39001 matches found
Podman & Varlink 1.5.1 - Remote Code Execution Exploit
Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on: Fedora Server 30 !/usr/bin/python -- coding:...
Ajenti 2.1.31 - Remote Code Execution Exploit
Exploit for python platform in category web applications Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details -------...
Uplay 92.0.0.6280 - Local Privilege Escalation Vulnerability
Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x64 CVE : N/A Vulnerability Description: "C:\Program Files...
SpotAuditor 5.3.1.0 - Denial of Service Exploit
Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service Author: Sanjana Shetty Version: SpotAuditor 5.3.1.0 Vendor Homepage: http://www.nsauditor.com Software link: http://spotauditor.nsauditor.com/ Steps 1 Install the SpotAuditor software 2 Access the register functionality 3 In the name field...
ActiveFax Server 6.92 Build 0316 - (POP3 Server) Denial of Service Exploit
Exploit Title: ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service Vendor Homepage: https://www.actfax.com/ Software Link : https://www.actfax.com/download/actfaxsetupx64ge.exe Exploit Author: Achilles Tested Version: 6.92 Tested on: Windows 7 x64 Vulnerability Type: Denial of...
Express Invoice 7.12 - (Customer) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Exploit Author: Debashis Pal Vendor Homepage: https://www.nchsoftware.com/ Source: https://www.nchsoftware.com/invoice/index.html Version: Express Invoice v7.12 C...
Kirona-DRS 5.5.3.5 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be...
Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Test...
National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation Vulnerability
Exploit Title: National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation Exploit Author: Ivan Marmolejo Vendor Homepage: http://www.ni.com/en-us.html Software Link: https://www.ni.com/en-us/shop/select/circuit-design-suite Version: 14.0 Vulnerability Type: Local Tested on: Windo...
WordPress Arforms 3.7.1 - Directory Traversal Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link:...
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Exploit
We have encountered a Windows kernel crash in memcpy called by nt!MiRelocateImage while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug i...
Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)
Exploit Title: Linux/x86 - Add User to /etc/passwd Shellcode 59 bytes Exploit Author: sagar.offsec VL43CK Guided by: Touhid M.Shaikh Designation: Security Consultant at SecureLayer7 Website: https://www.sagaroffsec.com Tested on: Ubuntu i386 GNU/LINUX Shellcode Length: 59...
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
We have encountered a Windows kernel crash in CI!HashKComputeFirstPageHash while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown...
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
We have encountered a Windows kernel crash in CI!CipFixImageType while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: --...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny...
ASX to MP3 converter 3.1.3.7 - (.asx) Local Stack Overflow (DEP Bypass) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
We have encountered a Windows kernel crash in memcpy called by nt!MiParseImageLoadConfig while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering th...
TP-Link TL-WR1043ND 2 - Authentication Bypass Exploit
Exploit for hardware platform in category web applications Exploit Title: TP-Link TL-WR1043ND 2 - Authentication Bypass Exploit Author: Uriel Kosayev Vendor Homepage: https://www.tp-link.com Version: TL-WR1043ND V2 Tested on: TL-WR1043ND V2 CVE : CVE-2019-6971 CVE Link:...
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
We have encountered a Windows kernel crash in nt!MiOffsetToProtos while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: -...
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Exploit
We have encountered a Windows kernel crash in the win32k.sys driver while processing a corrupted TTF font file. An example crash log excerpt generated after triggering the bug is shown below: --- cut --- Fatal System Error: 0x00000050...
Foscam Video Management System 1.1.6.6 - (UID) Denial of Service Exploit
Exploit Title: Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service PoC Author: Alessandro Magnosi Vendor Homepage: https://www.foscam.com/ Software Link : https://www.foscam.com/downloads/appsoftware.html?id=5 Tested Version: 1.1.6.6 Vulnerability Type: Denial of Service DoS Local...
DeviceViewer 3.12.0.1 - (add user) Local Buffer Overflow (DEP Bypass) Exploit
Exploit Title: Sricam DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow DEP Bypass Date: 08/10/2019 Exploit Author: Alessandro Magnosi Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Exploit type: Local Tested on:...
XNU - Remote Double-Free via Data Race in IPComp Input Path Exploit
=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...
logrotten 3.15.1 - Privilege Escalation Exploit
Exploit Title: logrotten 3.15.1 - Privilege Escalation Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian GNU/Linux 9.5 stretch...
Zabbix 4.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Zabbix 4.2 - Authentication Bypass Date: 2019-10-06 Exploit Author: Milad Khoshdel Software Link: https://www.zabbix.com/download Version: Zabbix 2.x , 3.x , 4.x Tested on latest version Zabbix 4.2 Tested on: Linux Apache/2...
Tellion TE01-005H HomeHub Router Remote Configuration Disclosure Exploit
!/usr/bin/perl -w Tellion TE01-005H HomeHub Router Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liabl...
Linux/ARM - Fork Bomb Shellcode (20 bytes)
Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...
Hisilicon Hi3518 HD Camera Remote Configuration Disclosure Exploit
!/usr/bin/perl -w Hisilicon Hi3518 HD Camera Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for...
Microsoft Windows Silent Process Exit Persistence Exploit
This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require...
Zabbix 4.4 Authentication Bypass Exploit
Exploit for php platform in category web applications !/usr/bin/perl -w Zabbix Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de Presto/2.1.1 Content-Type = application/x-www-form-urlencoded no-store, no-cache, must-revalidate close Mon, 07 Oct 201...
Joomla 3.4.6 - (configuration.php) Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link:...
vBulletin 5.0 < 5.5.4 - (updateAvatar) Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications ?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability --------------------------------------------------------------------- author..............: Egidio...
Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)
Date: 4th October 2019 Shellcode Author: @bolonobolo - https://bolonobolo.github.io Tested on: Linux x86 execve.asm global start section .text start: ; put NULL bytes in the stack xor eax, eax push eax //bin/sh push 0x68732f6e push 0x69622f2f mov ebx, esp ; push NULL in the EDX position push eax...
freeFTP 1.0.8 - Remote Buffer Overflow Exploit
Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow Author: Chet Manly Software Link: https://download.cnet.com/FreeFTP/3000-21604-10047242.html Version: 1.0.8 CVE: N/A from ftplib import FTP buf = "" buf += "\x89\xe1\xdb\xdf\xd9\x71\xf4\x5e\x56\x59\x49\x49\x49" buf +=...
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Vulnerability
Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.checkpoint.com/ Version: Check Point Endpoint Security VPN = E80.87 Build 986009514 Version: Check Point ZoneAlarm = 15.4.062.17802 CVE...
GitLab Omnibus 12.2.1 Logrotate Privilege Escalation Vulnerability
Gitlab Omnibus versions 7.4 through 12.2.1 suffer from a privilege escalation vulnerability that leverages a race condition in logrotate, resulting in a root shell. Privilege Escalation via Logrotate in Gitlab Omnibus Overview Target: GitLab Omnibus Vendor: GitLab Version: 7.4 through 12.2.1 Fixe...
Tellion HN-2204AP Router Remote Configuration Disclosure Exploit
!/usr/bin/perl -w Tellion HN-2204AP Router Remote Configuration Disclosure Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liabl...
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Vulnerability
Exploit for java platform in category web applications Exploit Title: IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.ibm.com/ Version: IBM Bigfix Platform Software Add Software" menu. Here user needs to choose upload via URL...
ASX to MP3 converter 3.1.3.7 - (.asx) Local Stack Overflow (DEP) Exploit
Exploit Title: ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP Exploit Author: max7253 Vendor Homepage: http://www.mini-stream.net/ Software Link: https://www.exploit-db.com/apps/f4da5b43ca4b035aae55dfa68daa67c9-ASXtoMP3Converter.exe Version: 3.1.3.7.2010.11.05 Tested on: Microsoft...
Subrion 4.2.1 - (Email) Persistant Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting Author: Min Ko Ko Creatigon Vendor Homepage: https://subrion.org/ CVE : https://nvd.nist.gov/vuln/detail/CVE-2019-17225 Website : https://l33thacker.com Description : Allows XSS vi...
PHP 7.0 < 7.3 (Unix) - (gc) Disable Functions Bypass Exploit
Exploit for php platform in category web applications = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8...
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH) Exploit
!/usr/bin/env python Author: Xavi Beltran Contact: email protected Exploit Development: https://xavibel.com/2019/08/31/seh-based-local-buffer-overflow-dameware-remote-support-v-12-1-0-34/ Date: 14/7/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.1.0.34 Tools Computer...
Android - Binder Driver Use-After-Free Exploit
The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. As described in the upstream commit:...
mintinstall 7.9.9 - Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: mintinstall aka Software Manager object injection Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-1708...
LabCollector 5.423 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...
DOUBLEPULSAR - Payload Execution and Neutralization Exploit
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...
AnchorCMS < 0.12.3a - Information Disclosure Exploit
Exploit for multiple platform in category web applications Exploit Title: Information disclosure MySQL password in error log Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...
Detrix EDMS 1.2.3.1505 - SQL Injection Vulnerability
Exploit for php platform in category web applications !/usr/bin/php / Exploit Title: Detrix EDMS cleartext user password remote SQLI exploit Google Dork: Date: Jul 2019 Exploit Author: Burov Konstantin Vendor Homepage: forum.detrix.kz Software Link:...
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2:...
PHP 7.1 < 7.3 - (json serializer) Disable Functions Bypass Exploit
Exploit for multiple platform in category web applications = 8; public function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; unable to leak ro segments public function leak1$addr global $spl1; $this-write$this-abc, 8, $addr - 0x10; return...