39001 matches found
WordPress GoURL.io Plugin < 1.4.14 - File Upload Exploit
Exploit for php platform in category web applications Shell link 0day.today 2019-12-04...
Jobberbase 2.0 CMS - (jobs-in) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Jobberbase 2.0 CMS - 'jobs-in' SQL Injection Date: 28, August 2019 Exploit Author: Naren Jangra Vendor Homepage: http://jobberbase.com/ Software Link: https://github.com/filipcte/jobberbase/zipball/master Version: 2.0 Tested on:...
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications !-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2.4 Tested on...
Outlook Password Recovery 2.10 - Denial of Service Exploit
Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10...
Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Exploit
Windows: SETREPARSEPOINTEX Mount Point Security Feature Bypass Platform: Windows 10 1903, 1809 not tested earlier Class: Security Feature Bypass Summary: The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed...
Tableau - XML External Entity Exploit
Exploit for multiple platform in category web applications Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads:...
Webmin 1.890 expired Remote Root Exploit
Webmin version 1.890 based on 1.920 research expired remote root exploit. !/usr/bin/perl -w Webmin 1.890 based on 1.920 research 'expired' Remote Root Exploit Copyright 2019 c Todor Donev Installation on CentOS: rpm -ivh...
CoreFTP Server MDTM Directory Traversal Exploit
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal ....\ to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date. Exploit...
WordPress UserPro 4.9.32 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept:...
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery Exploit
Exploit for php platform in category web applications Exploit Title: openITCOCKPIT 3.6.1-2 - CSRF 2 RCE Google Dork: N/A Exploit Author: Julian Rittweger Vendor Homepage: https://openitcockpit.io/ Software Link: https://github.com/it-novum/openITCOCKPIT/releases/tag/openITCOCKPIT-3.6.1-2 Fixed in...
CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery Vulnerability
CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a cross site request forgery vulnerability. ==================================================================== Information ==================================================================== Product : CWP Control Web...
WordPress Import Export WordPress Users 1.3.1 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Google Dork:...
Apache Tapestry 5.3.6 HMAC Timing Attack Vulnerability
Exploit for java platform in category web applications CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry Affected versions: - Apache Tapestry 5.3.6 through current releases. Description: Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side...
LSoft ListServ < 16.5-2018a - Cross-Site Scripting Vulnerability
Exploit for windows platform in category web applications Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501 0day.today 2019-12-04...
CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting Vulnerability
Exploit for linux platform in category web applications ==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS...
Django CRM 0.2.1 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker Name: Multiple CSRF Vulnerabilities in Django CRM 0.2.1 Affected Software: Django CRM Affected Versions: 0.2.1 Homepage: https://github.com/MicroPyramid/Django-CRM Vulnerability: Cross-si...
Webmin 1.920 password_change.cgi Backdoor Exploit
This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attackers inserted Perl qx statements into the build server's source code on two separate...
Exim 4.87 / 4.91 - Local Privilege Escalation Exploit
This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges. This module requires Metasploit: https://metasploit.com/download Current source...
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal Vulnerability
Exploit for multiple platform in category web applications Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal Exploit Author: MAYASEVEN Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/" Published on 08/04/2019 Vendor Homepage at...
Zoho ManageEngine ServiceDesk Plus 10 - Information Disclosure Vulnerability
Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDe...
CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change Vulnerability
Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel Reset other phpMyadmin password Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, us...
Webmin 1.920 Remote Root Exploit
Exploit for linux platform in category web applications !/usr/bin/perl -w Webmin 1.920 Remote Root Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that...
LibreOffice < 6.2.6 Macro - Python Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the abilit...
CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration Vulnerability
Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel User enumerate through HTTP response time Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not...
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure Exploit
Exploit for multiple platform in category web applications Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before...
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass Vulnerability
Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...
CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop Vulnerability
Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user...
KBPublisher 6.0.2.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Tittle: KBPublisher 6.0.2.1 - Multiple SQL Injection Risk: High Date: 21.Aug.2019 Author: Pedro Andujar Twitter: @pandujar .: INTRO : KBPublisher is Knowledge Management Software. It reduces the need for customer support, improves staff...
Linux/MIPS64 - Reverse (localhost:4444/TCP) Shell Shellcode (157 bytes)
/ Reverse shell shellcode for Linux MIPS64 mips64el Default port: tcp/4444 Host: localhost Date: August 19 - 2019 Author: Antonio de la Piedra Tested on: MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta Size: 157 bytes Compile with: gcc -fno-stack-protector -z execstack main.c -o main -g /...
WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: CSRF vulnerabilities in WP Add Mime Types Plugin 0day.today 2019-12-04...
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit
Exploit for hardware platform in category web applications Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...
Kimai 2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Kimai 2- persistent cross-site scripting XSS Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal...
Linux/x86_64 - Bind Shell (/bin/sh) with Configurable Password Shellcode (129 bytes)
/ ; Title : Linux/x8664 - Bind Shell /bin/sh with Password configurable 129 bytes ; Date : 2019-08-18 ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 global start %define pass "pass" %define port 0x5c11 ; htons4444 start: jmp realstart password: db pass passlen: d...
Linux/x86_64 - AVX2 XOR Decoder + execve(/bin/sh) Shellcode (62 bytes)
/ ; Title : Linux/x8664 - AVX2 XOR Decoder + execve"/bin/sh" 62 bytes ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 ; this only works on machines with a CPU that supports AVX2 instructions global start start: jmp calldecoder decoder: pop rsi lea rdi, rsi+1 ;...
Webmin 1.920 - Remote Code Execution Exploit
Exploit for linux platform in category web applications !/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory:...
YouPHPTube 7.2 - (userCreate.json.php) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: YouPHPTube 7.3 SQL Injection Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3 Tested on: Linux/Windows CVE :...
Neo Billing 3.5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-79 Description...
Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)
/ ; Title : Linux/x8664 - Reverse Shell /bin/sh with Password configurable 120 bytes ; Date : 2019-08-18 ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 global start %define pass "pass" %define port 0x5c11 ; htons4444 start: jmp realstart password: db pass passlen...
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)
Exploit for hardware platform in category web applications Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...
RAR Password Recovery v1.80 Denial of Service Exploit
Exploit Title: RAR Password Recovery v1.80 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/download/RARPRSetup.exe Exploit Author: Achilles Tested Version: v1.80 Tested on: Windows 7 x64 Windows XP SP3 1.- Run...
Integria IMS 5.0.86 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Integria IMS 5.0.86 - Arbitrary File Upload Exploit Author: Greg.Priest Vendor Homepage: https://integriaims.com/ Software Link: https://sourceforge.net/projects/integria/files/5.0.86/ Version: Integria IMS 5.0.86 Tested on:...
EyesOfNetwork 5.1 - Authenticated Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution Exploit Author: Nassim Asrir Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: https://www.eyesofnetwork.com/?pageid=48&lang=fr Version: 5.1 "; while$read =...
GetGo Download Manager 6.2.2.3300 - Denial of Service Exploit
Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service Author - Malav Vyas Vulnerable Software: GetGo Download Manager 6.2.2.3300 Vendor Home Page: www.getgosoft.com Software Link: http://www.getgosoft.com/getgodm/ Tested On: Windows 7 64Bit, Windows 10 64Bit Attack Type : Remote...
Web Wiz Forums 12.01 - (PF) SQL Injection Vulnerability
Exploit for asp platform in category web applications Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm Version: 12.01 Tested on Windows Vulnerable parameter: PF memberprofile.asp GET...
Joomla com_jsjobs 1.2.6 component - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version:...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String Exploit
There is an info leak when decoding the SGBigUTF8String class using SGBigUTF8String initWithCoder:. This class initializes the string using SGBigUTF8String initWithUTF8DataNullTerminated: even though there is no guarantee the bytes provided to the decoder are null terminated. It should use...
ManageEngine opManager 12.3.150 - Authenticated Code Execution Exploit
Exploit for windows platform in category web applications !/usr/bin/env python3 Exploit Title: ManageEngine opManager Authenticated Code Execution Google Dork: N/A Date: 08/13/2019 Exploit Author: @kindredsec Vendor Homepage: https://www.manageengine.com/ Software Link:...
Windows PowerShell - Unsanitized Filename Command Execution Exploit
''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...
Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion Exploit
/ Author : Abdelhamid Naceri Discovered On : 13/08/2019 Description : An Elevation Of Privileges Exist when the microsoft AppXSvc Deployment Service Cannot Properly Handle The Folder Junction lead to an arbitrary file deletion from a low integrity user . Still Unpatched On 13/08/2019 Here Is A De...