: Yehia Elghaly Vendor Homepage: https://www.worktime.com/ Software Link: https://www.worktime.com/download/worktimecorporate.exe Tested Version: 10.20 Build Build 4967 Vulnerability Type: Unquoted Service Path Teste...
Online Railway Reservation System 1.0 - Remote Code Execution Vulnerability
Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
Chrome V8 Turbofan Type Confusion Exploit
V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion NOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline. VULNERABILITY DETAILS When turbofan compiles code that performs a Map...
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c: ================================================================== +define vmafputvma vmadofputvma, func, LINE...
Nostromo 1.9.6 Directory Traversal / Remote Command Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function httpverify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. This module...
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
/ ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: rajvardhan ;Architecture: Linux x8664 ;Possibly The Smallest And Fully Reliable Shellcode =========== Asm Source =========== global start section .text start: xor rsi,rsi push rsi mov rdi,0x68732f2f6e69622f push rdi push rsp...
BulletProof FTP Server 2019.0.0.50 - (DNS Address) Denial of Service Exploit
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADM...
Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation Exploit
This Metasploit module exploits a race condition and use-after-free in the packetsetring function in net/packet/afpacket.c AFPACKET in the Linux kernel to execute code as root CVE-2016-8655. The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting...
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerabilities
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities. Vulnerabilities in IBMs Flashsystems and Storwize Products...
ESET Endpoint Antivirus 6 Remote Code Execution Exploit
Exploit for windows platform in category remote exploits CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6 --------------------------------------------------------------------------- Summary ======= Name: Remote Code Execution as Root via ESET Endpoint Antivirus 6 CVE:...
BIND9 - TKEY PoC Exploit
Exploit for multiple platform in category dos / poc / PoC for BIND9 TKEY assert Dos CVE-2015-5477 Usage: tkill What it does: - First sends a "version" query to see if the server is up. - Regardless of the version response, it then sends the DoS packet. - Then it waits 5 seconds for a response. If...
Windows OLE Package Manager SandWorm Exploit
Proof of concept exploit builder for the OLE flaw in packager.dll. !/usr/bin/env python import os import zipfile import sys ''' Very quick and ugly SandWorm CVE-2014-4114 exploit builder Exploit Title: CVE-2014-4114 SandWorm builder Built to run on: Linux/MacOSX Date: 17/10/2014 Exploit Author:...
Foo-Goo (calendar.php & gallery.php id) SQL Injection Exploit (.py)
Exploit for php platform in category web applications =================================================================== Foo-Goo calendar.php & gallery.php id SQL Injection Exploit .py =================================================================== !/usr/bin/env python -- coding:cp1254 --...
Zeeways Script Multiple Vulnerabilities
Exploit for php platform in category web applications ======================================= Zeeways Script Multiple Vulnerabilities ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ ...
PhotoPost <= 4.6 (PP_PATH) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================ PhotoPost 4.6 PPPATH Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz...
Prison Management System 1.0 Shell Upload Vulnerability
Exploit Title: Prison Management System 1.0 - Unuthenticated RCE Exploit Author: Muhammet Ali Dak Vendor Homepage: https://www.sourcecodester.com/sql/17287/prison-management-system.html Software Link: https://www.sourcecodester.com/download-code?nid=17287&title=Prison+Management+System+Using+PHP...
Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass Exploit
Exploit Title: Revenue Collection System v1.0 - Authentication Bypass via Stored XSS Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip Tested on: Ka...
AVS Audio Converter 10.3 Stack Overflow Exploit
Exploit Title: AVS Audio Converter 10.3 - Stack Overflow SEH Discovered by: Yehia Elghaly - Mrvar0x Discovered Date: 2022-10-16 Tested Version: 10.3.1.633 Tested on OS: Windows 7 Professional x86 pop+ret Address=005154E6 Message= 0x005154e6 : pop ecx pop ebp ret 0x04 | startnull PAGEEXECUTEREAD...
PDF Generator Web App Using TCPDF 1.0 Local File Inclusion Vulnerability
PDF Generator Web App using TCPDF version 1.0 suffers from a local file inclusion vulnerability. Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
Storage Unit Rental Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Link:...
c-ares 1.16.0 Use-After-Free Exploit
c-ares version 1.16.0 has an issue where aresdestroy with pending aresgetaddrinfo leads to a use-after-free condition. c-ares 1.16.0: aresdestroy with pending aresgetaddrinfo leads to use-after-free The following code was introduced in c-ares commit dbd4c441 first released in 1.16.0, which was...
openSIS 7.4 Incorrect Access Control Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------- openSIS = 7.4 Incorrect Access Control Vulnerabilities ------------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and...
openSIS 7.4 Multiple SQL Injection Vulnerabilties
Exploit for php platform in category web applications ----------------------------------------------------- openSIS = 7.4 Multiple SQL Injection Vulnerabilities ----------------------------------------------------- - Software Link: https://opensis.com/ - Affected Versions: Version 7.4 and prior...
Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities
Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...
Easy File Sharing Web Server 7.2 - author Remote Buffer Overflow (SEH) Exploit
An issue was discovered in Easy File Sharing EFS Web Server 7.2, A stack-based buffer overflow vulnerability occurs when an authenticated user sends a malicious POST request to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. Exploit Titl...
Joomla K2 2.8.0 Component - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component K2 2.8.0 - Arbitrary File Download Dork: N/A Date: 26.02.2018 Vendor Homepage: http://www.joomlaworks.net/ Software Link:...
TeamSpeak Client <= 3.0.18.1 - RFI to RCE Exploit
Exploit for windows platform in category remote exploits Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux...
AJ Auction Pro Platinum Skin #2 (detail.php item_id) SQL Injection Vuln
Exploit for unknown platform in category web applications ======================================================================= AJ Auction Pro Platinum Skin 2 detail.php itemid SQL Injection Vuln ======================================================================= AJ Auction Pro Platinum Ski...
Open Bulletin Board <= 1.0.5 SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================== Open Bulletin Board new Proto = "tcp", PeerAddr = "$server", PeerPort = "80"; printf $socket "GET...
Openmediavault Remote Code Execution / Local Privilege Escalation Exploit
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...
General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit
Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested on: Windows 10...
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass Vulnerability
Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...
MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability
MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: /dev/null -------------------------------------------------------------------- Tested on: MiniDVBLinux 5.4 BusyBox v1.25.1 Architecture: armhf,...
Fingerprint Attendance 1.0 Account Takeover Vulnerability
Title: Fingerprint Attendance 1.0 Account Takeover Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Fingerprint...
Foxit PDF Reader 11.0 - Unquoted Service Path Vulnerability
Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...