39001 matches found
Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak Exploit
Spidermonkey IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Spidermonkey: IonMonkey leaks JSOPTIMIZEDOUT magic value to script Related CVE Numbers: CVE-2019-9792. TURN ON "CODE...
Cyberoam SSLVPN Client 1.3.1.30 Connect To Server / HTTP Proxy Denial Of Service Exploit
Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version: 1.3.1.30 Tested on: Windows...
MacOS X 10.14.5 Gatekeeper Bypass Vulnerability
Exploit for macOS platform in category local exploits MacOS X 10.14.5 Gatekeeper Bypass OVERVIEW On MacOS X version = 10.14.5 at time of writing it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission. Gatekeeper is a mechani...
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation Exploit
Spidermonkey IonMonkey suffers from an issue where an unexpected ObjectGroup in the ObjectGroupDispatch operation might lead to potentially unsafe code being executed. Spidermonkey: IonMonkey: unexpected ObjectGroup in ObjectGroupDispatch operation might lead to potentially unsafe code being...
Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass Vulnerability
Exploit Title: Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. Date: 28-05-2019 Exploit Author: Faudhzan Rahman Website: https://faudhzanrahman.blogspot.com/ Vendor Homepage: http://www.petraware.com Version: 2.0 CVE : CVE-2019-12372...
Typora 0.9.9.24.6 - Directory Traversal Vulnerability
Exploit Title: Code execution via path traversal Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137 References: https://nvd.nist.gov/vuln/detail/CVE-2019-1213...
Deltek Maconomy 2.2.5 - Local File Inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Maconomy Erp local file include Date: 22/05/2019 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.deltek.com Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy CVE:...
Pidgin 2.13.0 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Pidgin 2.13.0 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://pidgin.im/ Software https://cfhcable.dl.sourceforge.net/project/pidgin/Pidgin/2.13.0/pidgin-2.13.0.exe Version: 2.13.0 Tested on: Windows 7, Windows 10 Proof of Concept: 1.-...
FairStars Audio Converter Pro 1.82 - (.tta) Denial of Service Exploit
Exploit Title: FairStars Audio Converter Pro 1.82 - '.tta' Denial of Service PoC Date: 25.5.2019 Vendor Homepage:http://www.fairstars.com/ Software Link: http://www.fairstars.com/download/facpsetup.exe Exploit Author: Achilles Tested Version: 1.82 Tested on: Windows 7 x64 Sp1 Windows XP Sp3 1.- R...
Microsoft Windows 10 (17763.379) - Install DLL Exploit
Exploit for windows platform in category local exploits edit: Figure out how this works for yourself. I can't be bothered. It's a really hard race, doubt anyone will be able to repro anyway. Could be used with malware, you could programmatically trigger the rollback. Maybe you can even pass the...
Cyberoam General Authentication Client 2.1.2.7 - (Server Address) Denial of Service Exploit
Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/Cyberoam%20General%20Authentication%20Client%202.1.2.7.zip Tested...
Microsoft Windows 10 1809 - CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
Exploit for windows platform in category local exploits Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Windows: CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration EoP Platform: Windows 10 1809 not tested earlier Class: Elevation o...
Cyberoam SSLVPN Client 1.3.1.30 - (Connect To Server) Denial of Service Exploit
Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version: 1.3.1.30 Tested on: Windows...
Fast AVI MPEG Joiner Dos Exploit
Exploit Title: Fast AVI MPEG Joiner Dos Exploit Date: 24.5.2019 Vendor Homepage:http://www.alloksoft.com Software Link: http://www.alloksoft.com/fastavimpegjoiner.exe Exploit Author: Achilles Tested Version: 1.2.0812 Tested on: Windows 7 x64 Sp1 Windows XP x86 Sp3 1.- Run python code :Joiner.py 2...
Microsoft Windows (x84) - Task Scheduler (.job) Import Arbitrary Discretionary Access Control List
Exploit for windows platform in category local exploits Microsoft Windows x84 - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two...
Cyberoam Transparent Authentication Suite 2.1.2.5 - (NetBIOS Name) Denial of Service Exploit
Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CTAS%202.1.2.5%20Release.zip Tested Version: 2.1.2....
Axessh 4.2 - (Log file name) Local Stack-based Buffer Overflow Exploit
Exploit for windows platform in category local exploits Title: Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Date: May 23rd, 2019 Author: Uday Mittal https://github.com/yaksas443/YaksasCSC-Lab/ Vendor Homepage: http://www.labf.com Software Link:...
NetAware 1.20 - Add Block Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: NetAware 1.20 - 'Add Block' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.infiltration-systems.com Software: http://www.infiltration-systems.com/Files/netaware.zip Version: 1.20 Tested on: Windows 7 Proof of Concept: 1.- Run the...
Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)
/ ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: rajvardhan ;Architecture: Linux x8664 ;Possibly The Smallest And Fully Reliable Shellcode =========== Asm Source =========== global start section .text start: xor rsi,rsi push rsi mov rdi,0x68732f2f6e69622f push rdi push rsp...
Cyberoam Transparent Authentication Suite 2.1.2.5 - (Fully Qualified Domain Name) Denial of Service
Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CTAS%202.1.2.5%20Release.zip Tested...
Microsoft Windows - Win32k Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...
Microsoft Windows (x84/x64) - Error Reporting Discretionary Access Control List / Local Privilege
Exploit for windows platform in category local exploits Microsoft Windows x84/x64 - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation EDIT: Apparently this was patched earlier this month.. so whatever. Windows Error Reporting Arbitrary DACL write It can take upwards...
Terminal Services Manager 3.2.1 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Terminal Services Manager 3.2.1 - Local Buffer Overflow Denial of Service Author: Alejandra Sánchez Vendor Homepage: https://lizardsystems.com Software: https://lizardsystems.com/files/releases/terminal-services-manager/tsmanagersetup3.2.1.247.exe Version: 3.2.1...
Opencart 3.0.3.2 - (extension/feed/google_base) Denial of Service Exploit
Exploit for php platform in category web applications !/bin/bash Opencart PoC exploit, just for test... Tested on store with added more than 1000 products Usage: ./cartkiller.sh storeurl threads sleep Example: ./cartkiller.sh https://storename 50 5 Disclaimer: This or previous programs is for...
Bitbucket Path Traversal / Remote Code Execution Vulnerability
Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that...
Cyberoam SSLVPN Client 1.3.1.30 - (HTTP Proxy) Denial of Service Exploit
Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version: 1.3.1.30 Tested on: Windows Windows ...
NetAware 1.20 - Share Name Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: NetAware 1.20 - 'Share Name' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.infiltration-systems.com Software: http://www.infiltration-systems.com/Files/netaware.zip Version: 1.20 Tested on: Windows 7 Proof of Concept: 1.- Run the...
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Exploit
Content Dim ar1&h3000000 Dim ar21000 Dim gremlin addressOfGremlin = &h28281000 Class MyClass Private mValue Public Property Let Valuev mValue = v End Property Public Default Property Get P P = mValue ' Where to write End Property End Class Sub TriggerWritewhere, val Dim v1 Set v1 =...
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Exploit
Visual Voicemail VVM is a feature of mobile devices that allows voicemail to be read in an email-like format. Carriers set up a Visual Voicemail server that supports IMAP, and the device queries this server for new email. Visual Voicemail is configured over SMS, and carriers inform devices of the...
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execute Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...
Horde Webmail 5.2.22 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...
RarmaRadio 2.72.3 - (Server) Denial of Service Exploit
Exploit Title: RarmaRadio 2.72.3 - 'Server' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.3 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1...
RarmaRadio 2.72.3 - (Username) Denial of Service Exploit
Exploit Title: RarmaRadio 2.72.3 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.3 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash:...
AUO Solar Data Recorder < 1.3.0 - addr Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: AUO Solar Data Recorder - Stored XSS Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
Carel pCOWeb < B1.2.1 - Credentials Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Carel pCOWeb - Unprotected Storage of Credentials Exploit Author: Luca.Chiou Vendor Homepage: https://www.carel.com/ Version: Carel pCOWeb all versions prior to B1.2.1 Tested on: It is a proprietary devices:...
BlueStacks 4.80.0.1060 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: BlueStacks 4.80.0.1060 - Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.bluestacks.com Software: https://www.bluestacks.com/download.html?utmcampaign=bluestacks-4-en Version: 4.80.0.1060 Tested on: Windows 10 Proof of Concept: 1.- R...
TapinRadio 2.11.6 - (Address) Denial of Service Exploit
Exploit Title: TapinRadio 2.11.6 - 'Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the cras...
TapinRadio 2.11.6 - (Uername) Denial of Service Exploit
Exploit Title: TapinRadio 2.11.6 - 'Uername' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the cras...
Carel pCOWeb < B1.2.1 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Carel pCOWeb - Stored XSS Exploit Author: Luca.Chiou Vendor Homepage: https://www.carel.com/ Version: Carel pCOWeb all versions prior to B1.2.1 Tested on: It is a proprietary devices: http://www.carel.com/product/pcoweb-car...
Nagios XI 5.6.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Nagiosxi username sql injection Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.nagios.com Software Link: https://www.nagios.com/products/nagios-xi/ Version: xi-5.6.1 Tested on: MacOSX CVE:...
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions Vulnerability
Exploit for php platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 10.5 Incorrect Access Control Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho ManageEngine ServiceDesk Plus 10.5 CVE :...
Microsoft Internet Explorer 11 - Sandbox Escape Exploit
Exploit for windows platform in category local exploits Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho ManageEngine ServiceDesk Plus 9.3 CVE :...
FreeBSD rtld execl() Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module...
Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...
Darktrace Enterprise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery Vulnerability
Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration. 1 ...
PHP PHP_INI_SYSTEM Ineffective Controls Vulnerability
Security controls configured via php.ini directives at the PHPINISYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included. "PHP is a popular general-purpose scripting language that is...
Mac OS X Feedback Assistant Race Condition Exploit
This Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root. This module requires Metasploit: https://metasploit.com/download Current source:...
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit
macOS ifaaddr-safamily != AFINET6 // - crash here IFAUNLOCKifa; error = EAFNOSUPPORT; break; Note that IFALOCK is called on user-provided data; it appears that there is an opportunity for memory corruption a controlled write when using indirect mutexes via LCKMTXTAGINDIRECT see lckmtxlockslow...
Deluge 1.3.15 - (Webseeds) Denial of Service Exploit
Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7 Service Pack 1 x64...