39001 matches found
EPSON EasyMP Network Projection 2.81 - (EMP_NSWLSV) Unquoted Service Path Vulnerability
Exploit Title: EPSON EasyMP Network Projection 2.81 - 'EMPNSWLSV' Unquoted Service Path Discovery by: Roberto Piña Vendor Homepage: https://epson.com/support/easymp-network-projection-v2-86-for-windows Software Link :https://ftp.epson.com/drivers/epson16189.exe SEIKO EPSON CORP Tested Version: 2....
SprintWork 2.3.1 - Local Privilege Escalation Vulnerability
Exploit Title: SprintWork 2.3.1 - Local Privilege Escalation Exploit Author: boku Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/spx/exe/SprintWork-Setup.exe Version: 2.3.1 Tested On: Windows 10 32-bit Vulnerability Overview: SprintWork v2.3.1 x86 suffers from...
HomeGuard Pro 9.3.1 - Insecure Folder Permissions Vulnerability
Exploit Title: HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Author: boku Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/hg-pro/exe/HomeGuardPro-Setup.exe Version 9.3.1 Tested On: Windows 10 32-bit HomeGuard Pro v9.3.1 - Unquoted Service Path + Insecu...
PHP 7.0 < 7.4 (Unix) - debug_backtrace disable_functions Bypass Exploit
a; $backtrace = new Exception-getTrace; ; if!isset$backtrace1'args' PHP = 7.4 $backtrace = debugbacktrace; class Helper public $a, $b, $c, $d; function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$...
Windows Kernel - Information Disclosure Vulnerability
PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant 2 extract random values from kernel...
phpMyChat Plus 1.98 - (pmc_username) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1.98 Tested o...
WordPress ultimate-member 2.1.3 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Title : WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion Author : mehran feizi Vendor : https://wordpress.org/plugins/ultimate-member/ Category : Webapps Vendor home page: https://wordpress.org/plugins/ultimate-member/ Vulnerable...
PANDORAFMS 7.0 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: PANDORAFMS 7.0 - Authenticated Remote Code Execution Exploit Author: Engin Demirbilek Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link: https://pandorafms.org/features/free-download-monitoring-software/ Tested...
OpenTFTP 1.66 - Local Privilege Escalation Vulnerability
Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation Exploit Author: boku Vendor Homepage: https://sourceforge.net/projects/tftp-server/ Software Link: https://sourceforge.net/projects/tftp-server/files/tftp%20server%20single%20port/OpenTFTPServerSPInstallerV1.66.exe/download Version: 1.66...
WordPress Contact-Form-7 5.1.6 File Upload Vulnerability
Exploit for php platform in category web applications - Tile: Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload - Author: mehran feizi - Category: webapps - Date: 2020.02.11 - vendor home page: https://wordpress.org/plugins/contact-form-7/ Vulnerable Source: 134: moveuploadedfile...
WordPress Wordfence 7.4.5 Local File Disclosure Vulnerability
Exploit for php platform in category web applications - Tile: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure - Author: mehran feizi - Category: webapps - Date: 2020.02.12 - vendor home page: https://wordpress.org/plugins/wordfence/...
WordPress Tutor 1.5.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications - Tile: Wordpress Plugin tutor.1.5.3 - Cross-Site Scripting - Author: mehran feizi - Category: webapps =================================================================== Vulnerable page: /Quiz.php...
Samsung SEND_FILE_WITH_HEADER Use-After-Free Exploit
Samsung suffers from a use-after-free vulnerability due to a missing lock in the SENDFILEWITHHEADER handler in fmtpsamsung.c. Samsung: UAF via missing locking in SENDFILEWITHHEADER handler in fmtpsamsung.c Tested on a Samsung A50 SM-A505FN, running build...
WordPress Tutor 1.5.3 Local File Inclusion Vulnerability
Exploit for php platform in category web applications - Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion - Author: mehran feizi - Category: webapps - Date: 2020.02.12 - vendor home page: https://wordpress.org/plugins/tutor/...
HP System Event Utility - Local Privilege Escalation Exploit
The HP System Event service "HPMSGSVC.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. HPMSGSVC.exe runs a background process that delivers push notifications. The problem is that the HP Message Service will load and execute any arbitrary executable named "Program.exe" if it ...
MyVideoConverter Pro 3.14 - (Output Folder) Buffer Overflow Exploit
Exploit Title: MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name...
MyVideoConverter Pro 3.14 - (TVSeries) Buffer Overflow Exploit
Exploit Title: MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name "Shell.txt"...
MyVideoConverter Pro 3.14 - (Movie) Buffer Overflow Exploit
Exploit Title: MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name "Shell.txt". 2...
Disk Sorter Enterprise 12.4.16 - (Disk Sorter Enterprise) Unquoted Service Path Vulnerability
Exploit Title: Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Exploit Author: boku Vendor Homepage: http://www.disksorter.com Software Link: http://www.disksorter.com/setups/disksorterentsetupv12.4.16.exe Version: 12.4.16 Tested On: Windows 10 32-bit...
Microsoft SharePoint - Deserialization Remote Code Execution Exploit
!/usr/bin/env python3 -- coding: utf-8 -- import requests import sys from xml.sax.saxutils import escape from lxml import html import codecs import readline from clint.arguments import Args import signal def serializecommandcmd: total = "" for x in cmd: a = codecs.encodex,"utf-16be" b =...
Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Vulnerability
Exploit Title: Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Exploit Author: boku Vendor Homepage: http://www.disksavvy.com Software Link: http://www.disksavvy.com/setups/disksavvyentsetupv12.3.18.exe Version: 12.3.18 Tested On: Windows 10 32-bit C:\Users\nightelfwmic service get name,...
DVD Photo Slideshow Professional 8.07 - (Name) Buffer Overflow Vulnerability
Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name...
Sync Breeze Enterprise 12.4.18 - (Sync Breeze Enterprise) Unquoted Service Path Vulnerability
Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv12.4.18.exe Version: 12.4.18 Tested On: Windows 10 32-bit...
Wedding Slideshow Studio 1.36 - (Name) Buffer Overflow Exploit
Exploit Title: Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.wedding-slideshow-studio.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the...
freeFTPd v1.0.13 - (freeFTPdService) Unquoted Service Path Vulnerability
Exploit Title: freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path Exploit Author: boku Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeFTPd.exe Version: 1.0.13 Tested On: Windows 10 32-bit C:\Users\nightelfwmic service get name, pathname, startmode |...
FreeSSHd 1.3.1 - (FreeSSHDService) Unquoted Service Path Vulnerability
Exploit Title: FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path Exploit Author: boku Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeSSHd.exe Version: 1.3.1 Tested On: Windows 10 32-bit C:\Users\nightelfwmic service get name, pathname, startmode | finds...
DVD Photo Slideshow Professional 8.07 - (Key) Buffer Overflow Exploit
Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name...
QuickDate 1.3.2 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: QuickDate 1.3.2 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11;...
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A Stored xss was found in Vanillafor...
WordPress InfiniteWP Client Authentication Bypass Exploit
This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them...
Torrent iPod Video Converter 1.51 - Stack Overflow Exploit
Exploit Title: Torrent iPod Video Converter 1.51 - Stack Overflow Exploit Author: boku Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tripodconverter.exe Version: Torrent iPod Video Converter Version 1.51 Build...
OpenSMTPD 6.6.1 - Local Privilege Escalation Exploit
Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation Date: 2020-02-02 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.opensmtpd.org/ Version: OpenSMTPD 6.4.0 - 6.6.1 Tested on: OpenBSD 6.6, Debian GNU/Linux bullseye/sid with opensmtpd 6.6.1p1-1 CVE: CVE-2020-7247 !/usr/bin/perl...
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Google Dork: In Shodan search engine, the filter is "CHIYU" Exploit Author: Luca.Chiou Vendor Homepage: https://www.chiyu-t.com.tw/en/ Version: BF430 232/485 TCP/IP...
iOS / macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi', 'Description' = %q D-Link Devices Unauthenticated Remote Command Execution i...
WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312 Exploit Author: Jinson Varghese...
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init Exploit
usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to sctploadaddressesfrominit is verified by calling sctparethereunrecognizedparameters...
Dota 2 7.23f - Denial of Service Exploit
Exploit Title: Dota 2 7.23f - Denial of Service PoC Exploit Author: Bogdan Kurinnoy email protected bi7s Vendor Homepage: https://www.valvesoftware.com/en/ Software Link: N/A Version: 7.23f Tested on: Windows 10 x64 CVE : CVE-2020-7949 Valve Dota 2 schemasystem.dll before 7.23f allows remote...
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
Title: Linux/x86 - Bind Shell Generator Shellcode 114 bytes Author: Bobby Cooke Tested On: Ubuntu 3.13.0-32-generic 57precise1-Ubuntu i386 !/usr/bin/python Take users TCP port as input port = rawinput"Enter TCP Port Number: " Convert input string to an integer deciPort = intport Format the intege...
Ricoh Driver - Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Ricoh Driver Privilege Escalation', 'Description' = %q Various Ricoh printer drivers allow escalation of privilege...
Wedding Slideshow Studio 1.36 - (Key) Buffer Overflow Exploit
Exploit Title: Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow Vendor Homepage : http://www.wedding-slideshow-studio.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name "poc.txt". 2. Just...
OpenSMTPD - MAIL FROM Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution', 'Description' = %q This module exploits a command injection in the MAIL FROM field during SMTP...
iCloud reset mail Account Authentication Elevation Of Privilege 0day Exploit
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient. The specific flaw exists within the authentication of users who use their iCloud account a...
VehicleWorkshop 1.0 - (bookingid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: VehicleWorkshop 1.0 - 'bookingid' SQL Injection Exploit Author: Mehran Feizi Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...
Google Invisible RECAPTCHA 3 Spoof Bypass Exploit
Exploit for multiple platform in category web applications Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit...
PackWeb Formap E-learning 1.0 - (NumCours) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection Google Dork: intitle: "PackWeb Formap E-learning" Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.ediser.com/ Software Link:...
EyesOfNetwork 5.3 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE :...
ExpertGPS 6.38 - XML External Entity Injection Vulnerability
Exploit for xml platform in category web applications + Exploit Title: ExpertGPS 6.38 - XML External Entity Injection + Exploit Author: Trent Gordon + Vendor Homepage: https://www.topografix.com/ + Software Link: http://download.expertgps.com/SetupExpertGPS.exe + Disclosed at: 7FEB2020 + Version:...
ELAN Smart-Pad 11.10.15.1 - (ETDService) Unquoted Service Path Vulnerability
Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze PoC : ============== C:\Users\ZwXsc qc ETDService SC QueryServiceConfig réussites...