39001 matches found
Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload Exploit
Exploit for php platform in category web applications Exploit Title: Dokeos 1.8.6.3 and 1.8.6.1- Arbitrary File Upload Google Dork: "Plateforme Dokeos 1.8.6.3 " or 1.8.6.1 Exploit Author: Sohel Yousef Jellyfish security team Vendor Homepage: https://www.dokeos.com/ Software Link:...
Western Digital My Book World II NAS 1.02.12 Hardcoded Credential Vulnerability
Western Digital My Book World II NAS versions 1.02.12 and below have a hard-coded ssh credential that allows for remote command execution. Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Exploi...
macOS 18.7.0 Kernel - Local Privilege Escalation Exploit
macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...
Microsoft Windows Internet Settings Security Feature Bypass Vulnerability
Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019. Exploit Title: Microsoft Windows 'Internet Settings' Misconfiguration Security Feature Bypas...
Google Chrome Password Disclosure Vulnerability
--------------------------- To normally view passwords in Chrome, you have to go to the Properties section, click View Passwords, and you are prompted for a users password. This flaw discloses all passwords for the domain without the required authentication step. --------------------------- Pleas...
Counter-Strike Global Offensive 1.37.1.1 - (vphysics.dll) Denial of Service Exploit
CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map using memory corruption. Description: We are need modifying...
Linux/x86 - Bind TCP (port 43690) Null-Free Shellcode (53 Bytes)
---------------------- DESCRIPTION ------------------------------------- ; Title: Linux/x86 bind tcp shellcode port 43690 null-free ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 53 bytes ; SLAE ID: PA-9844 section .DATA section .BSS section .TEXT global start start...
LastPass Credential Leak From Previous Site Vulnerability
LastPass suffers from an issue where bypassing dopopupregister leaks credentials from the previous site. lastpass: bypassing dopopupregister leaks credentials from previous site I noticed that you can create a popup without calling dopopupregister by iframing popupfilltab.html i.e. via...
CollegeManagementSystem-CMS 1.3 - (batch) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection Author: Cakes Vendor Homepage: https://github.com/SaloniKumari123/CollegeManagementSystem Software Link:...
FTPShell Client 6.74 Buffer Overflow Exploit
!/usr/bin/python Exploit Type : DOS Exploit Title: FTPShell client 6.74 - Local Buffer Overflow SEH Vulnerable Software & version : FTPShell client 6.74 Vendor Homepage: https://www.ftpshell.com/ Software Link: https://www.ftpshell.com/downloadclient.htm Tested Windows : Windows Vista Ultimate...
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload Vulnerability
Exploit for multiple platform in category web applications ===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed description Thank...
Dolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1...
LimeSurvey 3.17.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922...
Inteno IOPSYS Gateway - Improper Access Restrictions Vulnerability
Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Exploit Author: Gerard Fuguet email protected Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937 Affected Component: SIP...
docPrint Pro 8.0 - SEH Buffer Overflow Exploit
import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe...
AppXSvc - Privilege Escalation Vulnerability
----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10...
Ticket-Booking 1.4 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version...
College-Management-System 1.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: College-Management-System 1.2 - Authentication Bypass Author: Cakes Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System Software Link:...
LimeSurvey 3.17.13 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts Exploit
Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts Exploit
Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as web browsers and constitutes an attack surface for memory corruption bugs, as it...
Folder Lock v7.7.9 Denial of Service Exploit
Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Version: 7.7.9 Tested on: Windows 7 x64 1.-...
Opencart 2.3.0.2 Pre-Auth Remote Command Execution Exploit
!/usr/bin/perl -w Opencart 2.3.0.2 Pre-Auth Remote Command Execution CLI Exploit Copyright 2019 c Todor Donev email protected opencart$ perl opencartrce.pl http://192.168.1.1/oc2302/ Opencart 2.3.0.2 Pre-Auth Remote Command Execution CLI Exploit...
WordPress SlickQuiz 1.3.7.1 SQL Injection Vulnerability
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: SQL Injection CWE-74 CVSSv3 Score: 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE: CVE-2019-12516 2. CREDITS...
WordPress SlickQuiz 1.3.7.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: Cross-Site Scripting CWE-79 Date found: 2019-05-30 Date published: 2019-09-10 CVSSv3 Score: 6.1...
eWON Flexy - Authentication Bypass Exploit
Exploit for hardware platform in category web applications ! /usr/bin/env python ''' Exploit Title: eWON v13.0 Authentication Bypass Date: 2018-10-12 Exploit Author: Photubias – tijldotDeneutatHowestdotbe for www.ic4.be Vendor Advisory: 1...
AVCON6 systems management platform - OGNL Remote Command Execution Exploit
Exploit for java platform in category web applications Exploit Title: AVCON6 systems management platform - OGNL - Remote root command execution Exploit Author: Nassim Asrir Contact: email protected | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: N\A Tested On: Windows 1064bit / 61.0b12...
WordPress Photo Gallery 1.5.34 Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...
Tibco JasperSoft Path Traversal Vulnerability
Exploit for multiple platform in category web applications Title: CVE-2018-18809 Path traversal in Tibco JasperSoft Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: Tibco JasperSoft https://www.jaspersoft.com/ Vulnerability: Path traversal CVE: CVE-2018-18809 Path traversal...
WordPress Photo Gallery 1.5.34 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification Exploit
// // // Disclaimer: // This or previous programs are for Educational purpose ONLY. Do not use it without permission. // The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages // caused by direct or indirect use of the information or functionality provide...
WordPress Photo Gallery 1.5.34 Plugin - Cross-Site Scripting Vulnerability (2)
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Photo Gallery by 10Web img src=a onerror='alert2;' 4. Click Save. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded...
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...
Core FTP LE Version 2.2 Build 1935 Buffer Overflow Exploit
!/usr/bin/python Exploit Title: Core FTP LE Version 2.2, build 1935 - Local Buffer Overflow SEH Unicode Vulnerability Details: Core FTP LE Version 2.2, build 1935 is prone to a buffer overflow vulnerability that may result in a DoS user local folder selection pane Vulnerable Software: Core FTP LE...
LibreNMS Collectd Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part...
WordPress 5.2.3 - Cross-Site Host Modification Exploit
Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...
Online Appointment SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Appointment SQL Injection Data: 07.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System Tested on: Windows Google Dork: N/A ========= Vulnerable Page:...
Dolibarr ERP-CRM 10.0.1 - elemid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Dolibarr ERP/CRM - elemid Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xamp...
Enigma NMS 65.0.0 - SQL Injection Vulnerability
Exploit for multiple platform in category web applications -------------------------------------------------------------------- Exploit Title: Enigma NMS searchpattern SQL Injection Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/...
Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure Vulnerability
Exploit for cgi platform in category web applications !/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504,...
Enigma NMS 65.0.0 - Cross-Site Request Forgery Exploit
Exploit for multiple platform in category web applications -------------------------------------------------------------------- Exploit Title: Enigma NMS Cross-Site Request Forgery CSRF Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/...
October CMS Upload Protection Bypass Code Execution Exploit
This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in...
Dolibarr ERP-CRM 10.0.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on:...
Enigma NMS 65.0.0 - OS Command Injection Exploit
Exploit for multiple platform in category web applications !/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor...
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)
/ ; name : Exploit Title: Linux/x86 - TCP reverse shell 127.0.0.1 nullbyte free ; author : Sandro "guly" Zaccarini ; twitter : @theguly ; blog : https://gulyslae.github.io/ ; SLAE32 : SLAE-1037 ; purpose : the program will create a new connection to 127.0.0.1:4444 and spawns a shell ; this code h...
Microsoft Windows NTFS Privileged File Access Enumeration Exploit
Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging. + Credits: John Page aka...
WordPress Sell Downloads 1.0.86 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Sell Downloads 1.0.86 - Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: September 09,2019 Vendor Homepage:...
PulseSecure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution Exploit
!/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0...
AwindInc SNMP Service - Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AwindInc SNMP Service Command Injection", 'Description' = %q This module exploits a vulnerability found in AwindInc and OEM'ed products where...