39001 matches found
60CycleCMS - (news.php) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: 60CycleCMS 2.5.2 - 'news.php' SQL Injection Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass Vulnerability
Exploit for multiple platform in category web applications Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Versions: 11.1, 12.0, 12.1 Tested Versions: 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type: Inconsistent Interpretation of HTTP Requests CWE-444 Risk Level: Low...
Sentrifugo HRMS 3.2 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version: unpatched Category: Web...
Microsoft Windows - (WizardOpium) Local Privilege Escalation Exploit
include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx, sizeofwcx; wcx.hInstance = hInstance; wcx.cbSize = sizeofwcx;...
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning Vulnerability
Exploit for multiple platform in category web applications Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Versions: 11.1, 12.0, 12.1 Tested Versions: 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type: Cache Poisoning CAPEC-141 Risk Level: Low Solution Status: Open...
Creative Contact Form 4.6.2 Directory Traversal Vulnerability
Creative Contact Form version 4.6.2 before Dec 03 2019 suffers from a directory traversal vulnerability. Directory Traversal in Creative Contact Form Overview Identifier: AIT-SA-20200301-01 Target: Creative Contact Form for Joomla Vendor: Creative Solutions Version: 4.6.2 before Dec 03 2019 CVE:...
IRISgraphic 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: IRISgraphic sql injection Google Dork: "Powered by www.IRISgraphic.com" Exploit Author: Milad Karimi Vendor Homepage: http://www.irisgraphic.com/ Software Link: http://www.irisgraphic.com/ Category : webapps Version: 1.0 Tested...
SpyHunter 4 - (SpyHunter 4 Service) Unquoted Service Path Vulnerability
Exploit Title: SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path Discovery by: Alejandro Reyes Vendor Homepage: https://www.enigmasoftware.com Software Link : https://www.enigmasoftware.com/spyhunter-download-instructions/ Tested Version: 4 Vulnerability Type: Unquoted Service Path Tested...
Google Chrome 80 JSCreate Side-Effect Type Confusion Exploit
This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 64 bit. The exploit corrupts the length of a float array floatrel, which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array uint64aarw...
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload Exploit
This Metasploit module exploits a directory traversal vulnerability CVE-2015-1830 in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default...
Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 67, 68 and 69 Object.create exploit', 'Description' = %q This modules exploits a type confusion in Google Chromes JIT compiler. The...
Google Chrome 72 / 73 Array.map Corruption Exploit
This Metasploit module exploits an issue in Chrome version 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to...
netkit-telnet-0.17 telnetd (Fedora 31) - (BraveStarr) Remote Code Execution Exploit
!/usr/bin/env python3 BraveStarr ========== Proof of Concept remote exploit against Fedora 31 netkit-telnet-0.17 telnetd. This is for demonstration purposes only. It has by no means been engineered to be reliable: 0xff bytes in addresses and inputs are not handled, and a lot of other constraints...
ASUS GiftBox Desktop 1.1.1.127 - (ASUSGiftBoxDesktop) Unquoted Service Path Vulnerability
Exploit Title: ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path Discovery by: Oscar Flores Vendor Homepage: https://www.asus.com/ Software Link : https://www.microsoft.com/en-us/p/asus-giftbox/9wzdncrdrb6s?activetab=pivot:overviewtab Tested Version: 1.1.1.127...
Iskysoft Application Framework Service 2.4.3.241 - (IsAppService) Unquoted Service Path Vulnerabilit
Exploit Title: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path Discovery by: Alejandro Reyes Vendor Homepage: https://www.iskysoft.us Software Link : https://www.iskysoft.us/lp/filmora-video-editor/?gclid=EAIaIQobChMIo-WL-Z6h5wIVwR0YCh3O7QYsEAAYAiAAEgJmDBwE...
ManageEngine Desktop Central - (FileStorage getChartImage) Unauthenticated Remote Code Execution
Exploit for multiple platform in category web applications !/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download: https://www.manageengine.com/products/desktop-central/download-free.html File ......
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit
This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...
Deep Instinct Windows Agent 1.2.29.0 - (DeepMgmtService) Unquoted Service Path Vulnerability
Exploit Title: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path Discovery by: Oscar Flores Vendor Homepage: https://www.deepinstinct.com/ Software Links :...
PHP-FPM 7.x Remote Code Execution Exploit
This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code see refs...
XOO Digital 2.1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ==================================================================================================================================== | Title : XOO DIGITAL v2.1.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10...
Exchange Control Panel Viewstate Deserialization Exploit
This Metasploit module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With...
EyesOfNetwork AutoDiscovery Target Command Execution Exploit
This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork version 5.3 and prior in order to execute arbitrary commands as root. This module takes advantage of a command injection vulnerability in the target parameter of the AutoDiscovery functionality within the EON web interface ...
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read Vulnerability
Exploit for php platform in category web applications Exploit Title: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: NgoAnhDuc Vendor Homepage:...
GUnet OpenEclass 1.7.3 E-learning platform - (month) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
RICOH Aficio SP 5210SF Printer - (entryNameIn) HTML Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection Discovery by: Olga Villagran Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/rc3/model/sp52s/sp52s.htm?lang=es...
RICOH Aficio SP 5200S Printer - (entryNameIn) HTML Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Discovery by: Paulina Girón Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/re2/model/sp52s/sp52s.htm Product Versio...
Alfresco 5.2.4 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Alfresco 5.2.4 - Persistent Cross-Site Scripting Exploit Author: Romain LOISEL & Alexandre ZANNI https://pwn.by/noraj - Pentesters from Orange Cyberdefense France Vendor Homepage: https://www.alfresco.com/ Software Link:...
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH) Exploit
Exploit Title: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow SEH Exploit Author: Andrey Stoykov Version: Cyberoam General Authentication Client 2.1.2.7 Tested on: Windows Vista SP2 x86 Steps to Reproduce: 1 Run the POC 2 Copy the contents of "sploit.txt" into the "Cyberoam Server...
Nimsoft nimcontroller 7.80 Remote Code Execution Exploit
/ Exploit Title : Sing About Me, I'm Dying Of Thirst Exploit Author : wetw0rk Exploit Version : Public POC CVE : CVE-2020-8012 Vendor Homepage : https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en Software Version : 7.80 Tested on : Windows 10 Pro x64, Windows Server 2012 R2...
Wing FTP Server 6.2.3 - Privilege Escalation Exploit
Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.3 Tested...
Wordpress Tutor LMS 1.5.3 Plugin - Cross-Site Request Forgery (Add User) Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developers Exploit Author: Jinson Varghese...
Netis WF2419 2.2.36123 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Netis WF2419 2.2.36123 - Remote Code Execution Exploit Author: Elias Issa Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/75 Version: WF2419 V2.2.36123 =...
Cacti v1.2.8 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module requires Metasploit:...
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: TL-WR849N 0.9.1 4.16 - Authentication Bypass Upload Firmware Exploit Author: Elber Tavares Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/br/support/download/tl-wr849n/Firmware Version:...
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Exploit Author: Elber Tavares Vendor Homepage: https://www.intelbras.com/ Software Link: http://en.intelbras.com.br/node/1033 Version: Intelbras...
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit
Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...
Joplin Desktop 1.0.184 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Author: Javier Olmedo Vendor: Laurent Cozic Software Link: https://github.com/laurent22/joplin/archive/v1.0.184.zip Affected Version: 1.0.184 and before Patched Version:...
Microsoft Windows Kernel Privilege Escalation Exploit
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing...
qdPM < 9.1 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an...
Comtrend VR-3033 - Command Injection Exploit
Exploit for hardware platform in category web applications Title: Comtrend VR-3033 - Authenticated Command Injection Author: Author : Raki Ben Hamouda Vendor: https://us.comtrend.com Product link: https://us.comtrend.com/products/vr-3030/ CVE: N/A The Comtrend VR-3033 is prone to Multiple...
Cacti 1.2.8 - Authenticated Remote Code Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/python3 Exploit Title: Cacti v1.2.8 Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import requests import sys...
Cacti 1.2.8 - Unauthenticated Remote Code Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/python3 Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import...
Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit
Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...
Apache Tomcat - AJP Ghostcat File Read/Inclusion Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python CNVD-2020-10487 Tomcat-Ajp lfi by ydhcui import struct Some references: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html def packstrings: if s is None: return struct.pack"h", -1 l = lens return...
WordPress WooCommerce CardGate Payment Gateway 3.1.15 Plugin - Payment Process Bypass Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation / Remote Code Execution Exploit
/ LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...
Odin Secure FTP Expert 7.6.3 - Denial of Service Exploit
Exploit Title : Odin Secure FTP Expert 7.6.3 - Denial of Service PoC Exploit Author : Berat Isler Vendor Homepage : https://odin-secure-ftp-expert.jaleco.com/ Software Link Download : http://tr.oldversion.com/windows/odin-secure-ftp-expert-7-6-3 Version : Odin Secure FTP Expert 7.6.3 Tested on :...
OpenSMTPD 6.6.3 - Arbitrary File Read Exploit
Title: OpenSMTPD 6.6.3 - Arbitrary File Read Author: qualys Vendor: https://www.opensmtpd.org/ CVE: 2020-8793 / Local information disclosure in OpenSMTPD CVE-2020-8793 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU...
Core FTP LE 2.2 - Denial of Service Exploit
Exploit Title: Core FTP LE 2.2 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download.html Version: 2.2 build 1947 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program Core FTP LE In File select the...