39001 matches found
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain actions via HTTP requests withou...
Oracle Hyperion Planning 11.1.2.3 - XML External Entity Vulnerability
Exploit for multiple platform in category web applications - Exploit Title: XXE Injection Oracle Hyperion - Exploit Author: Lucas Dinucci email protected - Twitter: @identik1t - Vendor Homepage: https://www.oracle.com/applications/performance-management - Affected Product: Oracle Hyperion...
Linux/x86 - Force Reboot Shellcode (51 bytes)
---------------------- DESCRIPTION ------------------------------------- ; Title: NOT encoded Linux/x86 Force Reboot shellcode for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 51 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...
Ultimate Loan Manager 2.0 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: http://www.webstudio.co.zw/ Software Link:...
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming Exploit
Exploit for hardware platform in category web applications Exploit Title: Unauthenticated Audio Streaming from Amcrest Camera Shodan Dork: html:"@email protected" Exploit Author: Jacob Baines Vendor Homepage: https://amcrest.com/ Software Link: https://amcrest.com/firmwaredownloads Affected...
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary I
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances When deserializing NSObjects with the NSArchiver API 1, one can supply a whitelist of classes that are allowed to be unarchived. In that case, any object in the archive whose class is not...
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguard
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion LICM Leaves Object Property Access Unguarded While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release...
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References Exploit
When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation. PFArray is such a subclass of NSArray. When a PFArray is deserialized, it is deserialize...
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects Exploit
The class NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the NSData bytes selector is called. This presents two problems. First, it could potentially allow undesired access to local...
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1 Exploit
There is a memory corruption vulnerability when decoding an object of class NSKnownKeysDictionary1. This class decodes an object of type NSKnownKeysMappingStrategy1, which decodes a length member which is supposed to represent the length of the keys of the dictionary. However, this member is...
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles Exploit
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles Exploit While fuzzing JSC, I encountered the following JS program which crashes JSC from current HEAD and release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: // Run with --useConcurrentJIT=false...
WordPress Simple Membership Plugin < 3.8.5 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross Site Request Forgery in Wordpress Simple Membership plugin Exploit Author: rubyman Vendor Homepage: https://wordpress.org/plugins/simple-membership/ wpvulndb : https://wpvulndb.com/vulnerabilities/9482 Version: 3.8.4 Teste...
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Schneider Electric Pelco Endura NET55XX Encoder", 'Description' = %q This module exploits inadequate access controls within the webUI to enable t...
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...
GigToDo 1.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection Author: m0ze Vendor Homepage: https://www.gigtodoscript.com Software Link: https://codecanyon.net/item/gigtodo-freelance-marketplace-script/23855397 Version: =...
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
/ description ; Title : X64 NOT +SHIFT-N+ XOR-N encoded /bin/sh - shellcode ; Author : Pedro Cabral ; Twitter : @CabrallPedro ; LinkedIn : https://www.linkedin.com/in/pedro-cabral1992 ; SLAE ID : SLAE64 - 1603 ; Purpose : spawn /bin/sh shell ; Tested On : Ubuntu 16.04.6 LTS ; Arch : x64 ; Size :...
Redis Unauthenticated Code Execution Exploit
This Metasploit module can be used to leverage the extension functionality added by Redis 4.x and 5.x to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis which called replication between master and slave. This module requires Metasploit:...
WordPress Database Backup < 5.2 Remote Command Execution Exploit
There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wpdbexcludetable...
Deepin Linux 15 - lastore-daemon Local Privilege Escalation Exploit
Exploit for multiple platform in category local exploits !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in cod...
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits include include / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define...
VMware Workstation / Player < 12.5.5 - Local Privilege Escalation Exploit
Exploit for multiple platform in category local exploits !/bin/bash VMware Workstation Local Privilege Escalation exploit CVE-2017-4915 - https://www.vmware.com/security/advisories/VMSA-2017-0009.html - https://www.exploit-db.com/exploits/42045/ Affects: - VMware Workstation Player...
Tufin Secure Change Remote Code Execution Exploit
Tufin SecureChange uses Richfaces version 4.3.5 which suffers from a remote code execution vulnerability. Product: Secure Change Vendor: Tufin Subject: Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 unauthenticated RCE CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H base score...
pdfresurrect 0.15 - Buffer Overflow Exploit
Exploit Title: pdfresurrect 0.15 Buffer Overflow Exploit Author: j0lama Vendor Homepage: https://github.com/enferex/pdfresurrect Software Link: https://github.com/enferex/pdfresurrect Version: 0.15 Tested on: Ubuntu 18.04 CVE : CVE-2019-14267 Description =========== PDFResurrect 0.15 has a buffer...
S-nail < 14.8.16 - Local Privilege Escalation Exploit
Exploit for multiple platform in category local exploits !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c...
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) AF_PACKET Race Condition Privilege
Exploit for linux platform in category local exploits / chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offsets have been tested on Ubuntu / Linux Mint. vroom...
Linux Kernel 4.10 < 5.1.17 - PTRACE_TRACEME pkexec Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits // Linux 4.10 // - added known helper paths // - added search for suitable helpers // - added automatic targeting // - changed target suid exectuable from passwd to pkexec // https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272...
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) Local Privilege
Exploit for linux platform in category local exploits // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on: // - Ubuntu trusty 4.4.0 kernels // - Ubuntu xenial 4.4.0 and 4.8.0 kernels // - Linux Mint rosa 4.4.0 kernels //...
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection Vulnerability
Exploit for jsp platform in category web applications Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x...
ASAN / SUID - Local Privilege Escalation Exploit
Exploit for multiple platform in category local exploits !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload ...
Linux Kernel 4.15.x < 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (cron Method)
Exploit for linux platform in category local exploits !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique ---...
Moodle Filepicker 3.5.2 - Server Side Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link:...
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Exploit
Exploit for jsp platform in category web applications Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. POC Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link:...
Linux Kernel 4.15.x < 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47165.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses dbus service technique ---...
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Exploit for linux platform in category local exploits // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on Ubuntu / Linux Mint: // - 4.8.0-34-generic // - 4.8.0-36-generic // - 4.8.0-39-generic // - 4.8.0-41-generic // - 4.8.0-42-generic // -...
Linux Kernel 4.15.x < 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (ldpreload)
Exploit for linux platform in category local exploits !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique ---...
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Exploit (2
Exploit for jsp platform in category web applications Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. Metasploit Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link:...
Linux Kernel 4.15.x < 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (polkit)
Exploit for linux platform in category local exploits !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique ---...
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2) Exploit
Exploit for multiple platform in category local exploits !/bin/bash SUroot - Local root exploit for Serv-U FTP Server versions prior to 15.1.7 CVE-2019-12181 Bash variant of Guy Levin's Serv-U FTP Server exploit: - https://github.com/guywhataguy/CVE-2019-12181 --- email protected:/Desktop$ ./SUro...
Ovidentia 8.4.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------- Exploit Title: Ovidentia CMS - XSS Ovidentia 8.4.3 Description: The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. CVE: CVE-2019-13977 Exploit Author:...
Ovidentia 8.4.3 - SQL Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/...
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads Exploit
BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...
NoviSmart CMS - SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: NoviSmart CMS SQL injection Exploit Author: n1x MS-WEB Vendor Homepage: http://www.novismart.com/ Version: Every version CVE : CWE-89 Vulnerable parameter: Referer HTTP Header field GET Request GET / HTTP/1.1 Referer:...
WordPress Hybrid Composer 1.4.6 Plugin - Improper Access Restrictions Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Product : Cisco Wireless Controller Version : 3.6.10E last version Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com Description : The application interface allows users to perform certa...
Trend Micro Deep Discovery Inspector IDS - Security Bypass Exploit
Credits: John Page aka hyp3rlinx Vendor www.trendmicro.com Product Deep Discovery Inspector Deep Discovery Inspector is a network appliance that monitors all ports and over 105 different network protocols to discover advanced threats and targeted attacks moving in and out of the network and...
Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read Exploit
The digital touch iMessage extension can read out of bounds if a malformed Tap message contains a color array that is shorter than the points array and delta array. The method ETTapMessage initWithArchiveData: checks that the points array is twice as long as the deltas array, but only checks that...
Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)
/ LinEnum Linux Enumeration Wget & CHMOD & Run Shellcode Language C & ASM - Linux/x8664 author : Kağan Çapar contact: email protected shellcode len : 155 bytes compilation: gcc -o shellcode shellcode.c test: run ./shellcode description: First, the linenum script is via github with wget command...
Docker - Container Escape Exploit
Exploit for linux platform in category local exploits Docker - Container Escape Exploit On the host docker run --rm -it --cap-add=SYSADMIN --security-opt apparmor=unconfined ubuntu bash In the container mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x echo 1...
Comtrend-AR-5310 - Restricted Shell Escape Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Comtrend-AR-5310 - Restricted Shell Escape Date: 2019-07-20 Exploit Author: AMRI Amine Vendor Homepage: https://www.comtrend.com/ Version: GE31-412SSG-C01R10.A2pG039u.d24k Tested on: Linux busybox TL;DR: A local user can bypass...
Metasploit Reverse Session Takeover Vulnerability
Exploit for multiple platform in category local exploits Exploit Title: Metasploit Reverse Session Takeover Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://www.metasploit.com/download Version: Metasploit Pro v4.17.67-dev Tested on: Linux & Windows Metasploit Revers...