39001 matches found
BartVPN 1.2.2 - (BartVPNService) Unquoted Service Path Vulnerability
Exploit Title: BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.filehorse.com/ Link Software : https://www.filehorse.com/download-bartvpn/ Tested on OS: Windows 7 Analyze PoC : ============== C:\Users\ZwXsc qc...
scadaApp for iOS 1.1.4.0 - (Servername) Denial of Service Exploit
Exploit Title: scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://apps.apple.com/ca/app/scadaapp/id1206266634 Software Link: App Store for iOS devices Tested Version: 1.1.4.0 Vulnerability Type: Denial of Service DoS Local Tested on...
Studio 5000 Logix Designer 30.01.00 - (FactoryTalk Activation Service) Unquoted Service Path
Exploit Title: Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.rockwellautomation.com/enNA/overview.page Software Link :...
XMedia Recode 3.4.8.6 - (.m3u) Denial Of Service Exploit
Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service Exploit Author : ZwX Vendor Homepage : https://www.xmedia-recode.de/ Link Software : https://www.xmedia-recode.de/download.php Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: email protected ''' Proof of Concept PoC:...
Microsoft Windows 7 (x86) - (BlueKeep) RDP Remote Windows Kernel Use After Free Exploit
EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...
Apache Httpd mod_rewrite - Open Redirects Vulnerability
Exploit for multiple platform in category web applications Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik...
Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolu...
Open Proficy HMI-SCADA 5.0.0.25920 - (Password) Denial of Service Exploit
Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices GE Intelligent Platforms, Inc. Tested Version: 5.0.0.25920 Vulnerabilit...
HyperCam 5.5.1911.15 - XML External Entity Injection Vulnerability
Exploit Title: HyperCam 5.5.1911.15 - XML External Entity Injection Exploit Author : ZwX Exploit Date: 2019-11-16 Vendor Homepage : https://www.solveigmm.com/ Link Software : https://www.solveigmm.com/files/SolveigMMHyperCamHomeEdition55191115.exe Tested on OS: Windows 7 + Exploit : PoC...
MobileGo 8.5.0 - Insecure File Permissions Exploit
Exploit Title: MobileGo 8.5.0 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2019-11-15 Vendor Homepage : https://www.wondershare.net/ Software Link: https://www.wondershare.net/mobilego/ Tested on OS: Windows 7 Proof of Concept PoC: ========================== C:\Program...
ipPulse 1.92 - (Enter Key) Denial of Service Exploit
Exploit Title: ipPulse 1.92 - 'Enter Key' Denial of Service PoC Discovery by: Diego Buztamante Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link : http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability Type: Denial of Service DoS Local Tested on...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin) Exploit
Exploit for php platform in category web applications Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
Crystal Live HTTP Server 6.01 - Directory Traversal Vulnerability
Exploit for asp platform in category web applications Title: Crystal Live HTTP Server 6.01 - Directory Traversal Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- G...
TemaTres 3.0 - (value) Persistent Cross-site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: TemaTres 3.0 - 'value' Persistent Cross-site Scripting Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
Centova Cast 3.2.11 - Arbitrary File Download Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Centova Cast 3.2.11 - Arbitrary File Download Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.11 Tested on: Debian 9, CentOS 7 !/bin/bash if "$4" = "" then echo "Usage: $0 centovacasturl...
NCP Secure Entry Client 9.2 - Unquoted Service Paths Vulnerability
Exploit Title: NCPSecureEntryClient 9.2 - Unquoted Service Paths Exploit Author: Akif Mohamed Ik Vendor Homepage: http://software.ncp-e.com/ Software Link: http://software.ncp-e.com/NCPSecureEntryClient/Windows/9.2x/ Version: 9.2x Tested on: Windows 7 SP1 CVE : NA C:\Users\userwmic service get...
Foscam Video Management System 1.1.4.9 - (Username) Denial of Service Exploit
Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service PoC Author: chuyreds Discovery Date: 2019-11-16 Vendor Homepage: https://www.foscam.es/ Software Link : https://www.foscam.es/descarga/FoscamVMS1.1.4.9.zip Tested Version: 1.1.4.9 Vulnerability Type: Denial of...
ASUS HM Com Service 1.00.31 - (asHMComSvc) Unquoted Service Path Vulnerability
Exploit Title: ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path Exploit Author : Olimpia Saucedo Vendor Homepage: www.asus.com Version: 1.00.31 Tested on: Windows 10 Pro x64 but it should works on all windows version The application suffers from an unquoted service path issue...
Emerson PAC Machine Edition 9.70 Build 8595 - (FxControlRuntime) Unquoted Service Path Vulnerability
Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.70 Build 8595 Vulnerability Type:...
iSmartViewPro 1.3.34 - Denial of Service Exploit
Exploit Title: iSmartViewPro 1.3.34 - Denial of Service PoC Discovery by: Ivan Marmolejo Vendor Homepage: http://www.smarteyegroup.com/ Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071 Tested Version: 1.3.34 Vulnerability Type: Denial of Service DoS Local Tested on OS: iPhon...
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Exploit Author: Kevin Randall Vendor Homepage: https://www.lexmark.com/enus.html Software Link: https://www.lexmark.com/enus.html Version: 2.27.4.0.39 Latest...
nipper-ng 0.11.10 - Remote Buffer Overflow Exploit
Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source Version: 0.11.10 Tested on: Debian CV...
TP-Link Archer VR300 1 Cross Site Scripting Vulnerability
Exploit for hardware platform in category web applications I. VULNERABILITY ------------------------- Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n II. CVE REFERENCE ------------------------- - III. VENDOR...
WordPress Social Photo Gallery 1.0 Remote Code Execution Vulnerability
Exploit for php platform in category web applications ============================================= - Discovered by: Prestigia Seguridad - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2019-14467 ============================================= I. VULNERABILITY ------------------------- WordPress...
KillerNetwork Manager 1.1.50.1414 - XML External Entity Injection Vulnerability
Exploit Title: Killer Network Manager 1.1.50.1414 - XML External Entity Injection Exploit Author : ZwX Exploit Date: 2019-11-16 Vendor Homepage : https://support.killernetworking.com/ Link Software : https://support.killernetworking.com/download/killer-network-manager-suite/ Tested on OS: Windows...
Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal / Remote Code Execution
!/usr/bin/python """ Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability Steven Seeley mrme of Source Incite - 2019 SRC: SRC-2019-0034 CVE: CVE-2019-1821 Example: ======== saturn: mrme$ ./poc.py + usage: ./poc.py + eg: ./poc.py...
FreeRadius 3.0.19 Logrotate Privilege Escalation Vulnerability
Privilege Escalation via Logrotate in FreeRadius Overview Identifier: AIT-SA-20191112-01 Target: FreeRadius Vendor: FreeRadius Version: all versions including 3.0.19 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Author: Wolfgang Hotwagner AIT...
FusionPBX Command (exec.php) Command Execution Exploit
This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This...
Shrew Soft VPN Client 2.2.2 - (iked) Unquoted Service Path Vulnerability
Exploit Title: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path Exploit Author: D.Goedecke Vendor Homepage: www.shrew.net Software Link: https://www.shrew.net/download/vpn/vpn-client-2.2.2-release.exe Version: 2.2.2 Tested on: Windows 10 64bit C:\Users\userwmic service get name,...
FreeSWITCH Event Socket Command Execution Exploit
This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...
FusionPBX Operator Panel (exec.php) Command Execution Exploit
This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user ...
oXygen XML Editor 21.1.1 - XML External Entity Injection Vulnerability
Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m SimpleHTTPServer 8000...
Microsoft Windows 10 Build 1803 < 1903 - (COMahawk) Local Privilege Escalation Exploit
EDB Note Download: - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-1.exe - https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47684-2.zip COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Dem...
Xfilesharing 2.5.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local...
CMS Made Simple 2.2.8 Remote Code Execution Exploit
An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms...
Siemens Desigo PX 6.00 Denial Of Service Exploit
!/bin/bash Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Vendor: Siemens AG Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version: Model: PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D...
Fastweb Fastgate 0.00.81 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Fastweb Fastgate 0.00.81 - Remote Code Execution Date: 2019-11-13 Exploit Author: Riccardo Gasparini Vendor Homepage: https://www.fastweb.it/ Software Link: http://59.0.121.191:8080/ACS-server/file/0.00.81FW200Askey only fr...
ScanGuard Antivirus 2020 - Insecure Folder Permissions Exploit
Exploit Title: ScanGuard Antivirus 2020 - Insecure Folder Permissions Exploit Author: hyp3rlinx Vendor Homepage: https://www.scanguard.com/ Software Link: https://support.scanguard.com/en/kb/22/upgrades-available Version: 2020 Tested on: Windows CVE : N/A Category: exploit...
Technicolor TC7300.B0 - (hostname) Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting Exploit Author: Luis Stefan Vendor Homepage: https://www.technicolor.com/ Software Link: N/A Version: TC7300.B0 - STFA.51.20 Tested on: macOS Mojave and...
Technicolor TD5130.2 - Remote Command Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Technicolor TD5130.2 - Remote Command Execution Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST...
FUDForum 3.0.9 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...
Pulse Secure VPN Arbitrary Command Execution Exploit
This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env1 command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulsesecurefiledisclosure for a pre-auth fil...
gSOAP 2.8 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET...
Xorg X11 Server Local Privilege Escalation Exploit
This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users nee...
Linear eMerge E3 1.00-06 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a Advisor...
CBAS-Web 19.0.0 - Username Enumeration Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Username Enumeration Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0...
eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit (2)
Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE : CVE-2019-7265 Advisory:...
Adrenalin Core HCM 5.4.0 - (strAction) Reflected Cross-Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version: 5.4.0...
Adrenalin Core HCM 5.4.0 - (prntDDLCntrlName) Reflected Cross-Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version:...
eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07...