39001 matches found
DHCP Server 2.5.2 - Denial of Service Exploit
Exploit Title: DHCP Server 2.5.2 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.dhcpserver.de/cms/ Software Link: http://www.dhcpserver.de/cms/wp-content/plugins/download-attachments Tested Version: 2.5.2 Tested on: Windows 7 x32 Service Pack 1 Steps to produce...
PCHelpWare V2 1.0.0.5 - (SC) Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'SC' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi Version: 1.0.0.5 Tested on: Windows 10 Proof of Concept: 1.- Run the...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Exploit
Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver...
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Exploit
Exploit for php platform in category web applications Exploit Title: Joomla Core 1.5.0 through 3.9.4 - Directory Traversal && Authenticated Arbitrary File Deletion Exploit Author: Haboob Team Web Site: haboob.sa Email: email protected Software Link: https://www.joomla.org/ Versions: Joomla 1.5.0...
PCHelpWare V2 1.0.0.5 - (Group) Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'Group' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi Version: 1.0.0.5 Tested on: Windows 10 Proof of Concept: 1.- Run the...
Microsoft Windows 10 1809 LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver can...
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Exploit for windows platform in category local exploits Windows: LUAFV LuafvCopyShortName Arbitrary Short Name EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver bypasses...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit
Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV...
AdminExpress 1.2.5 - Folder Path Denial of Service Exploit
-- coding: utf-8 -- !/usr/bin/python Exploit Title: AdminExpress 1.2.5 - Denial of Service PoC Date: 2019-04-12 Exploit Author: Mücahit İsmail Aktaş Software Link: https://admin-express.en.softonic.com/ Version: 1.2.5.485 Tested on: Windows XP Professional SP2 Description: 1 Click the "System...
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest cache in CSRSS uses a weak ke...
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
Exploit for hardware platform in category web applications Exploit Title: Reflected XSS on Zyxel login pages Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG40 - weblogin.cgi, webauthrelogin.cgi CVE :...
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition
Exploit for windows platform in category local exploits Windows: LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUA...
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE :...
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass Exploit
Exploit for windows platform in category local exploits Windows: LUAFV NtSetCachedSigningLevel Device Guard Bypass Platform: Windows 10 1809 not tested earlier. Note I’ve not tested this on Windows 10 SMode. Class: Security Feature Bypass Summary: The NtSetCachedSigningLevel system call can be...
DirectAdmin 1.561 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 email protected && infinitumit.com.tr Description: Multipl...
Linux/x86 - Cat File Encode to base64 and post via curl to Webserver Shellcode (125 bytes)
Exploit Title: Linux/x86 cat file encode to base64 and post via curl to webserver 125 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 125...
Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)
INTRO Exploit Title: MMX-PUNPCKLBW Encoder Description: Payload encoder using MMX PUNPCKLBW instruction Date: 13/04/2019 Exploit Author: Petr Javorik Tested on: Linux ubuntu 3.13.0-32-generic x86 Shellcode length: 61 ENCODER !/usr/bin/env python stack execve SHELLCODE = bytearray...
MailCarrier 2.51 - POP3 (USER) Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "USER" commandPOP3 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems Greets to the...
Nagios XI 5.5.10 XSS / Remote Code Execution Vulnerability
Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim with "autodiscovery job" creation privileges to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remot...
UltraVNC Launcher 1.2.2.4 - Path Denial of Service Exploit
Exploit Title: UltraVNC Launcher 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.uvnc.com/ Software Link: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html Tested Version: 1.2.2.4 Tested on: Windows 7 x64 Service Pack 1 Steps to...
Cisco RV130W Routers Management Interface Remote Command Execution Exploit
A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based...
CuteNews 2.1.2 - avatar Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in CuteNews prior to...
UltraVNC Viewer 1.2.2.4 - VNC Server Denial of Service Exploit
Exploit Title: UltraVNC Viewer 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.uvnc.com/ Software Link: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html Tested Version: 1.2.2.4 Tested on: Windows 7 x64 Service Pack 1 Steps to...
Jobberbase CMS 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Jobberbase CMS - 'jobs-in' SQL Injection Exploit Author: Suvadip Kar Vendor Homepage: http://jobberbase.com/ Software Link:...
RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit
""" Exploit Title: Remote Mouse 3.008 Failure to Authenticate Date: 4/9/2019 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it This script po...
MailCarrier 2.51 - POP3 (TOP) SEH Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "TOP" commandPOP3 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems Greets to the...
MailCarrier 2.51 - (RCPT TO) Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 'RCPT TO' - Buffer Overflow Remote Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems Greets to the Telspace Crew...
MailCarrier 2.51 - POP3 (LIST) SEH Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "LIST" commandPOP3 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems Greets to the...
Linux/x86 - add user to passwd file Shellcode (149 bytes)
Exploit Title: Linux/x86 add user to passwd file shellcode 149 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 149...
CyberArk EPM 10.2.1.603 - Security Restrictions #Bypass Exploit
Exploit for windows platform in category local exploits Exploit Title: CyberArk Endpoint bypass Exploit Author: Alpcan Onaran Vendor Homepage: https://www.cyberark.com Software Link: - Version: 10.2.1.603 Tested on: Windows 10 CVE : CVE-2018-14894 //If user needs admin privileges, CyberArk gives...
ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...
Microsoft Windows Contact File Format Arbitary Code Execution Exploit
This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact...
Microsoft Internet Explorer 11 XML Injection Exploit
Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor www.microsoft.com...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF Exploit
This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains a...
FTPShell Server 6.83 - Virtual Path Mapping Local Buffer Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Virtual Path Mapping' Buffer Overflow Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-524 - V2.06RU CV...
FTPShell Server 6.83 - Account name to ban Local Buffer Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Account name to ban' Buffer Overflow Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution Expoit
Exploit for php platform in category web applications !/usr/bin/python Exploit Title: Dell KACE Systems Management Appliance K1000 = 6.4.120756 Unauthenticated RCE Version: = 6.4.120756 Author: Julien Ahrens @MrTuxracer Software Link:...
Loytec LGATE-902 XSS / Traversal / File Deletion Vulnerabilities
Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. Loytec LGATE-902 XSS / Traversal / File Deletion Vulnerabilities INFORMATION Product: Loytec LGATE-902 https://www.loytec.com/ Affected versions: 6.4.2 test...
EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities
EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities. EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CV...
Microsoft Windows - AppX Deployment Service Privilege Escalation Exploit
Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Privilege Escalation Exploit This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful...
AllPlayer 7.4 - SEH Buffer Overflow (Unicode) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: AllPlayer V7.4 - Local Buffer Overflow SEH Unicode Vulnerable Software: AllPlayer V7.4 Vendor Homepage: https://www.allplayer.org/ Version: 7.4 Software Link:...
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CentOS Web Panel v0.9.8.793 Free and v0.9.8.753 Pro - Email Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.c...
River Past Cam Do 3.7.6 - Activation Code Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code Vulnerable Software: River Past Cam Do 3.7.6 Vendor Homepage: http://www.flexhex.com Version: 3.7.6 Software Link:...
FlexHEX 2.71 - SEH Buffer Overflow (Unicode) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: FlexHEX 2.71 - Local Buffer Overflow SEH Unicode Date: 06-04-2019 Vulnerable Software: FlexHEX 2.71 Vendor Homepage: http://www.flexhex.com Version: 2.71 Software Link:...
Linux/x64 - XANAX Decoder Shellcode (127 bytes)
Linux/x64 - XANAX Decoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Decoder ; Author: Alan Vivona ; Description: Reverts the xor-add-not-add-xor sequence using the same 4 byte key and executes the encoded payload. ; Tested on: x86-x64 GNU/Linux global start section .text keys.xor1 equ 0x29...
SaLICru -SLC-20-cube3(5) - HTML Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Reflected HTML Injection Google Dork: None Exploit Author: Ramikan Vendor Homepage:https://www.salicru.com/en/ Software Link: N/A Version: Tested on SaLICru -SLC-20-cube35. Firmware: cs121-SNMP v4.54.82.130611 CVE :...
Tradebox CryptoCurrency - symbol SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Tradebox - CryptoCurrency Buy Sell and Trading Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.bdtask.com Software Link: tradebox.bdtask.com/demo-v5.3/ Version: 5.4 Category: Webapps Tested on: WAMPP @Win Software...
Apache Axis 1.4 - Remote Code Execution Exploit
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis Author: David Yesland @daveysec, Rhino...
PHP 7.2 - imagecolormatch() Out of Band Heap Write Exploit
&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...