39001 matches found
Centreon 19.10.5 - (Pollers) Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7...
Centreon 19.10.5 - (centreontrapd) Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentO...
OpenBSD OpenSMTPD Privilege Escalation / Code Execution Vulnerabilities
Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 commit a8e222352f, "switch smtpd to new grammar" and allows an attacker to execute arbitrary shell commands, as root. OpenBSD OpenSMTPD Privilege Escalation / Code Execution...
Kibana 6.6.1 - CSV Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Kibana 6.6.1 - CSV Injection Google Dork: inurl:"/app/kibana" intitle:"Kibana" Exploit Author: Aamir Rehman Vendor Homepage: https://www.elastic.co/kibana Software Link: https://www.elastic.co/downloads/ Version: v6.6.1...
Centreon 19.10.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - Remote Command Execution Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : -...
Centreon 19.10.5 - Database Credentials Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE :...
macOS / iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image Exploit
The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code tester.m can be used. I've attached another code snippet to reproduce the issue on iOS as well. With tester.m compiled with ASAN, processing the attached tiff image should cras...
Octeth Oempro 4.8 - (CampaignID) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection Exploit Author: Bruno de Barros Bulle www.xlabs.com.br Vendor Homepage: www2.octeth.com Version: Octeth Oempro v.4.7 and v.4.8 Tested on: Oempro v.4.7 CVE : CVE-2019-19740 An...
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8...
Realtek SDK Information Disclosure / Code Execution Exploit
Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities. 1 Sensitive data disclosure and incorrect access control in several series of Realtek SDK based routers...
Torrent 3GP Converter 1.51 - Stack Overflow (SEH) Exploit
Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51 Build 116 Tested...
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Vulnerability
Exploit for hardware platform in category web applications Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version: TP-Link...
Webtareas 2.0 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Webtareas 2.0 - 'id' SQL Injection Exploit Author: Greg.Priest Vendor Homepage: http://webtareas.sourceforge.net/general/home.php Software Link: http://webtareas.sourceforge.net/general/home.php Version: Webtareas v2.0 Tested on...
Genexis Platinum-4410 2.1 - Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass Exploit Author: Husinul Sanub Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/ Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router...
OLK Web Store 2020 - Cross-Site Request Forgery Vulnerability
Exploit for asp platform in category web applications Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link:...
D-Link DIR-859 Unauthenticated Remote Command Execution Exploit
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi function genacgimain in /htdocs/cgibin, which is accessible without credentials. This module requires Metasploit: https://metasploit.com/download Current source:...
Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS rdsatomicfreeop NULL pointer dereference Privilege Escalation', 'Description' = %q This module attempts to gain roo...
Remote Desktop Gateway - (BlueGate) Denial of Service Exploit
include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-2.zip / void errorconst char msg printf"ERRO...
Citrix XenMobile Server 10.8 - XML External Entity Injection Exploit
Exploit for xml platform in category web applications Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection Google Dork: inurl:zdm logon Exploit Author: Jonas Lejon Vendor Homepage: https://www.citrix.com Software Link: Version: XenMobile Server 10.8 before RP2 and 10.7 befo...
KeePass 2.44 - Denial of Service Exploit
Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...
BOOTP Turbo 2.0 - Denial of Service (SEH) Exploit
Exploit Title: BOOTP Turbo 2.0 - Denial of Service SEHPoC Exploit Author: boku Software Vendor: Wierd Solutions Vendor Homepage: https://www.weird-solutions.com Software Link: https://www.weird-solutions.com/download/products/bootptdemoIA32.exe Version: BOOTP Turbo x86 Version 2.0 Tested On:...
qdPM 9.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - Remote Code Execution Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Exploit Author: Rishal Dwivedi Loginsoft Vendor Homepage: http://qdpm.net/ Software Link:...
Pachev FTP Server 1.0 - Path Traversal Exploit
Exploit Title: Pachev FTP Server 1.0 - Path Traversal Vulnerability: Path Traversal Exploit Author: 1F98D Vendor Homepage: https://github.com/pachev/pachevftp from ftplib import FTP ip = rawinput"Target IP: " port = intrawinput"Target Port: " ftp = FTP ftp.connecthost=ip, port=port...
Windows/7 - Screen Lock Shellcode (9 bytes)
Title: Windows/7 - Screen Lock Shellcode 9 bytes Author: Saswat Nayak Date: 2020-01-22 Shellcode length 9 Tested on: Win 7 SP1-64 / Assembly code follows xor eax,eax xor ebx,ebx xor ecx,ecx mov eax,0x00000002 mov ebx,0x00020000 push ebx push al mov ecx,0x77661497 call ecx / char code=...
Ricoh Printer Drivers - Local Privilege Escalation Exploit
/ This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded CVE-2019-19363. Written by Pentagrid AG, 2019. Cf. https://pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/...
ManageEngine Network Configuration Manager 12.2 - (apiKey) SQL Injection Vulnerability
Exploit for java platform in category web applications Exploit Title: ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection Exploit Author: AmirHadi Yazdani Vendor Homepage: https://www.manageengine.com/network-configuration-manager/ Software Link:...
WordPress WP Fanzone 3.1 SQL Injection Vulnerability
WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability. Exploit Title : Built with WordPress and WP FanZone Themes 3.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Vendor Homepage : wordpress.org -...
Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...
Sysax Multi Server 5.50 - Denial of Service Exploit
Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi Server 5.50 Tested on: WIndow 7 CVE : if applicable 1 Download software install i...
Easy XML Editor 1.7.8 - XML External Entity Injection Vulnerability
Exploit Title: Easy XML Editor 1.7.8 - XML External Entity Injection Exploit Author: Javier Olmedo Vendor: Richard Wuerflein Software Link: https://www.edit-xml.com/EasyXMLEditor.exe Affected Version: 1.7.8 and before Patched Version: unpatched Category: Local Platform: XML Tested on: Windows 10...
Adive Framework 2.0.8 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on:...
Centreon 19.04 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Centreon Authenticated Macro Expression Location Setting Handler Code Execution",...
Common Desktop Environment 2.3.1 Buffer Overflow Exploit
A buffer overflow in the CheckMonitor function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 Update 11 and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefault...
Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite) Exploit
Exploit Title: Torrent FLV Converter 1.51 Build 117 - Stack Oveflow SEH partial overwrite Exploit Author: antonio Vendor Homepage: http://www.torrentrockyou.com/ Software Link: http://www.torrentrockyou.com/download/trflvconverter.exe Version: 1.51 Build 117 Tested on: Windows 7 SP1 32-bit Copy...
APKF Product Key Finder 2.5.8.0 - (Name) Denial of Service Exploit
Exploit Title: APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service PoC Exploit Author: Ismail Tasdelen Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/apkfsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
Wordpress InfiniteWP Client Plugin 1.9.4.5 - Authentication Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import...
Trend Micro Maximum Security 2019 - Privilege Escalation Vulnerability
Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15 Internet Security 2019 v15, Antivirus + Security 2019 v15 + Credits: John...
GTalk Password Finder 2.2.1 - (Key) Denial of Service Exploit
Exploit Title: GTalk Password Finder 2.2.1 - 'Key' Denial of Service PoC Exploit Author: Ismail Tasdelen Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/gpwdfindersetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Teste...
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Plantronics Hub SpokesUpdateService Privilege Escalation', 'Description' = %q The Plantronics Hub client application for Windows makes use of an...
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Exploit Author: Ai Ho Vendor Homepage : https://jenkins.io/ Effective version : Gitlab Hook Plugin 1.4.2 and earlier References:...
Rukovoditel Project Management CRM 2.5.2 - (entities_id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'entitiesid' SQL Injection Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link:...
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Exploit
Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CVE: CVE-2020-2696 / raptordtsessionipa.c - CDE dtsession L...
Tautulli 2.1.9 - Denial of Service Exploit
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1....
WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link:...
Online Book Store 1.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Book Store 1.0 - Arbitrary File Upload Exploit Author: Or4nG.M4n aka S4udiExploit Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...
Rukovoditel Project Management CRM 2.5.2 - (filters) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link:...
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Exploit
Exploit for multiple platform in category web applications Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author: Dhiraj Mishra Vulnerable Version:...
Microsoft Windows 10 (19H1 1901 x64) - ws2ifsl.sys Use After Free Local Privilege Escalation Exploit
/ The exploit works on 19H1. It was tested with ntoskrnl version 10.0.18362.295 EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47935.zip / include include include include include include include pragma commentlib, "ntdll.lib" // run cmd.exe...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing
EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts...