39001 matches found
WebKit - Universal XSS in WebCore::command Exploit
frame = document-frame; if !frame || frame-document != document // 1 return Editor::Command; document-updateStyleIfNeeded; // 2 return frame-editor.commandcommandName, userInterface ? CommandFromDOMWithUserInterface : CommandFromDOM; bool Document::execCommandconst String& commandName, bool...
WebKit - Universal XSS Using Cached Pages Exploit
VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...
Cisco Small Business 220 Series - Multiple Vulnerabilities
!/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o...
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
ReplacementFragment::insertFragmentForTestRenderingNode rootEditableElement auto holder = createDefaultParagraphElementdocument; holder-appendChildmfragment; rootEditableElement-appendChildholder; // 2 document.updateLayoutIgnorePendingStylesheets; return holder;...
vBulletin 5.x - Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RC...
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads Exploit
VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where no new document has been attached, // and the old document has...
DotNetNuke < 9.4.0 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits ...
GoAhead 2.5.0 - Host Header Injection Vulnerability
Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers. Vendor Fix: N/A CVE : N/A CVSS...
Ciftokic 2.4a - Denial of Service Exploit
Exploit Title: Ciftokic 2.4a - DoS Buffer Overflow Exploit Author: @JosueEncinar Software Link: http://launchpad.net/ubuntu/+source/kic/2.4a-1 Version: 2.4a Tested on: Ubuntu 18.04 ''' If we check the ciftokic.c file on line 52 we see the following code: char CIFFile81, Tmp;. In line 84 we have t...
ACTi ACM-5611 Video Camera Remote Command Execution Exploit
Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACM-5611 Video Camera Remote Command Execution Exploit Copyright 2019 c Todor Donev Firmware Version = A1D-220-V3.08.08-AC Production ID = ACM5611-08G-X-00485 Factory Default Type = NTSC, Composite, Two Ways Audio 0x71...
ACTi ACD-2100 Video Encoder Remote Command Execution Exploit
Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACD-2100 Video Encoder Remote Command Execution Exploit Copyright 2019 c Todor Donev Firmware Version = A1D-220-V3.08.08-AC Production ID = ACD2100-08E-X-00498 Factory Default Type = NTSC, Composite, Two Ways Audio 0x7...
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...
InoERP 0.7.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CV...
phpIPAM 1.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net...
thesystem App 1.0 - (username) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS:...
thesystem App 1.0 - (server_name) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: thesystem 1.0 - 'servername' SQL Injection Author: Sadik Cetin Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 1...
thesystem App 1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: thesystem App 1.0 - Persistent Cross-Site Scripting Author: İsmail Güngör Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS...
V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Vulnerability
Exploit for hardware platform in category web applications Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6...
Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) Exploit
Title: Mobatek MobaXterm 12.1 - Buffer Overflow SEH Author: Xavi Beltran Vendor: xavibel.com Vedor Page: https://mobaxterm.mobatek.net/download.html Software Link: https://download.mobatek.net/1112019010310554/MobaXtermPortablev11.1.zip Exploit Development process:...
V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID:...
V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation Vulnerability
Exploit for hardware platform in category web applications Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID:...
Easy File Sharing Web Server 7.2 SEH Buffer Overflow Exploit
!/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 local SEH overflow Exploit Author: x00pwn Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 Tested on: Windows 7 Exploit summary: When adding a new user to the...
ACTi ACM-3100 Camera Remote Command Execution Exploit
Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACM-3100 Camera Remote Command Execution Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies,...
YzmCMS 5.3 - (Host) Header Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: YzmCMS 5.3 - 'Host' Header Injection Exploit Author: Debashis Pal Vendor Homepage: http://www.yzmcms.com/ Source: https://github.com/yzmcms/yzmcms Version: YzmCMS V5.3 CVE : N/A Tested on: Windows 7 SP164bit,XAMPP: 7.3.9 About...
SpotIE Internet Explorer Password Recovery 2.9.5 - (Key) Denial of Service Exploit
Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service Exploit Author: Emilio Revelo Vendor Homepage: http://www.nsauditor.com/ Software Link : http://www.nsauditor.com/downloads/spotiesetup.exe Tested on: Windows 10 Pro x64 es Version: 2.9.5 Steps to produce th...
inoERP 4.15 - (download) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: inoERP 4.15 - 'download' SQL Injection Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
WordPress all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\all-in-one-seo-pack" Exploit Author: Unk9vvN Vendor Homepage: https://semperplugins.com/all-in-one-seo-pack-pro-version Software...
NPMJS gitlabhook 0.0.17 - (repository) Remote Command Execution Exploit
NPMJS gitlabhook version 0.0.17 suffers from a remote command execution vulnerability. Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali...
WP Server Log Viewer 1.0 - (logfile) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : Non...
WordPress Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Exploit Author: Unk9vvN Vendor Homepage: https://duplicate-post.lopo.it/ Software Link: https://wordpress.org/plugins/duplicate-post/ Version: 3.2.3 Tested on: Kali Linux CV...
citecodecrashers Pic-A-Point 1.1 - (Consignment) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection Author: Cakes Vendor Homepage: https://github.com/citecodecrashers/Pic-A-Point Software Link: https://github.com/citecodecrashers/Pic-A-Point/archive/master.zip Test...
Chamillo LMS 1.11.8 - Arbitrary File Upload Exploit
Exploit for php platform in category web applications Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload Google Dork: "powered by chamilo" Exploit Author: Sohel Yousef jellyfish security team Software Link: https://chamilo.org/en/download/ Version: Chamilo 1.11.8 or lower to 1.8 Category:...
DeviceViewer 3.12.0.1 Denial Of Service Exploit
!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: 1. Generate a...
File Sharing Wizard 1.5.0 - POST SEH Overflow Exploit
import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724 File-sharing-wizard-seh...
ABRT - sosreport Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool ABRT configured as the crash handler. sosreport uses an insecure temporary directory, allowing local users to write to arbitrary files CVE-2015-5287. This module has...
Chamilo LMS 1.11.8 Shell Upload Exploit
Exploit for php platform in category web applications PHP Test FILE UPLOAD'; $tgtdir = "uploads/"; $tgtfile = $tgtdir.basename$FILES'fileToUpload''name'; echo "TARGET FILE= ".$tgtfile; //$filename = $FILES'fileToUpload''name'; echo "FILE NAME FROM VARIABLE:- ".$FILES"fileToUpload""name...
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds Exploit
When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated object. If initWithCoder: or any method it calls decodes the same object,...
Microsoft SharePoint 2013 SP1 - (DestinationFolder) Persistant Cross-Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Vendor Homepage: https://www.microsoft.com Software Link:...
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service Exploit
There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric. I've been able to construct an X.509 certificate that triggers the bug. I've found that...
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Exploit #RCE
Exploit for php platform in category web applications Exploit Title: Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection Author: Nassim Asrir Vendor Homepage: https://www.pfsense.org/ Contact: email protected | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2019-16701 Tested On: Window...
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...
DIGIT CENTRIS 4 ERP - (datum1) SQL Injection
Exploit for php platform in category web applications Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection Exploit Author: n1x MS-WEB Vendor Homepage: http://www.digit-rs.com/ Product Homepage: http://digit-rs.com/centris.html Version: Every version CVE : N/A Vulnerable parameters: datum1,...
Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure Exploit
!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...
Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution Vulnerabilities
Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities. Piwigo = 2.9.5 Multiple Vulnerabilities Released Date: 2019-09-22 Last Modified: 2019-09-22 Company Info: Piwigo.org Version Info: Vulnerable Piwigo = 2.9.5 -- Table of...
LayerBB < 1.1.4 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: LayerBB 1.1.3 - Multiple CSRF Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1. Description:...
HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure Exploit
!/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com Software Link:...
Jira Service Desk Server And Data Center Path Traversal Vulnerability
Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability. This email refers to the advisory found at...
Gila CMS < 1.11.1 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: Authenticated Local File InclusionLFI in GilaCMS Google Dork: N/A Exploit Author: Sainadh Jamalpur Vendor Homepage: https://github.com/GilaCMS/gila Software Link: https://github.com/GilaCMS/gila Version: 1.10.9 Tested on: XAMPP...
GOautodial 4.0 - (CreateEvent) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Vendor Homepage: https://goautodial.org/ Software Link:...
Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting Vulnerability
Exploit for java platform in category web applications ======================================================================= title: Reflected Cross-Site Scripting XSS product: Oracle Mojarra JSF included in Java EE 7 Eclipse Mojarra JSF vulnerable version: 2.2 & 2.3 fixed version:...