39001 matches found
FreeBSD fd Privilege Escalation Exploit
Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd. Exploit: FreeBSD-SA-19:02.fd - Privilege Escalation Author: Karsten König of Secfault Security Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration CVE: CVE-2019-5596 libmap.conf...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome https://www.domoticz.com/wiki/ImperiHome...
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
RICOH SP 4510SF Printer - HTML Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: RICOH SP 4510SF Printer - HTML Injection Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/re1/model/sp4510/sp4510.htm Software: RICOH Printer...
Thrive Smart Home 1.1 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit: Thrive Smart Home 1.1 - Authentication Bypass Author: LiquidWorm Vendor: Thrive Product web page: http://www.thrivesmarthomes.com Affected version: 1.1 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5554...
NextVPN v4.10 - Insecure File Permissions Vulnerability
Exploit Title: NextVPN v4.10 - Insecure File Permissions Exploit Author: SajjadBnd Contact: email protected Vendor Homepage: https://vm3max.site Software Link:http://dl.spacevm.com/NextVPNSetup-v4.10.exe Version: 4.10 Tested on: Win10 Professional x64 Description The NextVPN Application was...
Heatmiser Netmonitor 3.03 - HTML Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Heatmiser Netmonitor 3.03 - HTML Injection Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software: Netmonitor...
RICOH Web Image Monitor 1.09 - HTML Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/ptop010.html Software...
Domain Quester Pro 6.02 - Stack Overflow (SEH) Exploit
Exploit Title: Domain Quester Pro 6.02 - Stack Overflow SEH Exploit Author: boku Software Vendor: http://www.internet-soft.com/ Software Link: http://www.internet-soft.com/DEMO/questerprosetup.exe Version: Version 6.02 Tested on: Microsoft Windows 7 Enterprise - 6.1.7601 Service Pack 1 Build 7601...
elearning-script 1.0 - Authentication Bypass Vulnerability
Exploit for windows platform in category web applications Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version: 1...
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
Heatmiser Netmonitor 3.03 - Hardcoded Credentials Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software:...
HomeAutomation 3.3.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Authentication Bypass Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
Wing FTP Server 6.0.7 - Unquoted Service Path Vulnerability
Exploit Title: Wing FTP Server 6.0.7 - Unquoted Service Path Exploit Author: Nawaf Alkeraithe Vendor Homepage: https://www.wftpserver.com/ Version: 6.0.7 Tested on: Windows 10 CVE : N/A PoC: C:\Users\usersc qc "Wing FTP Server" SC QueryServiceConfig SUCCESS SERVICENAME: Wing FTP Server TYPE : 10...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account Vulnerability
Exploit for hardware platform in category web applications Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
HomeAutomation 3.3.2 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Remote Code Execution Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
AVE DOMINAplus 1.10.x Credential Disclosure Exploit
!/usr/bin/env python AVE DOMINAplus =1.10.x Credentials Disclosure Exploit Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touc...
OpenBSD Dynamic Loader chpass Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader CVE-2019-19726. The dlgetenv function fails to reset the LDLIBRARYPATH environment variable when set with approximately ARGMAX colons. This can be abused to load libutil.so from an untrusted path, using...
AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot Vulnerability
AVE DOMINAplus =1.10.x Unauthenticated Remote Reboot Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touch Screen Code TS05 -...
AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
AVE DOMINAplus =1.10.x CSRF/XSS Vulnerabilities Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touch Screen Code TS05 - 1.10.3...
AVE DOMINAplus 1.10.x Authentication Bypass Vulnerability
AVE DOMINAplus =1.10.x Authentication Bypass Exploit Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touch Screen Code TS05 -...
Linux/x86 Encoder / Decoder Shellcode (117 bytes)
Title : Linux/x86 - Encoder - Random Bytes + XOR/SUB/NOT/ROR / Decoder - ROL/NOT/ADD/XOR execve/bin/sh Shellcode 117 bytes Author : Xenofon Vassilakopoulos Date : July, 2019 Tested on : Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux Architecture : i686 GNU/Linu...
Reptile Rootkit reptile_cmd Privilege Escalation Exploit
This Metasploit module uses Reptile rootkit's reptilecmd backdoor executable to gain root privileges using the root command. This module has been tested successfully with Reptile from master branch 2019-03-04 on Ubuntu 18.04.3 x64 and Linux Mint 19 x64. This module requires Metasploit:...
Prime95 Version 29.8 build 6 - Buffer Overflow (SEH) Exploit
Exploit Title: Prime95 Version 29.8 build 6 - Buffer Overflow SEH Vendor Homepage: https://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v298b6.win32.zip Exploit Author: Achilles Tested Version: 29.8 build 6 Tested on: Windows 7 x64 1.- Run python code:Prime95.py 2.- Op...
Django < 3.0 < 2.2 < 1.11 - Account Hijack Vulnerability
Exploit for python platform in category web applications Django from django.contrib.auth import getusermodel User = getusermodel User.objects.createuser'mike123', 'email protected', 'test123' Procedure For Reproducing 1. Run ./manage.py runserver 1. Open...
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This module has been tested successfully on Fedora 13 i686 kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu...
phpMyChat-Plus 1.98 - (pmc_username) Reflected Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: phpMyChat-Plus 1.98 - 'pmcusername' Reflected Cross-Site Scripting Exploit Author: Chris Inzinga Vendor Homepage: http://ciprianmp.com/latest/ Download: https://sourceforge.net/projects/phpmychat/ Tested On: Linux & Mac Version:...
Microsoft Windows 10 BasicRender.sys - Denial of Service Exploit
Exploit Title: Microsoft Windows 10 BasicRender.sys - Denial of Service PoC Exploit author: vportal Vendor homepage: http://www.microsoft.com Version: Windows 10 1803 x86 Tested on: Windows 10 1803 x86 CVE: N/A A Null pointer deference exists in the WARPGPUCMDSYNC function of the BasicRender.sys...
WordPress Core < 5.3.x - (xmlrpc.php) Denial of Service Exploit
Exploit for php platform in category web applications !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries:...
FreeSWITCH 1.10.1 - Command Execution Exploit
Exploit Title: FreeSWITCH 1.10.1 - Command Execution Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on: Windows 10 x64 FreeSWITCH listens on port 8021 by...
FTP Navigator 8.03 - (Custom Command) Denial of Service Exploit
Exploit Title: FTP Navigator 8.03 - 'Custom Command' Denial of Service SEH Exploit Author: Chris Inzinga Vendor Homepage: http://www.internet-soft.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/5edd515b8045f156a9dd48599c2539e5/5dfa4560/d0c/0/1 Version: 8.03 Tested on: Windows ...
Microsoft UPnP Local Privilege Elevation Exploit
This Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first CVE-2019-1405 uses the UPnP Device Host Service to elevate to NT AUTHORITY\LOCAL SERVICE. The second CVE-2019-1322 leverages the Update Orchestrator Service to elevate from NT AUTHORITY\LOCAL...
AVS Audio Converter 9.1 - (Exit folder) Buffer Overflow Exploit
Exploit Title: AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.avs4you.com/ Link Software : http://www.avs4you.com/avs-audio-converter.aspx Tested on OS: Windows 7 ''' Technical Details & Description: ================================ A loc...
OpenMRS - Java Deserialization Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMRS Java Deserialization RCE', 'Description' = %q OpenMRS is an open-source platform that supplies users with a customizable medical record...
Telerik UI - Remote Code Execution via Insecure Deserialization Exploit
Exploit for asp platform in category web applications Telerik UI - Remote Code Execution via Insecure Deserialization Exploit See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of...
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting Google Dork: site:..com "Web File Manager" inurl:?login= Shodan Dork: Server: Rumpus Exploit Author: Harshit Shukla, Sudeepto Roy Vendor Homepage:...
XnView 2.49.1 - (Research) Denial of Service Exploit
Exploit Title: XnView 2.49.1 - 'Research' Denial of Service PoC Exploit Author : ZwX Vendor Homepage : http://www.xnview.com Link Software : https://www.xnview.com/fr/xnview/downloads Tested on OS: Windows 7 ''' Proof of Concept PoC: ======================= 1.Download and install XnView 2.Open th...
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
macOS 10.14.6 18G87 - Kernel Use-After-Free due to Race Condition in waitfornamespaceevent Exploit The XNU function waitfornamespaceevent in bsd/vfs/vfssyscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fpfree, which...
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown) Vulnerability
Exploit for windows platform in category web applications Exploit Title: Tautulli 2.1.9 - Cross-Site Request Forgery ShutDown Exploit Author: Ismail Tasdelen Vendor Homepage: https://tautulli.com/ Software : https://github.com/Tautulli/Tautulli Product Version: v2.1.9 Platform: Windows 10...
Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Exploit Author: MTK Vendor Homepage: https://sweethawk.co/zendesk/survey-app Software Link: https://www.zendesk.com/apps/support/survey/ Version: Up to v1.6...
Xerox AltaLink C8035 Printer Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Xerox AltaLink C8035 Printer - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
Serv-U FTP Server 15.1.7 Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Exploit Title: Serv-U FTP Server 15.1.7 Cross Site Scripting Vulnerability Exploit Author: Cyb0r9 Vendor Homepage: https://www.serv-u.com/ Software Link: https://www.serv-u.com/downloads Version: SOLARWIND Serv-U FTP Server v15.1.7 Tested...
Metasploit Sample Linux Privilege Escalation Exploit
This Metasploit exploit module illustrates how a vulnerability could be exploited in a linux command for privilege escalation. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit...
Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
; Title: Linux/x64 - Reverse TCP Stager Shellcode 188 bytes ; Author: Lee Mazzoleni ; Tested on: Ubuntu 18.04.2 LTS ; reverse tcp stager - download and execute up to 4096 bytes of additional payload - no null bytes in this ; this code is 188 bytes total less if you delete the exit syscall at the...
NopCommerce 4.2.0 - Privilege Escalation Vulnerability
Exploit for asp platform in category web applications Vulnerability Title: NopCommerce 4.2.0 - Privilege Escalation Author: Alessandro Magnosi d3adc0de Vendor Homepage: https://www.nopcommerce.com/ Software Link : https://www.nopcommerce.com/ Tested Version: 4.2.0 Vulnerability Type: Privilege...
Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Issue: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability CVE: CVE-2019-13182 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv...
OpenBSD 6.x - Dynamic Loader Privilege Escalation Exploit
Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration Acknowledgments...